Knowledge Base

Elliptic-curve Diffie–Hellman Ephemeral (ECDHE)

Ephemeral Elliptic-curve Diffie–Hellman^[91][92] is a variant of Elliptic-curve Diffie–Hellman^[490][491] key exchange that has forward secrecy^{[135][136][137][138]}, and does protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted.

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman^[91][92] over Ephemeral Diffie-Hellman^{[142][143][144][145]}.

Rivest–Shamir–Adleman (RSA)

Rivest–Shamir–Adleman^[80][81][82] is a digital signature^{[231][232][233][234]} algorithm, which is considered secure, however there are known weaknesses^{[322][323][324][325][326]}.

RC4-128

Encryption algorithm Rivest Cipher 4^{[459][460][461][462]} is a stream cipher^[78][79] that is more malleable^[158] than a block cipher^{[524][525][526][527]}. It has multiple vulnerabilities^{[27][28][29][30][31]} (eg: related-key attack^[53], distinguishing attack^[349], ...), so attacker can apply statistical analysis against it to recover the encrypted text.

Remove the cipher suite from the list of cipher suites supported by your server.

128

The symmetric key^{[193][194][195]} withkey size^[438] more than 128 bits as it is should be according to National Institute of Standards and Technology^[428][429] so it is not vulnerable to preimage attack^[215] and it cannreliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is not open for a man-in-the-middle attack^[414].

Remove the cipher suite from the list of cipher suites supported by your server.

SHA-1

message authentication code^{[128][129][130][131]} is a hashed message authentication code^{[418][419][420][421][422][423][424]} which is considered secure^[159], despite the fact that the underlayingcryptographic hash function^{[510][511][512][513]} (Secure Hash Algorithm 1^{[204][205][206]}) is considered insecure^{[370][371][372][373][374][375][376]}.

If your application or requirements specifically call for the use of a message authentication code^{[128][129][130][131]} that does not provide authenticated encryption^[563] prefer block cipher mode of operation^{[293][294][295][296][297]} (eg: counter with CBC-MAC^{[266][267][268]}, Galois/Counter Mode^{[65][66][67][68]} or message authentication code^{[128][129][130][131]} (eg: Poly1305^[289][290]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^{[418][419][420][421][422][423][424]} prefer message authentication code^{[128][129][130][131]} based on Secure Hash Algorithm 2^[71][72][73] over the ones based on Secure Hash Algorithm 1^{[204][205][206]}.