Get a prompt and clear overview of your security configuration. Right now!
Components
C
Key Exchange Method
Name
Rivest–Shamir–Adleman (RSA)
Security
RSA[320][321] key exchange is a key exchange[467] that has no forward secrecy[135][136][137][138], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted. Throughout its history RSA encryption has had many security flaws[310][311][312][313][314][315] and was affected by variety of attack types: chosen-ciphertext attack[557] (eg: Bleichenbacher's attack[76][77], ROBOT attack[540][541][542][543]), side-channel attack[106][107][108] (eg: padding oracle attack[45][46][47][48], like Bleichenbacher's cat[337][338][339][340]).
Recommendations
Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman[91][92] over Ephemeral Diffie-Hellman[142][143][144][145].
Encryption algorithm Rivest Cipher 4[459][460][461][462] is a stream cipher[78][79] that is more malleable[158] than a block cipher[524][525][526][527]. It has multiple vulnerabilities[27][28][29][30][31] (eg: related-key attack[53], distinguishing attack[349], ...), so attacker can apply statistical analysis against it to recover the encrypted text.
Recommendations
Remove the cipher suite from the list of cipher suites supported by your server.
A+
Encryption Key Size
Name
128
Security
The symmetric key[193][194][195] withkey size[438] more than 128 bits as it is should be according to National Institute of Standards and Technology[428][429] so it is not vulnerable to preimage attack[215] and it cannreliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is not open for a man-in-the-middle attack[414].
Recommendations
Remove the cipher suite from the list of cipher suites supported by your server.
Leading client applications do not use this type of message authentication code[128][129][130][131]. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code[128][129][130][131] that does not provide authenticated encryption[563] prefer block cipher mode of operation[293][294][295][296][297] (eg: counter with CBC-MAC[266][267][268], Galois/Counter Mode[65][66][67][68] or message authentication code[128][129][130][131] (eg: Poly1305[289][290]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[418][419][420][421][422][423][424] prefer message authentication code[128][129][130][131] based on Secure Hash Algorithm 2[71][72][73] over the ones based on MD5[227][228][229].
By using Scanigma services or clicking I Accept, you agree to our use of cookies.