cipher-selection – Page 8 – WindowsTechs.com

If i am using Strong Ciphers TLS 1.2 only, will this boost the security of my HTTPS & SSH Protocols? [duplicate]

Posted on February 17, 2018 by jehovahsays

This question already has an answer here:

Now that it is 2015, what SSL/TLS cipher suites should be used in a high security HTTPS environment?

4 answers

… Continue reading If i am using Strong Ciphers TLS 1.2 only, will this boost the security of my HTTPS & SSH Protocols? [duplicate]→

Clarification on Cipher Suite definition in Wikipedia

Posted on January 5, 2018 by Nair

Can someone clarify me the difference (or similarity) between data and message described under Cipher Suite in Wikipedia

The key exchange algorithm is used to exchange a key between two
devices. This key is used to encr… Continue reading Clarification on Cipher Suite definition in Wikipedia→

Question on DH key exchange

Posted on December 15, 2017 by user1493834

The server is configured to support the cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA and validate the client’s certificate.

My understanding is that the server uses DH for key exchange which does not require encryption or d… Continue reading Question on DH key exchange→

can SHA1 be used in ciphers? [duplicate]

Posted on November 23, 2017 by user1493834

This question already has an answer here:

Will Google block HMAC-SHA1 along with SHA1 signed certificates?

2 answers

I un… Continue reading can SHA1 be used in ciphers? [duplicate]→

Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7?

Posted on October 12, 2017 by bw-patrick

I’m implementing an API endpoint based on howsmyssl to check the TLS version of clients then notify those clients about whether or not they passed the test. However, several clients have reported failing the test on our site … Continue reading Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7?→

Browsers not showing the protocol, key exchange and cipher information for my site using proper signed certificate for https

Posted on October 6, 2017 by Sushant

Browsers not showing the protocol, key exchange and cipher information for my site using proper signed certificate for https, but the debug from a java client accessing the same site shows following information:

*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1490496321 bytes = { 66, 137, 113, 105, 106, 27, 21, 88, 87, 171, 101, 163, 48, 196, 98, 95, 61, 89, 178, 47, 146, 65, 65, 124, 89, 82, 61, 93 }
Session ID:  {89, 215, 43, 65, 38, 153, 110, 30, 167, 95, 49, 89, 125, 4, 140, 66, 116, 122, 88, 188, 234, 174, 222, 2, 21, 92, 125, 239, 168, 12, 35, 165}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Follows the security tab info in chrome:

This page is secure (valid HTTPS).
Valid Certificate
The connection to this site is using a valid, trusted server certificate.
View certificate
Secure TLS connection
**The connection to this site is using a strong protocol version and cipher suite.**
Secure Resources
All resources on this page are served securely.

Internet explorer : File -> Properties -> connection shows value as “Encrypted”
(without any details about the protocol, key exchange, cipher)

If I try to see the same for https://google.com, I can see all the fields ( protocol, key exchange, cipher) properly

E.g. On chrome

This page is secure (valid HTTPS).
Valid certificate
The connection to this site is using a valid, trusted server certificate.
View certificate
Secure connection
The connection to this site is encrypted and authenticated using a strong protocol (QUIC), a strong key exchange (X25519), and a strong cipher (AES_128_GCM).
Secure resources
All resources on this page are served securely.

Continue reading Browsers not showing the protocol, key exchange and cipher information for my site using proper signed certificate for https→

how to select cipher suites for server?

Posted on September 2, 2017 by BOss

I found this cipher suite for a web server…how do you select cipher suites for different server?

Encryption: Advanced Encryption Standard
(AES) 128-bit or higher encryption56, with

fallback to Triple Data Encryption Stand… Continue reading how to select cipher suites for server?→

How to disable CBC-mode ciphers

Posted on August 1, 2017 by Synchro

Is there a simple allowlist-style way of disabling CBC mode cipher suites in apps that use an openssl cipher suite list? I’m hoping for something in the style of !RC4, however, !CBC has no effect, and still allows suites such as TLS_DHE_RS… Continue reading How to disable CBC-mode ciphers→

Can key cipher and TLS cipher differ in OpenVPN?

Posted on July 30, 2017 by MaxHQ

I know how to configure OpenVPN and that there are control and data channels. But I did not yet find a nice overview of the crypto processes and especially how keys and certificates are really used in OpenVPN.

I wonder if it… Continue reading Can key cipher and TLS cipher differ in OpenVPN?→

openssl PSK cipher support

Posted on July 12, 2017 by Sachin

openssl version on ubuntu machine is

$ openssl version
OpenSSL 1.0.2g 1 Mar 2016

Following is openssl PSK cipher list :-

$ openssl ciphers -v ‘PSK’
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA… Continue reading openssl PSK cipher support→