I'm confused by different results coming from SSL Labs scan and running Get-TlsCipherSuite in AppService's Kudu. Specifically, cipher suite at first position shown by Powershell command, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, is not listed in SSL Labs report at all - SSL Labs shows only TLS_ECDHE_RSA_* but no TLS_ECDHE_ECDSA_*.
I'm trying to connect from the AppService to another service using SslStream and getting error in SSL Handshake. On the party I'm trying to connect to there is a log entry: SSL routines:tls_post_process_client_hello:no shared cipher.
The other party confirms they support TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (in fact they support multiple TLS_ECDHE_ECDSA_* but no TLS_ECDHE_RSA_*).
Supposing SSL Labs is correct then I would understand there is no shared cipher. But Get-TlsCipherSuite still shows the TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 at first position..
So which one is correct?