Knowledge Base

Cipher Suite

A-

TLS_­DHE_­RSA_­WITH_­SALSA20_­SHA1

Summary

Name:
TLS_DHE_RSA_WITH_SALSA20_SHA1
IANA Name:
TLS_DHE_RSA_WITH_SALSA20_SHA1
Code:
(0xe4, 0x1f)
OpenSSL Name:
Protocol Versions:
TLS 1.0,TLS 1.1,TLS 1.2

Check your host!

Type a URL to analyze a service

Get a prompt and clear overview of your security configuration. Right now!

Components

A
Key Exchange Method
Name

DHE (Diffie-Hellman Ephemeral)

Security

Ephemeral Diffie-Hellman[405][406][407][408] is a variant of Diffie-Hellman[99][100][101][102][103] key exchange[133] protocol that has forward secrecy[127][128][129][130], and does protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted. However, there is a protocol flaw called D(HE)at attack[581][582][583][584][585], a denial-of-service attack[586][587][588][589][590], which can be exploited effectively when large key sizes are enabled.

Recommendations

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman[432][433] over Ephemeral Diffie-Hellman[405][406][407][408] and D(HE)at attack[581][582][583][584][585] implies using Diffie-Hellman ephemeral public key parameter[409][410][411]s with a size greater or equal than 2048 bits but less or equal than 4096 bits.

A+
Authentication Method
Name

RSA

Security

Rivest–Shamir–Adleman[275][276][277] is a digital signature[107][108][109][110] algorithm, which is considered secure, however there are known weaknesses[278][279][280][281][282].

A+
Encryption Type
Name

Salsa20

Security

The stream cipher[182][183] Salsa20[380][381][382] is considered secure [383] and gives better performance for mobile devices.

Recommendations

Prefer stream cipher[182][183] Salsa20[380][381][382] and it's variants (eg: ChaCha20[324][325][326][327]) in case of mobile devices.

A+
Encryption Key Size
Name

256

Security

The symmetric key[185][186][187] withkey size[184] more than 128 bits as it is should be according to National Institute of Standards and Technology[470][471] so it is not vulnerable to preimage attack[67] and it cannreliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is not open for a man-in-the-middle attack[61].

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server.

A-
Message Authentication Code
Name

SHA-1

Security

message authentication code[135][136][137][138] is a hashed message authentication code[139][140][141][142][143][144][145] which is considered secure[462], despite the fact that the underlayingcryptographic hash function[94][95][96][97] (Secure Hash Algorithm 1[202][203][204]) is considered insecure[205][206][207][208][209][210][211].

Recommendations

If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].