Highest Voted 'cipher-selection' Questions - IT Security Stack Exchange

6

votes

2 answers

nginx recommended ssl_ciphers

I am looking for some advice on setting the ciphers for nginx with SSL. What would you recommend for a good compromise between security and compatiblity at the moment? I have made some research but the solutions are sometimes very different and it…

asked Dec 06 '14 at 01:27

Michael

181
1
4

6

votes

2 answers

In a browser web server communication, who decides which encryption protocol to use

My IE browser has SSLv3.0, TLS 1.0,1.1 and 1.2 enabled in the advanced settings. And (I was informed by my server admin) my web server can encrypt data in SSLv3.0 and TLS 1.0 Now which system (server or the browser) decides which protocol to use. I…

encryption tls protocols cipher-selection

asked Nov 13 '14 at 20:15

nJoshi

171
1
4

6

votes

1 answer

openssl ECDHE-RSA... cipher suite selected while using RSA server cert and ECDSA client cert

The scene: s_server using RSA certificate. s_client using ECC-ECDSA certificate. Client authentication is required (option -Verify set on s_server) Cipher-suite selected after handshake is ECDHE-RSA-AES256-GCM-SHA384. So, i don't completely…

certificates rsa cipher-selection ecc dsa

asked Sep 24 '14 at 09:27

jpradas

63
1
3

6

votes

1 answer

How did SSLv3 get AES?

IANA maintains a registry of TLS cipher suites at TLS Parameters. TLS provides TLS_RSA_WITH_AES_128_CBC_SHA, its value is {0x00, 0x2f}, and its available in TLS 1.0 and above. The AES cipher suites were added to TLS with RFC 3268, AES Ciphersuites…

tls aes cipher-selection

asked Jun 20 '14 at 18:38

user29925

6

votes

1 answer

TLS v1.0 best cipher for OpenVPN setup

I'm trying to setup OpenVPN with as much security as I can. I'm in the process of selecting a cipher for OpenVPN. Which is the safest one, tls-cipher DHE-RSA-AES256-SHA or tls-cipher AES256-SHA? I've already configured it with these settings: HMAC:…

vpn cipher-selection

asked Nov 22 '13 at 16:25

Zen

163
1
3

6

votes

2 answers

What could be the order of these ciphers following as first criteria the security and just then the performance?

I need some guide to decide in which order I must put the following ciphers if I want prioritize security and in cases of tied, consider performance to decide. ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256)…

tls openssl cipher-selection

asked Oct 04 '13 at 15:22

user30395

5

votes

3 answers

How to pass cipher list to OpenSSL s_client

How we can pass a cipher list to the OpenSSL s_client program? We can pass single cipher by this: openssl s_client -cipher 'ECDHE-RSA-AES256-SHA' -connect www.google.com:443 But how to pass a list of multiple ciphers?

openssl cipher-selection

asked Jul 05 '15 at 11:30

Rahul_cs12

780
3
7
11

5

votes

1 answer

Is CVE-2013-2566 a practical attack against RC4 or still conceptual?

Is CVE-2013-2566 a practical attack against RC4 or still conceptual and does it only apply to WPA/TKIP?

tls attacks cipher-selection rc4

asked Jun 11 '15 at 23:02

user53029

2,657
5
24
35

5

votes

1 answer

Why does my openssl connection fail with elliptic curve cipher ECDH-RSA-AES128-SHA?

I am using openssl example server and client with specific cipher in ubuntu 14.10 pc. The openssl version is 1.0.1. When I use the RC4-SHA cipher in both sides, the connection is established successfully. However, when I use ECDH-RSA-AES128-SHA or…

openssl cipher-selection ubuntu

asked Nov 28 '14 at 16:09

Dimitra

51
1
2

5

votes

1 answer

How to get an exhaustive list of ciphers for TLS 1.0, TLS 1.1 and TLS 1.2

After TLS 1.0, there have been a number of RFCs e.g RFC 5932, RFC 6430 etc. Is there any place where one can get an exhaustive list of ciphers for each of the versions. Or at least an exhaustive list of RFCs so that I can read and get the ciphers…

tls cipher-selection

asked Jul 30 '13 at 16:44

Ramana

497
2
7
9

5

votes

1 answer

Known plaintext; What cipher is being used here?

plaintext: CANDY VERY CRANBERRY ciphertext: TXOtWjYhVk 8&O$4AmSA plaintext: http ciphertext: cZf. plaintext: http ciphertext: r5Hz This is definitely somehow decodable from ciphertext. The ciphertext is always the same length as the…

encryption cryptography cryptanalysis cipher-selection

asked May 19 '13 at 00:26

princessbubblebutt

75
1

5

votes

1 answer

IIS 6.0 - mitigating BEAST

Recently, my PCI assessor informed me that my servers are vulnerable to BEAST and failed me. I did my homework and I want to change our webservers to prefer RC4 ciphers over CBC. I followed every guide I could find... I changed my reg keys for my…

tls iis beast cipher-selection

asked Dec 07 '12 at 16:27

D3l_Gato

153
4

5

votes

1 answer

Server negotiated HTTP/2 with blacklisted suite

I understand there are quite a few posts regarding my error message, and I have looked at them with no luck to resolving my own issue. Essentially, certain web browsers are unable to load my site because of the following blacklisted suites Server…

http cipher-selection

asked Mar 21 '17 at 18:30

Jeffrey Wen

151
1
3

5

votes

3 answers

TLS Cipher Suites for MTA

When configuring a mailgateway’s TLS Settings, should one stick to the same rules for Cipher Suites as in running a HTTPS Service (prefer EDCHE/DHE, disable SSLv3, not use stuff like RC4, etc.) or should one focus more on compatibility with other…

tls cipher-selection

asked Mar 03 '17 at 10:16

architekt

986
1
7
18

5

votes

3 answers

Link between Cipher suites and certificate key

I'm trying to understand the SSL/TLS protocol and I'm lost on a specific point. What is the link between the public server key (eg. : "EC 256 bits" or " RSA 2048 bits") and the cipher suites ? This post give an answer : SSL certificates and…

tls cipher-selection ciphers

asked Aug 09 '16 at 20:45

Secu Noob

53
1
4

Questions tagged [cipher-selection]