Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is TLS_RSA_WITH_3DES_EDE_CBC_SHA equivalent to SSL_RSA_WITH_3DES_EDE_CBC_SHA

Tags:

java

security

ssl

sockets

encryption

I am working on configuring a Java client which its job is to make TLS connections to servers. I want to configure my client with these 3 ciphers:

TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5

In Java supported cipher suites, I found the same ciphers but with SSL at the beginning NOT TLS. The question, if I configured my client with:

SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5

Are the two lists exactly the same and will be interpreted by the server same? I am worried if I configured the client with SSL_* ciphers this mean something different than TLS_* and may be some servers do not support SSL_*. How can I be sure?

like image 648
user2192774 Avatar asked Jul 23 '14 09:07

user2192774

People also ask

What is TLS_RSA_WITH_3DES_EDE_CBC_SHA?

TLS_RSA_WITH_3DES_EDE_CBC_SHA is a remnant of the SSL 2.0 and SSL 3.0 era. 3DES in TLS is vulnerable to the Sweet32 [https://sweet32.info/] attack. Being a CBC cipher suite, it is also vulnerable to the Lucky Thirteen [https://en.wikipedia.org/wiki/Lucky_Thirteen_attack] attack.

Why is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 weak?

Shall I know why TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 being treated as weak? When did it become weak? Thanks. Due to the difficulties in implementing CBC cipher suites, and the numerous known exploits against bugs in specific implementations, Qualys SSL Labs began marking all CBC cipher suites as WEAK in May 2019.

What is TLS_RSA_WITH_AES_128_CBC_SHA?

TLS_RSA_WITH_AES_128_CBC_SHA uses 0x00,0x2F and its specified in RFC 3268, AES Ciphersuites for TLS. It supplemented the cipher suites from the original The TLS Protocol Version 1.0 of RFC 2246. RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2 included it out of the box.

What is CipherSpec MQ?

SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS. The ability of IBM® MQ classes for JMS applications to establish connections to a queue manager, depends on the CipherSpec specified at the server end of the MQI channel and the CipherSuite specified at the client end.

1 Answers

Yes, they are the same. See Java Cryptography Architecture Standard Algorithm Name Documentation:

Some JSSE cipher suite names were defined before TLSv1.0 was finalized, and were therefore given the SSL_ prefix. The names mentioned in the TLS RFCs prefixed with TLS_ are functionally equivalent to the JSSE cipher suites prefixed with SSL_.

like image 129
Bruno Avatar answered Nov 03 '22 00:11

Bruno
Sign in to Comment

Related questions

Java DateFormat.parse thinks "100 112TH AVE NE" is a date
OSGI Beginners tutorials are outdated. Is there a new standard?
Mouse hover - libgdx
Multiple statements in single mapper method in MyBatis
How can multiple threads corrupt internal structure of Hashmap
Spring bean not autowiring with @Component annotation
Save object reference to Bundle in Android
Limiting generic type
JPA @Column to prevent empty values
Selenium Webdriver: Page factory initialization using paths relative to other elements?
How to set a timezone with org.joda.time?
How do print out the name of thread currently running on a specific non-thread class?
Parsing string to integer in BeanShell Sampler in JMeter
How do I detect if a sprite was touched in Java libGDX?
Why can't i add first header to getPreferenceScreen?
Standard way to iterate over a StringBuilder in Java?
Just how 'approximate' is ThreadPoolExecutor#getActiveCount()?
JSF 2.1.13 custom component not found: Tag Library supports namespace: <namsepace> but no tag was defined for name: <compositecomponent>
OpenID Connect - how to verify id token in Java?
Java: Passing combination of named and unnamed parameters to executable jar/main method

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!