$ EXCON_DEBUG=true irb -r excon
irb(main):001:0> Excon.get "https://www.howsmyssl.com/a/check"
excon.request  {:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{"User-Agent"=>"excon/0.31.0", "Host"=>"www.howsmyssl.com:443"}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>false, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"www.howsmyssl.com", :path=>"/a/check", :port=>443, :query=>nil, :scheme=>"https", :user=>nil, :password=>"REDACTED", :instrumentor=>Excon::StandardInstrumentor, :method=>:get, :retries_remaining=>4, :connection=>#<Excon::Connection:7fb5a188bc98 @data={:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{"User-Agent"=>"excon/0.31.0"}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>false, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"www.howsmyssl.com", :path=>"/a/check", :port=>443, :query=>nil, :scheme=>"https", :user=>nil, :password=>nil, :instrumentor=>Excon::StandardInstrumentor} @socket_key="https://www.howsmyssl.com:443">, :stack=>#<Excon::Middleware::ResponseParser:0x007fb5a188acd0 @stack=#<Excon::Middleware::Expects:0x007fb5a188acf8 @stack=#<Excon::Middleware::Idempotent:0x007fb5a188ad20 @stack=#<Excon::Middleware::Instrumentor:0x007fb5a188ad48 @stack=#<Excon::Middleware::Mock:0x007fb5a188ad98 @stack=#<Excon::Connection:7fb5a188bc98 @data={:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{"User-Agent"=>"excon/0.31.0"}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>false, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"www.howsmyssl.com", :path=>"/a/check", :port=>443, :query=>nil, :scheme=>"https", :user=>nil, :password=>nil, :instrumentor=>Excon::StandardInstrumentor} @socket_key="https://www.howsmyssl.com:443">>>>>>}
excon.response  {:body=>"<a href=\"https://www.howsmyssl.com/a/check\">Moved Permanently</a>.\n\n", :headers=>{"Location"=>"https://www.howsmyssl.com/a/check", "Strict-Transport-Security"=>"max-age=631138519; includeSubdomains", "Date"=>"Thu, 30 Jan 2014 17:17:15 GMT", "Content-Length"=>"68", "Content-Type"=>"text/html; charset=utf-8", "Connection"=>"close"}, :status=>301, :remote_ip=>"54.245.96.51"}
=> #<Excon::Response:0x007fb5a3a32978 @data={:body=>"<a href=\"https://www.howsmyssl.com/a/check\">Moved Permanently</a>.\n\n", :headers=>{"Location"=>"https://www.howsmyssl.com/a/check", "Strict-Transport-Security"=>"max-age=631138519; includeSubdomains", "Date"=>"Thu, 30 Jan 2014 17:17:15 GMT", "Content-Length"=>"68", "Content-Type"=>"text/html; charset=utf-8", "Connection"=>"close"}, :status=>301, :remote_ip=>"54.245.96.51"}, @body="<a href=\"https://www.howsmyssl.com/a/check\">Moved Permanently</a>.\n\n", @headers={"Location"=>"https://www.howsmyssl.com/a/check", "Strict-Transport-Security"=>"max-age=631138519; includeSubdomains", "Date"=>"Thu, 30 Jan 2014 17:17:15 GMT", "Content-Length"=>"68", "Content-Type"=>"text/html; charset=utf-8", "Connection"=>"close"}, @status=301, @remote_ip="54.245.96.51">
irb(main):002:0> Excon.get "https://www.howsmyssl.com/a/check", omit_default_port: true
excon.request  {:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{"User-Agent"=>"excon/0.31.0", "Host"=>"www.howsmyssl.com"}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>true, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"www.howsmyssl.com", :path=>"/a/check", :port=>443, :query=>nil, :scheme=>"https", :user=>nil, :password=>"REDACTED", :instrumentor=>Excon::StandardInstrumentor, :method=>:get, :retries_remaining=>4, :connection=>#<Excon::Connection:7fb5a3a19b58 @data={:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{"User-Agent"=>"excon/0.31.0"}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>true, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"www.howsmyssl.com", :path=>"/a/check", :port=>443, :query=>nil, :scheme=>"https", :user=>nil, :password=>nil, :instrumentor=>Excon::StandardInstrumentor} @socket_key="https://www.howsmyssl.com">, :stack=>#<Excon::Middleware::ResponseParser:0x007fb5a3a18b90 @stack=#<Excon::Middleware::Expects:0x007fb5a3a18bb8 @stack=#<Excon::Middleware::Idempotent:0x007fb5a3a18be0 @stack=#<Excon::Middleware::Instrumentor:0x007fb5a3a18c08 @stack=#<Excon::Middleware::Mock:0x007fb5a3a18c58 @stack=#<Excon::Connection:7fb5a3a19b58 @data={:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{"User-Agent"=>"excon/0.31.0"}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>true, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"www.howsmyssl.com", :path=>"/a/check", :port=>443, :query=>nil, :scheme=>"https", :user=>nil, :password=>nil, :instrumentor=>Excon::StandardInstrumentor} @socket_key="https://www.howsmyssl.com">>>>>>}
excon.response  {:body=>"{\"given_cipher_suites\":[\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\"TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA\",\"TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384\",\"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\",\"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256\",\"TLS_DHE_RSA_WITH_AES_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_256_CBC_SHA\",\"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\",\"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\",\"TLS_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_RSA_WITH_AES_256_CBC_SHA256\",\"TLS_RSA_WITH_AES_256_CBC_SHA\",\"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\"TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA\",\"TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_128_CBC_SHA\",\"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\",\"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\",\"TLS_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_RSA_WITH_AES_128_CBC_SHA\",\"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_EMPTY_RENEGOTIATION_INFO_SCSV\"],\"ephemeral_keys_supported\":true,\"session_ticket_supported\":true,\"tls_compression_supported\":true,\"unknown_cipher_suite_supported\":false,\"beast_vuln\":false,\"able_to_detect_n_minus_one_splitting\":false,\"insecure_cipher_suites\":{},\"tls_version\":\"TLS 1.2\",\"rating\":\"Bad\"}", :headers=>{"Content-Length"=>"2306", "Connection"=>"close", "Content-Type"=>"application/json", "Date"=>"Thu, 30 Jan 2014 17:17:19 GMT", "Strict-Transport-Security"=>"max-age=631138519; includeSubdomains"}, :status=>200, :remote_ip=>"54.245.96.51"}
=> #<Excon::Response:0x007fb5a39e2a68 @data={:body=>"{\"given_cipher_suites\":[\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\"TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA\",\"TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384\",\"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\",\"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256\",\"TLS_DHE_RSA_WITH_AES_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_256_CBC_SHA\",\"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\",\"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\",\"TLS_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_RSA_WITH_AES_256_CBC_SHA256\",\"TLS_RSA_WITH_AES_256_CBC_SHA\",\"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\"TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA\",\"TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_128_CBC_SHA\",\"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\",\"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\",\"TLS_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_RSA_WITH_AES_128_CBC_SHA\",\"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_EMPTY_RENEGOTIATION_INFO_SCSV\"],\"ephemeral_keys_supported\":true,\"session_ticket_supported\":true,\"tls_compression_supported\":true,\"unknown_cipher_suite_supported\":false,\"beast_vuln\":false,\"able_to_detect_n_minus_one_splitting\":false,\"insecure_cipher_suites\":{},\"tls_version\":\"TLS 1.2\",\"rating\":\"Bad\"}", :headers=>{"Content-Length"=>"2306", "Connection"=>"close", "Content-Type"=>"application/json", "Date"=>"Thu, 30 Jan 2014 17:17:19 GMT", "Strict-Transport-Security"=>"max-age=631138519; includeSubdomains"}, :status=>200, :remote_ip=>"54.245.96.51"}, @body="{\"given_cipher_suites\":[\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\"TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA\",\"TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384\",\"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\",\"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256\",\"TLS_DHE_RSA_WITH_AES_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_256_CBC_SHA\",\"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384\",\"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\",\"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\",\"TLS_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_RSA_WITH_AES_256_CBC_SHA256\",\"TLS_RSA_WITH_AES_256_CBC_SHA\",\"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\",\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\"TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA\",\"TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256\",\"TLS_DHE_RSA_WITH_AES_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_AES_128_CBC_SHA\",\"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256\",\"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\",\"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\",\"TLS_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_RSA_WITH_AES_128_CBC_SHA256\",\"TLS_RSA_WITH_AES_128_CBC_SHA\",\"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\",\"TLS_EMPTY_RENEGOTIATION_INFO_SCSV\"],\"ephemeral_keys_supported\":true,\"session_ticket_supported\":true,\"tls_compression_supported\":true,\"unknown_cipher_suite_supported\":false,\"beast_vuln\":false,\"able_to_detect_n_minus_one_splitting\":false,\"insecure_cipher_suites\":{},\"tls_version\":\"TLS 1.2\",\"rating\":\"Bad\"}", @headers={"Content-Length"=>"2306", "Connection"=>"close", "Content-Type"=>"application/json", "Date"=>"Thu, 30 Jan 2014 17:17:19 GMT", "Strict-Transport-Security"=>"max-age=631138519; includeSubdomains"}, @status=200, @remote_ip="54.245.96.51">

That trade-off between is why How's My SSL will [...]

% http https://www.howsmyssl.com/a/check

http: error: SSLError: [Errno 1] _ssl.c:504: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM = {0xC0,0xAC}
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM = {0xC0,0xAD}
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = {0xC0,0xAE}
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = {0xC0,0xAF}

New I/O worker #1, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown

null: SunCertPathBuilder.depthFirstSearchForward(CN=GeoTrust SSL CA - G2, O=GeoTrust Inc., C=US, State [
  issuerDN of last cert: CN=GeoTrust SSL CA - G2, O=GeoTrust Inc., C=US
  traversedCACerts: 0
  init: false
  keyParamsNeeded: false
  subjectNamesTraversed:
[CN=howsmyssl.com, O=Darkish Green, L=San Francisco, ST=California, C=US, DNSName: www.howsmytls.com, DNSName: howsmytls.com, DNSName: howsmyssl.com, DNSName: www.howsmyssl.com]]
)

 extra download GeoTrust SSL CA - G2 
SHA1: 4f56644858829ffb85a770171accf9f8407a137b 
RSA 2048 bits / SHA1withRSA 
WEAK SIGNATURE

"WS" should {

    "verify common behavior" in {
      val geoTrustPem =
        """-----BEGIN CERTIFICATE-----
          |MIIEWTCCA0GgAwIBAgIDAjpjMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT
          |AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVz
          |dCBHbG9iYWwgQ0EwHhcNMTIwODI3MjA0MDQwWhcNMjIwNTIwMjA0MDQwWjBE
          |MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UE
          |AxMUR2VvVHJ1c3QgU1NMIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
          |DwAwggEKAoIBAQC5J/lP2Pa3FT+Pzc7WjRxr/X/aVCFOA9jK0HJSFbjJgltY
          |eYT/JHJv8ml/vJbZmnrDPqnPUCITDoYZ2+hJ74vm1kfy/XNFCK6PrF62+J58
          |9xD/kkNm7xzU7qFGiBGJSXl6Jc5LavDXHHYaKTzJ5P0ehdzgMWUFRxasCgdL
          |LnBeawanazpsrwUSxLIRJdY+lynwg2xXHNil78zs/dYS8T/bQLSuDxjTxa9A
          |kl0HXk7+Yhc3iemLdCai7bgK52wVWzWQct3YTSHUQCNcj+6AMRaraFX0DjtU
          |6QRN8MxOgV7pb1JpTr6mFm1C9VH/4AtWPJhPc48Obxoj8cnI2d+87FLXAgMB
          |AAGjggFUMIIBUDAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAd
          |BgNVHQ4EFgQUEUrQcznVW2kIXLo9v2SaqIscVbwwEgYDVR0TAQH/BAgwBgEB
          |/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
          |L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUH
          |AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20w
          |TAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6
          |Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKgYDVR0RBCMwIaQf
          |MB0xGzAZBgNVBAMTElZlcmlTaWduTVBLSS0yLTI1NDANBgkqhkiG9w0BAQUF
          |AAOCAQEAPOU9WhuiNyrjRs82lhg8e/GExVeGd0CdNfAS8HgY+yKk3phLeIHm
          |TYbjkQ9C47ncoNb/qfixeZeZ0cNsQqWSlOBdDDMYJckrlVPg5akMfUf+f1Ex
          |RF73Kh41opQy98nuwLbGmqzemSFqI6A4ZO6jxIhzMjtQzr+t03UepvTp+UJr
          |YLLdRf1dVwjOLVDmEjIWE4rylKKbR6iGf9mY5ffldnRk2JG8hBYo2CVEMH6C
          |2Kyx5MDkFWzbtiQnAioBEoW6MYhYR3TjuNJkpsMyWS4pS0XxW4lJLoKaxhgV
          |RNAuZAEVaDj59vlmAwxVG52/AECu8EgnTOCAXi25KhV6vGb4NQ==
          |-----END CERTIFICATE-----
        """.stripMargin

      val configString = """
          |ws.ssl.debug=["certpath", "ssl", "trustmanager"]
          |ws.ssl.protocol="TLSv1.2"
          |ws.ssl.enabledProtocols=["TLSv1.2"]
          |
          |ws.ssl.trustManager = {
          |  stores = [
          |    { path: ${java.home}/lib/security/cacerts, password = "changeit" },
          |    { type: "PEM", data = ${geotrust.pem} }
          |  ]
          |}
        """.stripMargin
      val rawConfig = ConfigFactory.parseString(configString)
      val configWithPem = rawConfig.withValue("geotrust.pem", ConfigValueFactory.fromAnyRef(geoTrustPem))
      val configWithSystemProperties = ConfigFactory.load(configWithPem)
      val playConfiguration = play.api.Configuration(configWithSystemProperties)

      val client = createClient(playConfiguration)
      val response = await(client.url("https://www.howsmyssl.com/a/check").get())(5.seconds)
      response.status must be_==(200)

      val jsonOutput = response.json
      val result = (jsonOutput \ "tls_version").validate[String]
      result must beLike {
        case JsSuccess(value, path) =>
          value must contain("TLS 1.2")
      }
    }
  }

- However, the modern security environment has pushed us to TLS 1.2. Clients using it will be marked down to at least Improvable.
+ However, the modern security environment has pushed us to TLS 1.2. Clients using TLS 1.1 will be marked down to at least Improvable.

func commonRedirect(redirectHost string) http.Handler {
    hf := func(w http.ResponseWriter, r *http.Request) {
        commonRedirects.Add(1)
        if r.Header.Get(xForwardedProto) == "https" {
            w.Header().Set("Strict-Transport-Security", hstsHeaderValue)
        }
        u := r.URL
        // Never set by the Go HTTP library.
        u.Scheme = "https"
        u.Host = redirectHost
        http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
    }
    return http.HandlerFunc(hf)
}