Menu
I'm running a server that requires a blacklist of weak cipher suites.
So which of the following are weak? http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
700
Weak ciphers are generally known as encryption/ decryption algorithms that use key sizes that are less than 128 bits (i.e., 16 bytes … 8 bits in a byte) in length. To understand the ramifications of insufficient key length in an encryption scheme, a little background is needed in basic cryptography.
A cipher suite is identified as obsolete when one or more of the mechanisms is weak. Especially weak encryption algorithms in TLS 1.2 are designated as NULL, RC2, RC4, DES, IDEA, and TDES/3DES; cipher suites using these algorithms should not be used9.
Weak cipher suites should be disabled regardless of SSL/TLS version. Also, yes: disabling versions of SSL/TLS older than TLS 1.2 is highly recommended.
Why do you need to exclude the bad ones? Why not only include the good ones?
For starters, I'd follow the NSA Suite B guidelines, specifically RFC 5430
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
