message authentication code[135][136][137][138] is a hashed message authentication code[139][140][141][142][143][144][145] which is considered secure[462], despite the fact that the underlayingcryptographic hash function[94][95][96][97] (Secure Hash Algorithm 1[202][203][204]) is considered insecure[205][206][207][208][209][210][211].
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].
Get a prompt and clear overview of your security configuration. Right now!
You can fix your security setting with the following config snippets in various services. You simply copy-paste (or delete) them to get a better secirity and grade. Do not forget to re-check your modified settings above.
If you want to reveal your security weaknesses and monitor your services or supply chain sign up for our beta test.
OLD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA OLD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA OLD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA OLD_TLS_ECDH_ECDSA_WITH_NULL_SHA OLD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA OLD_TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA OLD_TLS_RSA_FIPS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_RC4_128_SHA TLS_DHE_DSS_WITH_SEED_CBC_SHA TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA TLS_DHE_PSK_WITH_AES_128_CBC_SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1 TLS_DHE_PSK_WITH_NULL_SHA TLS_DHE_PSK_WITH_RC4_128_SHA TLS_DHE_PSK_WITH_SALSA20_SHA1 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1 TLS_DHE_RSA_WITH_SALSA20_SHA1 TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_AES_128_CBC_SHA TLS_DH_DSS_WITH_AES_256_CBC_SHA TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_SEED_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_AES_128_CBC_SHA TLS_DH_RSA_WITH_AES_256_CBC_SHA TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_SEED_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_SEED_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1 TLS_ECDHE_PSK_WITH_NULL_SHA TLS_ECDHE_PSK_WITH_RC4_128_SHA TLS_ECDHE_PSK_WITH_SALSA20_SHA1 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1 TLS_ECDHE_RSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_SALSA20_SHA1 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_DES_CBC_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS_ECDH_anon_WITH_NULL_SHA TLS_ECDH_anon_WITH_RC4_128_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_IDEA_CBC_SHA TLS_KRB5_WITH_RC4_128_SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA TLS_PSK_WITH_AES_128_CBC_SHA TLS_PSK_WITH_AES_256_CBC_SHA TLS_PSK_WITH_ESTREAM_SALSA20_SHA1 TLS_PSK_WITH_NULL_SHA TLS_PSK_WITH_RC4_128_SHA TLS_PSK_WITH_SALSA20_SHA1 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA TLS_RSA_FIPS_WITH_DES_CBC_SHA TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA TLS_RSA_PSK_WITH_AES_128_CBC_SHA TLS_RSA_PSK_WITH_AES_256_CBC_SHA TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1 TLS_RSA_PSK_WITH_NULL_SHA TLS_RSA_PSK_WITH_RC4_128_SHA TLS_RSA_PSK_WITH_SALSA20_SHA1 TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_ESTREAM_SALSA20_SHA1 TLS_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_NULL_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_SALSA20_SHA1 TLS_RSA_WITH_SEED_CBC_SHA TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_WITH_AES_128_CBC_SHA TLS_SRP_SHA_WITH_AES_256_CBC_SHA
