cipher-selection – Page 2 – WindowsTechs.com

Disabling weak cipher suites in Tomcat does not work as expected

Posted on February 3, 2023 by MichaelW

I have to get rid of so called "weak security" in a Tomcat application.
A penetration test identified services that accept connections with insecure TLS encryption and hashing algorithms: TLS 1.0/1.1,SHA1,CBC
Without being a Tomc… Continue reading Disabling weak cipher suites in Tomcat does not work as expected→

Cipher Suites settings wrong order?

Posted on December 20, 2022 by cadobe

I’m trying to setup a custom order of TLS cipher suites according to this Microsoft list, on Windows Server 2022 but the outcome is not the one that I was expecting.
After using the powershell to disable a bunch, and set a preferred order… Continue reading Cipher Suites settings wrong order?→

How server key limits protocols and ciphers used? [duplicate]

Posted on November 8, 2022 by Ivan Onyshchenko

There is a server (app) that uses OpenSSL to allow clients establish secure connection.
The certificate info for server public key is:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorit… Continue reading How server key limits protocols and ciphers used? [duplicate]→

How to create a cipher string that doesn’t contain AES and CAMELLIA ciphers?

Posted on September 21, 2022 by Abhishek Dasgupta

I am trying to learn about cipher lists and how to order them. I am new to this. I have gone through this doc. I don’t get some of the things mentioned in it. Maybe this post can clairfy it.
I want to create a cipher list that doesn’t cont… Continue reading How to create a cipher string that doesn’t contain AES and CAMELLIA ciphers?→

Need to know the key exchange value of the following cipher suites [migrated]

Posted on June 3, 2022 by SB_tech

I need to know the key exchange of the DHE-DSS cipher suites, will it be the same as mentioned in DHE-RSA?

Continue reading Need to know the key exchange value of the following cipher suites [migrated]→

Need to know the key exchange value of the following cipher suites [migrated]

Posted on June 3, 2022 by SB_tech

I need to know the key exchange of the DHE-DSS cipher suites, will it be the same as mentioned in DHE-RSA?

Continue reading Need to know the key exchange value of the following cipher suites [migrated]→

P-384 vs. SHA384

Posted on May 13, 2022 by wr mem

Forgive my inexperience with encryption, I’ve been researching this for the better part of the morning and still cannot find a smoking gun answer.
A vendor is requesting that we verify a website we utilize is secured using a specific ciphe… Continue reading P-384 vs. SHA384→

Which cipher is more secure TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA or TLS_RSA_WITH_AES_256_GCM_SHA384?

Posted on April 28, 2022 by dawklrw

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA supports forward secrecy but it doesn’t use GCM mode and use SHA1 TLS_RSA_WITH_AES_256_GCM_SHA384 uses GCM mode and SHA2 but it doesn’t support forward secrecy. Which one is more secure?

Continue reading Which cipher is more secure TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA or TLS_RSA_WITH_AES_256_GCM_SHA384?→

Java support for TLS_DHE_RSA_WITH_AES_128_CCM

Posted on April 28, 2022 by Amal Jesudas

My test tool uses java and I need it to use TLS_DHE_RSA_WITH_AES_128_CCM.
Does standard java (Oracle) support CCM cipher suites?
I am seeing oracle links mentioning CCM but am not able to make it work.
Will any policy or setting change mak… Continue reading Java support for TLS_DHE_RSA_WITH_AES_128_CCM→

Cipher suite choice on macOS on Apple Silicon

Posted on April 4, 2022 by Synchro

I have a postfix mail server that accepts these cipher suites:
tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RS… Continue reading Cipher suite choice on macOS on Apple Silicon→