Skip to main content
Information Security

Questions tagged [cipher-selection]

Ask Question

For questions about the step of the SSL/TLS handshake where the cipher is negotiated between the client and the server. This tag could also be used for questions about which ciphers to support in your application / configuration.

208 questions
Newest Active Bountied Unanswered
0 votes
1 answer
86 views

When server sends TLS ALERT: ERROR CODE 40 (FATAL HANDSHAKE FAILURE), how does browser know exactly that it's a cipher mismatch/overlap error? Do the browsers assume/presume it? Or is the only error ...
ABHISHEK PATIL's user avatar
  • 3
7 votes
2 answers
4k views

I happen to recall that CHACHA20 ciphers are not compliant with both NIST guidelines and FIPS/HIPAA standards. As used to be stated by htbridge.com SSL tests years ago. I just found similar ...
Bob Ortiz's user avatar
  • 7,715
2 votes
3 answers
273 views

If I have a system where I have 100% control over the client operating system and the server operating system, is there any use case for enabling more than one cipher suite (or any of the options that ...
Peter Turner's user avatar
  • 211
0 votes
1 answer
404 views

Eleptial Curve is now included in PGP. However when I run gpg2 --full-gen-key, I get Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) ...
Evan Carroll's user avatar
  • 3,237
1 vote
0 answers
2k views

I have to get rid of so called "weak security" in a Tomcat application. A penetration test identified services that accept connections with insecure TLS encryption and hashing algorithms: ...
MichaelW's user avatar
  • 161
0 votes
1 answer
258 views

I am trying to learn about cipher lists and how to order them. I am new to this. I have gone through this doc. I don't get some of the things mentioned in it. Maybe this post can clairfy it. I want to ...
Abhishek Dasgupta's user avatar
  • 103
2 votes
4 answers
8k views

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA supports forward secrecy, but it doesn't use GCM mode, and uses SHA1. TLS_RSA_WITH_AES_256_GCM_SHA384 uses GCM mode and uses SHA2, but it doesn't support forward ...
dawklrw's user avatar
  • 21
2 votes
2 answers
2k views

I have a postfix mail server that accepts these cipher suites: tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384: ...
Synchro's user avatar
  • 767

15 30 50 per page
1
2 3 4 5
14