Cipher Suite Practices and Pitfalls

Cipher Suite Practices and Pitfalls It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...

Updated Jun 06, 2023

Version 3.0

SIRT

Joined March 03, 2010

View Profile

Chris_Olson

Nimbostratus

Apr 29, 2019

Excellent article. However, we now can no longer use CBC ciphers. (https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities) Since CBC is implied and not always listed, how can I come up with a keyword string that does not allow them. My current string 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE+AES:!TLSv1:!TLSv1_1' contains ONLY CBC when I scan using SSL Labs.

Cipher Suite Practices and Pitfalls

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS