For questions about the step of the SSL/TLS handshake where the cipher is negotiated between the client and the server. This tag could also be used for questions about which ciphers to support in your application / configuration.
Questions tagged [cipher-selection]
198 questions
199
votes
8 answers
Why not use larger cipher keys?
RSA Security commonly uses keys of sizes 1024-bit, 2048-bit or even 3072-bit. And most Symmetric algorithms only between 112-bit and 256-bit. I do realize that the current keys are secure enough for today's hardware, but as computers get faster,…
Koning
- 1,633
- 3
- 11
- 5
76
votes
4 answers
"Optimal" Web Server SSL Cipher Suite Configuration
Over the last couple of years there have been a number of changes in what would be considered an optimal SSL cipher suite configuration (e.g. the BEAST and CRIME attacks, the weaknesses in RC4)
My question is, what would currently be considered an…
Rory McCune
- 60,923
- 14
- 136
- 217
40
votes
1 answer
TLS: RC4 or not RC4?
I was reading another interesting article by Matthew Green today, saying that
if you're using RC4 as your primary ciphersuite in SSL/TLS, now would be a great time to stop
As far as I'm aware RC4 has been up'd on the list of ciphersuites to…
Yoav Aner
- 5,299
- 3
- 24
- 37
36
votes
1 answer
Which is the Best Cipher Mode and Padding Mode for AES Encryption?
As per PCI-DSS 3.4 requirement:
For storing Credit Card Data Strong Cryptography should be used.
I decided to use AES Encryption which is a strong and mostly recommended crypto for encrypting Credit Card Details.
I saw that AES has Cipher Mode and…
RajeshKannan
- 585
- 2
- 7
- 12
29
votes
5 answers
How to disable CBC-mode ciphers
Is there a simple allowlist-style way of disabling CBC mode cipher suites in apps that use an openssl cipher suite list? I'm hoping for something in the style of !RC4, however, !CBC has no effect, and still allows suites such as…
Synchro
- 647
- 1
- 6
- 14
24
votes
1 answer
What are the differences between the arcfour, arcfour128 and arcfour256 ciphers in OpenSSH?
What are the differences between the arcfour, arcfour128 and arcfour256 ciphers in OpenSSH?
I am interested about: speed and security implications.
I know that arcfour is fast for file transfers, but I don't know which one to pick.
sorin
- 365
- 1
- 3
- 7
23
votes
3 answers
OpenSSH default/preferred ciphers, hash, etc for SSH2
When using OpenSSH server (sshd) and client (ssh), what are all of the default / program preferred ciphers, hash, etc. (security related) and their default options (such as key length)?
So, what are the defaults for symmetric key, MAC, key exchange,…
Suraj
- 332
- 1
- 2
- 9
21
votes
1 answer
TLS Bicycle Attack - What cipher is free from flaws to use?
Recently a novel attack on TLS stream ciphers was developed by Guido Vranken, dubbed Bicycle and referenced in this Websense's blog post.
It was based on a characteristic of stream ciphers that says that there is a 1:1 relation between plaintext…
DarkLighting
- 1,523
- 11
- 16
19
votes
5 answers
Identify and disable weak cipher suites
A security scan result prior to the deployment of a web application on Windows Server 2008 R2 has raised the below message :
Weak SSL Cipher Suites are Supported
Reconfigure the server to avoid the use of weak cipher suites. The configuration…
DonQi
- 293
- 1
- 2
- 5
18
votes
2 answers
Is AES-GCM recommended for SSL?
I'm looking at turning on site-wide SSL for a website I manage, and I'm wondering what the best practices for SSL configuration. I'm not too worried about compatibility with old browsers and more obscure mobile devices, so I'd like to cut down the…
Polynomial
- 132,208
- 43
- 298
- 379
18
votes
1 answer
How do I know which cipher suites can be disabled?
I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.
I've been looking around a bit, but…
Martijn
- 359
- 1
- 2
- 9
15
votes
3 answers
Should I worry if my credit card payment processor's server allows only weak SSL cipher suites?
I tested their server using https://www.ssllabs.com/ssltest/ and, apart from the disappointing "B" rating (it handles financial transactions, after all), the server only allows the following two RC4 cipher suites, both of which are considered…
Gabriel S.
- 283
- 1
- 7
15
votes
2 answers
Why does Google prefer ECDHE-RSA-AES128-GCM-SHA256?
I want to configure my new mail server secure as possible and wondering about the used cipher while connecting to Googles SMTP server.
I'm curious why they prefer the cipher ECDHE-RSA-AES128-GCM-SHA256 before ECDHE-RSA-AES256-GCM-SHA384? Isn't this…
Ludwig Behm
- 296
- 1
- 2
- 8
13
votes
3 answers
Is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 a safe cipher suite to use?
Is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 a safe cipher suite to use for a TLS 1.2 connection to a Tomcat server? What are potential weaknesses or better alternatives? I am looking for a cipher supported by Java 8.
JRA_TLL
- 233
- 1
- 2
- 5
13
votes
2 answers
What are the use cases for anonymous SSL cipher suites?
SSL supports several anonymous cipher suites such as TLS_DH_anon_WITH_AES_256_GCM_SHA384. When these are used, no authentication is performed and no certificates are exchanged. This means that if they are used, you are at risk of MitM…
Cybergibbons
- 1,191
- 2
- 8
- 21