Menu
I am working on configuring a Java client which its job is to make TLS connections to servers. I want to configure my client with these 3 ciphers:
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
In Java supported cipher suites, I found the same ciphers but with SSL at the beginning NOT TLS. The question, if I configured my client with:
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
Are the two lists exactly the same and will be interpreted by the server same? I am worried if I configured the client with SSL_* ciphers this mean something different than TLS_* and may be some servers do not support SSL_*. How can I be sure?
648
TLS_RSA_WITH_3DES_EDE_CBC_SHA is a remnant of the SSL 2.0 and SSL 3.0 era. 3DES in TLS is vulnerable to the Sweet32 [https://sweet32.info/] attack. Being a CBC cipher suite, it is also vulnerable to the Lucky Thirteen [https://en.wikipedia.org/wiki/Lucky_Thirteen_attack] attack.
Shall I know why TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 being treated as weak? When did it become weak? Thanks. Due to the difficulties in implementing CBC cipher suites, and the numerous known exploits against bugs in specific implementations, Qualys SSL Labs began marking all CBC cipher suites as WEAK in May 2019.
TLS_RSA_WITH_AES_128_CBC_SHA uses 0x00,0x2F and its specified in RFC 3268, AES Ciphersuites for TLS. It supplemented the cipher suites from the original The TLS Protocol Version 1.0 of RFC 2246. RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2 included it out of the box.
SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS. The ability of IBM® MQ classes for JMS applications to establish connections to a queue manager, depends on the CipherSpec specified at the server end of the MQI channel and the CipherSuite specified at the client end.
Yes, they are the same. See Java Cryptography Architecture Standard Algorithm Name Documentation:
Some JSSE cipher suite names were defined before TLSv1.0 was finalized, and were therefore given the
SSL_prefix. The names mentioned in the TLS RFCs prefixed withTLS_are functionally equivalent to the JSSE cipher suites prefixed withSSL_.
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
