IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cipher-selection]

For questions about the step of the SSL/TLS handshake where the cipher is negotiated between the client and the server. This tag could also be used for questions about which ciphers to support in your application / configuration.

198 questions
0
votes
1 answer

Determine if cipher suite is weak

I'm wondering if there is a way I can determine if a cipher suite is weak using python code. For example given this cipher suite as input: TLS_RSA_WITH_AES_256_CBC_SHA I would want my code to return the fact that it's bad because there is no forward…
jim
  • 103
  • 1
0
votes
1 answer

Why are ciphers using DSS being offered when using DH+AES:!DSS?

When I run the following command on Windows 10 with OpenSSL 1.0.2p installed I receive a curious result back (Formatted for readability): openssl ciphers…
sethmlarson
  • 1,479
  • 10
  • 17
0
votes
1 answer

Understanding Cipher suite prefixes

I have been lately reading cipher suites and how it works. I figured how it works in the web servers and there is a doubt regarding the prefixes used in the order. How are RC4-SHA and RC4+SHA different? Can anyone give a better explanation of how…
KESHAV K
  • 49
  • 1
  • 4
0
votes
1 answer

What cipher mode is usually used for network traffic encryption?

I'm currently teaching myself about cryptography with the intentions of learning more about cryptanalysis. As of now I'm learning about cipher modes! I understand that I should be looking into CBC, CFB, and OFB. I understand that CBC mode is…
Ahab Devoid
  • 5
  • 1
  • 4
0
votes
1 answer

Question on DH key exchange

The server is configured to support the cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA and validate the client's certificate. My understanding is that the server uses DH for key exchange which does not require encryption or decryption but a math…
user1493834
  • 177
  • 1
  • 10
0
votes
2 answers

Given the following yaSSL ciphers, how do I know what's being used?

Scope: I am considerable new on cryptography and only know some basic fundamentals of it. Looking at yaSSL ciphers I am trying to, as an exercise, to figure out which ones are still safe to use by today's standards and which are not. The problem is…
Marcello Grechi Lins
  • 103
  • 2
0
votes
1 answer

Changing cipher list of a ctx object after connection establishment

Does changing the cipher list for a CTX object (using SSL_CTX_set_cipher_list), have any effect on the already established connections (connections that had used that very CTX object)?
Haris
  • 113
  • 4
0
votes
1 answer

what is wrong with openssl ciphers?

I used openssl recently and noticed that in the cipher list there is AES (what else ) and then I saw many rarely used ciphers like camellia and seed, then I saw stuff like rc4, rc2 ... Why are insecure outdated ciphers so widely supported by…
Richard R. Matthews
  • 1,139
  • 2
  • 9
  • 13
0
votes
2 answers

Why are larger block sizes more desirable?

I've read three different exceperts from three different information security books, to summarize, this is what they say: "Block size impacts security, complexity, and performance. A larger block size is more desirable. It is more costly to…
ihoaxed
  • 3
  • 2
0
votes
1 answer

Is there a tool to test whether a server supports any cipher suite?

I would like to test whether a server is using some bad cipher suites. The problem is, many of the bad cipher suites have been removed from openssl 1.x(e.g. suites exposed to FREAK). Therefore, openssl sclient -cipher to test the target server does…
cfchou
  • 103
  • 1
  • 3
0
votes
2 answers

Why does my "Client Hello" change depending on server config?

I have the requirement of configuring all of our applications to use only PFS ciphersuites where possible. I have an application (HP Network Automation), which supports DHE key exchange (although not ECDHE), but when I limit it down to only the…
gtmcclinton
  • 197
  • 1
  • 2
  • 6
0
votes
2 answers

How are anonymous cipher suites exploited

I was testing a new proxy server today with SSL Labs and found that I had somehow included some anonymous cipher suites. After resolving the problem I decided to find out what problems this could cause and how/why this was exploitable. To my…
Drifter104
  • 123
  • 4
0
votes
1 answer

Using ChaCha20 without Poly1305

Doing some lecture to choose a good configuration for my SSL certificate for my website (using a regular LAMP configuration), I'm wondering what are the possibles and secure alternative to poly1305 using the ChaCha20 stream cipher ? And why I can't…
NSA
  • 21
  • 1
0
votes
2 answers

Bitwise cipher Cryptography

I'm doing an online cryptography course. There is a question in which it is given that the encrypted text for; OwBPAAQXAE9UC0FVBQxODgZSCUUMAQwCCApYRBJZBR0LDhoAGApPHQAUAQNZRAJPGwQbDQBDDREKQA== Is We need to use more complex systems to safely…
ganjja
  • 1
  • 2
0
votes
3 answers

SSL certificates using modern cipher suite vs obsolete cipher suite

I am shopping around for a SSL certificate and I took this screenshots from Chrome and Is the second site certificate showing errors less secure than the other not showing errors?
Gandalf
  • 107
  • 5
1 2 3
13
14