In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information into cipher or code.
Questions tagged [ciphers]
141 questions
6
votes
1 answer
Disable RC4 ciphers best practice
To be compliant with security best practices, we have a requirement to disable RC4 ciphers.
I have investigated a way to achieve this and, found that I can disable it by editing the registry…
kimo pryvt
- 469
- 4
- 6
- 12
6
votes
2 answers
SSL: Android may not verify hostname, defining cipher suites
I'm developing an Android App which sends some HTTPS requests to our own Webserver (Linux, Nginx, SSL zertificate from "Let's Encrypt").
The requests worked fine on my test devices (Android 4.2.2 & Android 6.0.1), but on another device (5.1.1) the…
Florian Mötz
- 61
- 4
5
votes
1 answer
Do ciphers and encoding schemes make passwords more secure?
I recently came across a tech professional advising a user to take some plaintext of their choice, run it through one of these ciphers, convert it to Base64, and then use the result as their master password on LastPass.
However, the simple nature of…
Hashim Aziz
- 969
- 8
- 21
5
votes
1 answer
Apache naming for TLS_RSA_WITH_3DES_EDE_CBC_SHA
According to NIST and HIPAA guidance, I miss one cipher on a new web server:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Despite I read this one is discouraged, I am curious as to how do I add it?
I am on Linux Debian 9 with Apache.
Currently I have set up…
LinuxSecurityFreak
- 1,562
- 2
- 18
- 32
5
votes
3 answers
Link between Cipher suites and certificate key
I'm trying to understand the SSL/TLS protocol and I'm lost on a specific point.
What is the link between the public server key (eg. : "EC 256 bits" or " RSA 2048 bits") and the cipher suites ?
This post give an answer : SSL certificates and…
Secu Noob
- 53
- 1
- 4
5
votes
2 answers
TLS Version specific cipher suites
I have come across that GCM, CCM, SHA-256 and SHA-384 Cipher suites are TLS 1.2 only. So TLS handshake can not be performed with lower TLS version using these suites.
I am trying to figure out supported cipher suites per protocol version (SSL v3,…
bhushan5640
- 381
- 3
- 12
4
votes
2 answers
Apache TLS with only ECDHE-RSA-AES128-GCM-SHA256 enabled
Is there anything against this TLS-configuration in Apache:
SSLProtocol TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256
There are lots of examples that use a more complicated setup, but I believe this configuration is both secure and easy to…
Gert-Jan
- 145
- 5
4
votes
2 answers
How are ciphers related to cryptographic algorithms like DES or AES?
It looks like I am having a terminology issue here. In cryptography, we have stream ciphers and block ciphers. I understand their difference. We also have cryptographic algorithms like AES (Rijndael).
My confusion point is how do cryptographic…
py_script
- 781
- 2
- 7
- 10
4
votes
0 answers
HTTPS Cipher selection considerations
I went through various online docs, e.g. SSL and TLS Deployment Best Practices, regarding the "right" selection of cipher suites for a website. The attached picture shows my selection of cipher suites with lower priority from top to bottom, e.g.…
duxsco
- 149
- 2
4
votes
1 answer
Firefox & Chrome Strong Ciphers
Of the following ciphers for RSA authentication, Firefox and Chrome do not use stronger than ECDHE-RSA-AES128-SHA256.
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH …
Geremia
- 1,636
- 3
- 19
- 33
4
votes
3 answers
Can browsers connect HTTPS w/ the NONE cipher?
I came across a mention of the NONE cipher being possible/available for HTTPS.
Is it supported by any browsers for accessing any web-sites over the https:// address scheme?
(What would be a snippet to create a test/one-time https server with the…
cnst
- 1,884
- 2
- 19
- 30
3
votes
1 answer
Can we add TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 on windows server 2012 using gpedit although not supported by windows OS by default?
We are using IIS on Windows 2012-R2 server to host dotnet apps. From the app, when we try connecting to an external 3rd party api we see TLS handshake failure. On running ssllabs test on that api, I see that they support only below suites.
.
On…
dhanush shetty
- 33
- 4
3
votes
1 answer
How to filter ciphers based on ssl certificate?
I have many ssl certificates.
On one of the certificates I run the command openssl x509 -in cert.pem -text -noout
it shows:
Signature Algorithm: ecdsa-with-SHA256
Public Key Algorithm: id-ecPublicKey
Based on the info from the certicate , how can I…
harsh3547
- 33
- 4
3
votes
2 answers
Cipher Suite TLS 1.2 - Weak in OHS
I am trying to correct weak encryption in TLS, by doing a test in SSL Labs, it throws weak encryption in the following chpher suite:
Current Configuration:
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!AES128:!SHA1
Cipher Suite TLS 1.2 - Weak:…
Ventur
- 165
- 1
- 2
- 6
3
votes
1 answer
Clarifications regarding ciphers and Nmap scan
I'm running the below Nmap command to test the strength of the cipher suites I have used in my host
nmap -sV --script ssl-enum-ciphers -p 443
The Nmap doc says that Each ciphersuite is shown with a letter grade (A through F) indicating the…
Prakhash
- 193
- 2
- 8