Diff is ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, DHE-RSA-AES128-GCM-SHA256.
I played a bit around with those three (using testssl.sh) and looked to me when I enable ECDHE-RSA-AES128-SHA I have TLS 1.0 + 1.1. Which seems strange to me but it's is what I found.
I have a similar problem with Ubuntu 18.04 (Apache 2.4.39 + openssl 1.1.0g) and it maybe sheds some light into this.
Protocol is always
SSLProtocol -All +TLSv1.2
SSLCipherSuite
1) ECDHE-ECDSA- AES256- GCM-SHA384: ECDHE-RSA- AES256- GCM-SHA384: ECDHE-ECDSA- CHACHA20- POLY1305: ECDHE-RSA- CHACHA20- POLY1305: ECDHE-ECDSA- AES128- GCM-SHA256: ECDHE-RSA- AES128- GCM-SHA256: ECDHE-ECDSA- AES256- SHA384: ECDHE-RSA- AES256- SHA384: ECDHE-ECDSA- AES128- SHA256: ECDHE-RSA- AES128- SHA256: ECDHE-RSA- AES128- SHA:DHE- RSA-AES128- GCM-SHA256
2) ECDHE-ECDSA- AES256- GCM-SHA384: ECDHE-RSA- AES256- GCM-SHA384: ECDHE-ECDSA- CHACHA20- POLY1305: ECDHE-RSA- CHACHA20- POLY1305: ECDHE-ECDSA- AES128- GCM-SHA256: ECDHE-RSA- AES128- GCM-SHA256: ECDHE-ECDSA- AES256- SHA384: ECDHE-RSA- AES256- SHA384: ECDHE-ECDSA- AES128- SHA256
Diff is ECDHE-RSA- AES128- SHA256, ECDHE-RSA- AES128- SHA, DHE-RSA- AES128- GCM-SHA256.
I played a bit around with those three (using testssl.sh) and looked to me when I enable ECDHE-RSA- AES128- SHA I have TLS 1.0 + 1.1. Which seems strange to me but it's is what I found.
What is going on here?
Dirk