Cipher Suite Practices and Pitfalls
Cipher Suite Practices and Pitfalls
It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...
Updated 2 years ago
Version 3.0
Chris_Olson
Nimbostratus
NimbostratusExcellent article. However, we now can no longer use CBC ciphers. (https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities) Since CBC is implied and not always listed, how can I come up with a keyword string that does not allow them. My current string 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE+AES:!TLSv1:!TLSv1_1' contains ONLY CBC when I scan using SSL Labs.