Toujours pareil pour moi :
paul@paul-TERRA-MOBILE-1542:~$ nmap --script ssl-enum-ciphers -p 443 particuliers.secure.lcl.fr
Starting Nmap 7.60 ( https://nmap.org ) at 2019-02-03 13:40 EST
Nmap scan report for particuliers.secure.lcl.fr (158.191.169.222)
Host is up (0.11s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Key exchange (dh 1024) of lower strength than certificate key
|_ least strength: D
Nmap done: 1 IP address (1 host up) scanned in 6.88 seconds
C'est pareil, que je passe par le nom de domaine ou par l'adresse IP. Et pour OpenSSL sans -tls1_2, c'est toujours pareil :
paul@paul-TERRA-MOBILE-1542:~$ openssl s_client -connect particuliers.secure.lcl.fr:443
CONNECTED(00000005)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Extended Validation Secure Server CA
verify return:1
depth=0 serialNumber = 954 509 741 00011, jurisdictionC = FR, businessCategory = Private Organization, C = FR, postalCode = 69002, ST = RHONE, L = LYON, street = 18 RUE DE LA REPUBLIQUE, O = CREDIT LYONNAIS SA, OU = PRT/SQ, OU = COMODO EV SSL, CN = particuliers.secure.lcl.fr
verify return:1
---
Certificate chain
0 s:serialNumber = 954 509 741 00011, jurisdictionC = FR, businessCategory = Private Organization, C = FR, postalCode = 69002, ST = RHONE, L = LYON, street = 18 RUE DE LA REPUBLIQUE, O = CREDIT LYONNAIS SA, OU = PRT/SQ, OU = COMODO EV SSL, CN = particuliers.secure.lcl.fr
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Extended Validation Secure Server CA
1 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Extended Validation Secure Server CA
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
2 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
3 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHHDCCBgSgAwIBAgIQQwOJqE+tJcNG8HB2h9CJdDANBgkqhkiG9w0BAQsFADCB
kjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNV
BAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy
IENBMB4XDTE4MTAyNjAwMDAwMFoXDTE5MTAyNjIzNTk1OVowggEZMRowGAYDVQQF
ExE5NTQgNTA5IDc0MSAwMDAxMTETMBEGCysGAQQBgjc8AgEDEwJGUjEdMBsGA1UE
DxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkZSMQ4wDAYDVQQREwU2
OTAwMjEOMAwGA1UECBMFUkhPTkUxDTALBgNVBAcTBExZT04xIDAeBgNVBAkTFzE4
IFJVRSBERSBMQSBSRVBVQkxJUVVFMRswGQYDVQQKExJDUkVESVQgTFlPTk5BSVMg
U0ExDzANBgNVBAsTBlBSVC9TUTEWMBQGA1UECxMNQ09NT0RPIEVWIFNTTDEjMCEG
A1UEAxMacGFydGljdWxpZXJzLnNlY3VyZS5sY2wuZnIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDPXJJ1V9P1U/zml4tBI3CD6/QdYoA4+JPdH+Or1MKa
eRWu2lcYwq9rXfnDOHndM7auyTw9iatHsHE1IvnpcRQwGADm4SD9KKU8HaXlKZ+f
AtNl6q4qlZlhNNcyqE7QZkfmmpL8qYqq/68aad+zDHO8sPqjZpL/ECPKqmrdklYa
o+Mnv6ii8ab3yiAYmqKbVDFaIN4wHpF3TQwPcy5HR5/m5/EVNtgBJKOqEbVL835x
SD1sq+SgJz3KtPQoD5tB98JT4kBDGpz5GZ9l/ozY/ULAEv9JvMh0uAMMq/SZtc+2
AVvozZKijrr/icuBWNefRGjCSrcbHo5+9lo8EYwrlfiXAgMBAAGjggLiMIIC3jAf
BgNVHSMEGDAWgBQ52v/KKBSKqHQTCLnkDqnS+n6daTAdBgNVHQ4EFgQUnRthgj1U
nwQ13+3RFfl5P9bf3XIwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOwYMKwYBBAGy
MQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20v
Q1BTMAcGBWeBDAEBMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwuY29tb2Rv
Y2EuY29tL0NPTU9ET1JTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
LmNybDCBhwYIKwYBBQUHAQEEezB5MFEGCCsGAQUFBzAChkVodHRwOi8vY3J0LmNv
bW9kb2NhLmNvbS9DT01PRE9SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2
ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAl
BgNVHREEHjAcghpwYXJ0aWN1bGllcnMuc2VjdXJlLmxjbC5mcjCCAQMGCisGAQQB
1nkCBAIEgfQEgfEA7wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQ
AAABZq4CHJYAAAQDAEYwRAIgMPK4dUjvmgtOKz98WcPGEPFOyXt1d9PGlfC+sRhj
95gCIBlrGqSqvX2LbwXFCiCdMEN2zscAdfR4tMIBw3i+ERWjAHYAVYHUwhaQNgFK
6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFmrgIbjwAABAMARzBFAiAZ9/PvoQRG
LOHgGEfddur1MEGm4klvq0igZ7UUgvQ4ogIhAIs1TC/ryJ0pHh8GvyNtggp3XmhY
e1lI4pj3DSNmrWmDMA0GCSqGSIb3DQEBCwUAA4IBAQBfLurUGrMLYbcqS/e8YI3Y
WL+GDsGmcENdlCqtG0sER/aGxoDXrxWLLJarxo6gJGAIhWYWAu6OsGH7Z8qxNYA3
j+Yzy620DDgYGHdomH839DHKIu/jiloBwN5HNQB6TRfYB2PX74lBml4QYxER6a3c
pD1YNxcGyY1UrYRr7/kYcU7Sc0d/pimuxuQAs7hBBXH5QL4LAEaqoQ0UBehHmWhR
iSXLkQnuXfpdjLSRcKPzHC7QD3CFibNpwbTeTKfPd1z3J8obVYW1CSmU7ERwV0mL
yvs5BZNOVvY214fC5tQog1/baIGvUD+JLqtMJAgktid2OlU6FV/I/3iNCBQukbXW
-----END CERTIFICATE-----
subject=serialNumber = 954 509 741 00011, jurisdictionC = FR, businessCategory = Private Organization, C = FR, postalCode = 69002, ST = RHONE, L = LYON, street = 18 RUE DE LA REPUBLIQUE, O = CREDIT LYONNAIS SA, OU = PRT/SQ, OU = COMODO EV SSL, CN = particuliers.secure.lcl.fr
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Extended Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 6779 bytes and written 526 bytes
Verification: OK
---
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: FD44E9F698E559E79861CF3DE36273CCC2B208CD4D1C972E90B5BDE48AD287C5
Session-ID-ctx:
Master-Key: 7274EF0766B6E806B09F0C075BEB7F10F0686095FEB1FD326A0AB78C7E41A1265962FD005FC75FFA685ADB388E4C69C4
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 82 cc c5 11 f0 3b 93 eb-ea 33 1b b2 03 c6 09 22 .....;...3....."
0010 - f8 cb 31 24 8f f2 46 01-7d e5 8a 93 69 fe 36 76 ..1$..F.}...i.6v
0020 - de 6d ba c6 a2 95 8a f1-19 21 09 9d 93 67 19 58 .m.......!...g.X
0030 - 07 45 81 3b 7a a1 ad 32-fc e3 ee 01 53 cc 7c 89 .E.;z..2....S.|.
0040 - 30 78 0c 1e 5b 02 25 5e-e6 c5 45 dd 32 fc 96 4f 0x..[.%^..E.2..O
0050 - b7 f0 f0 2c 14 96 d3 07-9e ef a5 3f 8f 31 3d 77 ...,.......?.1=w
0060 - a1 58 e1 ea b3 af 3a 5f-bf c5 3c 28 61 6e ec 5b .X....:_..<(an.[
0070 - fe c9 4f 89 4b 1e 3c 65-15 de aa da 5a 8f d1 d3 ..O.K.<e....Z...
0080 - 86 09 e8 ec e9 93 21 9e-96 83 72 c8 31 da 8b ba ......!...r.1...
0090 - e2 8c 8f 2a 32 9f 63 52-8c 76 ec 97 4f 2c 72 2e ...*2.cR.v..O,r.
00a0 - af 6a ed eb 1c 08 95 66-5d 20 ec d2 4c 41 61 5b .j.....f] ..LAa[
00b0 - 88 6d e2 6d 89 be eb 89-f6 ee f0 bc ee 2d 33 f2 .m.m.........-3.
00c0 - e7 f0 bb ac c0 96 0d d4-7d 98 5c f7 85 90 35 cb ........}.\...5.
00d0 - 80 63 25 96 d2 79 c0 ed-79 c5 91 a7 7f b3 1f 11 .c%..y..y.......
Start Time: 1549219459
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Et pourquoi on voit ça :
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Alors que :
SSL-Session:
Protocol : TLSv1