Knowledge Base

Cipher Suite

F

TLS_­ECDH_­anon_­WITH_­RC4_­128_­SHA

Summary

Name:
TLS_ECDH_anon_WITH_RC4_128_SHA
IANA Name:
TLS_ECDH_anon_WITH_RC4_128_SHA
Code:
(0xc0, 0x16)
OpenSSL Name:
AECDH-RC4-SHA
Protocol Versions:
TLS 1.0,TLS 1.1,TLS 1.2

Check your host!

Type a URL to analyze a service

Get a prompt and clear overview of your security configuration. Right now!

Components

F
Key Exchange Method
Name

AECDH (Anonymous Elliptic-curve Diffie-Hellman)

Security

The anonymous Elliptic-curve Diffie-Hellman[431] key exchange[133] is a variant of Elliptic-curve Diffie–Hellman[114][115] key exchange that does not provide authenticity[75][76][77]. Lack of authentication causes that the identity of server cannot be proved, so connection is open for a man-in-the-middle attack[61].

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server or replace the cipher suite with it's Ephemeral Elliptic-curve Diffie–Hellman[432][433] version.

F
Authentication Method
Name

anon

Security

Lack of authentication is combined with anonymous key exchange[397][398], identity of server cannot be proved, so connection is open for a man-in-the-middle attack[61].

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server.

F
Encryption Type
Name

RC4-128

Security

Encryption algorithm Rivest Cipher 4[370][371][372][373] is a stream cipher[182][183] that is more malleable[134] than a block cipher[78][79][80][81]. It has multiple vulnerabilities[375][376][377][378][379] (eg: related-key attack[68], distinguishing attack[60], ...), so attacker can apply statistical analysis against it to recover the encrypted text.

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server.

A+
Encryption Key Size
Name

128

Security

The symmetric key[185][186][187] withkey size[184] more than 128 bits as it is should be according to National Institute of Standards and Technology[470][471] so it is not vulnerable to preimage attack[67] and it cannreliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is not open for a man-in-the-middle attack[61].

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server.

A-
Message Authentication Code
Name

SHA-1

Security

message authentication code[135][136][137][138] is a hashed message authentication code[139][140][141][142][143][144][145] which is considered secure[462], despite the fact that the underlayingcryptographic hash function[94][95][96][97] (Secure Hash Algorithm 1[202][203][204]) is considered insecure[205][206][207][208][209][210][211].

Recommendations

If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].