1

According to http://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers most browsers support SSL 3.0. And with my understanding (please correct me if I am wrong), when a browser just establishes a connection with a HTTPS server, the browser sends a list of ciphers to the server in a preferred order, servers returns the list which it supports.

I used the tool https://www.ssllabs.com/ssltest/viewMyClient.html to check different browsers, in cipher suites section I can see the list. I checked IE11, newest Chrome, newest Firefox but I don't see any ciphers begin with "SSL_" (I referenced to https://www.openssl.org/docs/apps/ciphers.html to get the TLS/SSL supported ciphers). So how can I tell that the browser supports SSL 3.0?

hardywang
  • 225
  • 1
  • 3
  • 6

2 Answers2

3

In the ClientHello message, the client announces its maximum supported version. Previous versions are assumed to be supported as well (in the SSL 3.0 to TLS 1.2 lineage at least; SSL 2.0 used a very different format).

Cipher suites are "backward compatible": for instance, SSL_RSA_WITH_RC4_128_SHA has value 0x0005 in SSL 3.0, and the corresponding cipher suite in TLS 1.0 (TLS_RSA_WITH_RC4_128_SHA) also has symbolic value 0x0005. Therefore, when a client says "I support up to TLS 1.1 and I know TLS_RSA_WITH_RC4_128_SHA", it also implicitly says "I can do SSL 3.0 with SSL_RSA_WITH_RC4_128_SHA". There is no method in SSL/TLS for the client to advertise version-dependent support of some cipher suites. If the client wants to enforce some specific choices, then it may do several connections, each advertising only one cipher suite, until it gets what it wants.

If you want to know if your browser would accept to use SSL 3.0, then you must try to connect to a server that knows only SSL 3.0. You can run one with the OpenSSL command-line tool. In general, one would expect that SSL 3.0 will be supported.

Community
  • 1
Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
0

"how can I tell that the browser supports SSL 3.0?"

https://security.stackexchange.com/a/19097/67377

Similar to what SSLLabs offers is the Webpage "SSL Cipher Suite Details of Your Browser" @ https://cc.dcsec.uni-hannover.de/ with a section titled "Preferred SSL/TLS version". It lists your Browser's preferences and what is being used at the moment.

Your Browser's URLBar should have a 'Box' to click on, that provides "Connection Info"; but you need an httpS Connection to get a InfoBox with what you're looking for.

Community
  • 1
Rob
  • 530
  • 1
  • 3
  • 13