Knowledge Base

Rivest–Shamir–Adleman (RSA)

RSA^[320][321] key exchange is a key exchange^[467] that has no forward secrecy^{[135][136][137][138]}, and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted. Throughout its history RSA encryption has had many security flaws^{[310][311][312][313][314][315]} and was affected by variety of attack types: chosen-ciphertext attack^[557] (eg: Bleichenbacher's attack^[76][77], ROBOT attack^{[540][541][542][543]}), side-channel attack^{[106][107][108]} (eg: padding oracle attack^{[45][46][47][48]}, like Bleichenbacher's cat^{[337][338][339][340]}).

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman^[91][92] over Ephemeral Diffie-Hellman^{[142][143][144][145]}.

Rivest–Shamir–Adleman (RSA)

Rivest–Shamir–Adleman^[80][81][82] is a digital signature^{[231][232][233][234]} algorithm, which is considered secure, however there are known weaknesses^{[322][323][324][325][326]}.

NULL

Encryption algorithm is a null encryption^[568][569] that cannot provide confidentiality^{[198][199][200]}, so connection is available or disclosed to unauthorized individuals, entities, or processes.

Remove the cipher suite from the list of cipher suites supported by your server.

SHA2-256

message authentication code^{[128][129][130][131]} is a hashed message authentication code^{[418][419][420][421][422][423][424]} which is considered secure. The underlaying cryptographic hash function^{[510][511][512][513]} (Secure Hash Algorithm 2^[71][72][73]) is also considered secure.

If your application or requirements specifically call for the use of a message authentication code^{[128][129][130][131]} that does not provide authenticated encryption^[563] prefer block cipher mode of operation^{[293][294][295][296][297]} (eg: counter with CBC-MAC^{[266][267][268]}, Galois/Counter Mode^{[65][66][67][68]} or message authentication code^{[128][129][130][131]} (eg: Poly1305^[289][290]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^{[418][419][420][421][422][423][424]} prefer message authentication code^{[128][129][130][131]} based on Secure Hash Algorithm 2^[71][72][73] over the ones based on Secure Hash Algorithm 1^{[204][205][206]}.