Knowledge Base

Authentication Method: pre-shared key authentication (PSK authentication)

Summary

Security

The pre-shared key^[124] can ensure authenticity^[201]^[202]^[203] of the communicating parties mutually based on symmetric key^[193]^[194]^[195]s that are shared in advance among the parties. Combined with a key exchange^[467] that has forward secrecy^[135]^[136]^[137]^[138] property algorithm can protect against dictionary attack^[504]^[505]s by passive eavesdroppers (but not active attackers). Pre-shared keys with low entropy^[380], may caused by a weakness^[359]^[360]^[361] of random number generator^[1]^[2]^[3], can be easily broken in brute-force attack^[555]. Leading client applications do not use this algorithm. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry.

Suggestion

If your application or requirements specifically call for the use of algorithms which are not used by the leading client applications set the cipher suite order explicitly and cipher suites used by the leading client applications be preferred over the ones which do not used by them.

Evaluate your host!

Get a prompt and clear overview of your security configuration. Right now!

Config Snippets

You can fix your security setting with the following config snippets in various services. You simply copy-paste (or delete) them to get a better secirity and grade. Do not forget to re-check your modified settings above.

If you want to reveal your security weaknesses and monitor your services or supply chain sign up for our beta test.

Apache

OpenSSL version: 0.9.8+

SSLCipherSuite …:!PSK

NGINX