Knowledge Base

ADH (Anonymous Diffie-Hellman)

The anonymous Diffie-Hellman^[404] key exchange^[133] is a variant of Diffie-Hellman^{[99][100][101][102][103]} key exchange that does not provide authenticity^[75][76][77]. Lack of authentication causes that the identity of server cannot be proved, so connection is open for a man-in-the-middle attack^[61].

Remove the cipher suite from the list of cipher suites supported by your server or replace the cipher suite with it's Ephemeral Diffie-Hellman^{[405][406][407][408]} version.

anon

Lack of authentication is combined with anonymous key exchange^[397][398], identity of server cannot be proved, so connection is open for a man-in-the-middle attack^[61].

Remove the cipher suite from the list of cipher suites supported by your server.

RC4-40

Encryption algorithm Rivest Cipher 4^{[370][371][372][373]} is a stream cipher^[182][183] which is more malleable^[134] than a block cipher^{[78][79][80][81]}. It has multiple vulnerabilities^{[375][376][377][378][379]} (eg: related-key attack^[68], distinguishing attack^[60], ...) and RC4 as a 40-bit encryption key size^[122][123] is weakened against brute-force attack^[54]. It cannot provide confidentiality^[91][92][93], so connection is available or disclosed to unauthorized individuals, entities, or processes.

Remove the cipher suite from the list of cipher suites supported by your server.

40

Any symmetric key^{[185][186][187]} with key size^[184] less than 128 bits are disallowed by National Institute of Standards and Technology^[470][471] as it is vulnerable to preimage attack^[67] in theory. It cannot reliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is open for a man-in-the-middle attack^[61].

Remove the cipher suite from the list of cipher suites supported by your server.

MD5

message authentication code^{[135][136][137][138]} is a hashed message authentication code^{[139][140][141][142][143][144][145]} which is considered secure^[456][457], despite the fact that the underlaying cryptographic hash function^{[94][95][96][97]} (MD5^{[197][198][199]}) is considered insecure^[200][201] as it vulnerable to collision attack^[57] in practice and to preimage attack^[67] in theory.

Leading client applications do not use this type of message authentication code^{[135][136][137][138]}. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code^{[135][136][137][138]} that does not provide authenticated encryption^[74] prefer block cipher mode of operation^{[82][83][84][85][86]} (eg: counter with CBC-MAC^[32][33][34], Galois/Counter Mode^{[46][47][48][49]} or message authentication code^{[135][136][137][138]} (eg: Poly1305^[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^{[139][140][141][142][143][144][145]} prefer message authentication code^{[135][136][137][138]} based on Secure Hash Algorithm 2^{[212][213][214]} over the ones based on MD5^{[197][198][199]}.