iOS9 のMail.app で使えるcipher,使えないcipher
iOS9 に上げたiphone でimaps できなくなったため,Client Hello が送るcipher suite を調べた.
| iOS8.4.1 | iOS9.0 | |
|---|---|---|
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | × | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | × | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | ○ | ○ |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | × | ○ |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | × | ○ |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ○ | ○ |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ○ | ○ |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ○ | ○ |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ○ | ○ |
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ○ | ○ |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | ○ | × |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | ○ | × |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ○ | × |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ○ | × |
| TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | ○ | × |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | ○ | × |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | ○ | × |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ○ | × |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ○ | × |
| TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | ○ | × |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | × | ○ |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | × | ○ |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | ○ | ○ |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | ○ | ○ |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | ○ | ○ |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | ○ | ○ |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | ○ | ○ |
| TLS_RSA_WITH_AES_256_GCM_SHA384 | × | ○ |
| TLS_RSA_WITH_AES_128_GCM_SHA256 | × | ○ |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | ○ | ○ |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | ○ | ○ |
| TLS_RSA_WITH_AES_256_CBC_SHA | ○ | ○ |
| TLS_RSA_WITH_AES_128_CBC_SHA | ○ | ○ |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ○ | ○ |
| TLS_ECDHE_RSA_WITH_RC4_128_SHA | ○ | ○ |
| TLS_ECDH_ECDSA_WITH_RC4_128_SHA | ○ | × |
| TLS_ECDH_RSA_WITH_RC4_128_SHA | ○ | × |
| TLS_RSA_WITH_RC4_128_SHA | ○ | ○ |
| TLS_RSA_WITH_RC4_128_MD5 | ○ | ○ |
ちなみにOSX Yosemite (10.10.5) はiOS8.4.1 と同じcipher を送る.
openssl ciphers -tls1 HIGH と比べる
iOS8 & iOS9 & OSX Yosemite で使えるものは以下のcipher (openssl 形式) しかない.
- ECDHE-ECDSA-AES256-SHA (0xC00A)
- ECDHE-ECDSA-AES128-SHA (0xC009)
- ECDHE-ECDSA-DES-CBC3-SHA (0xC008)
- ECDHE-RSA-AES256-SHA (0xC014)
- ECDHE-RSA-AES128-SHA (0xC013)
- ECDHE-RSA-DES-CBC3-SHA (0xC012)
- DHE-RSA-AES256-SHA (0x0039)
- DHE-RSA-AES128-SHA (0x0033)
- EDH-RSA-DES-CBC3-SHA (0x0016)
- AES256-SHA (0x0035)
- AES128-SHA (0x002F)
- DES-CBC3-SHA (0x000A)
