image/svg+xmlTLS NULL (ANY)EXPORT The EXPORT ciphersuitshasbeenbuiltasdangerousandmustnotbeusedexceptunderheavylawrestriction. RSA RSA PSK RSA isusedasauthenticatedkeyexchangeprotocolasspecifedinthe RFC5246- § 8.1 .Thisprotocolisbasedonthegenerationofa pre master secret bytheclientwhosendsitencryptedtotheserver.For RSA PSK ,thesharedkeybecomesaconcatenationofblock’ssize,versionand46randombitswiththePSK’ssizeandPSK(basedon RFC4279- § 4 ). NULL RC4128 IDEA DES RC4128 NULL RC4isasymetricencryptionalgorithm.Itmustnotbeused.IthasaweaknessinitsPRNGandcanbeexploitedintheBar-Mitzvahattack. Nowadays,DESandIDEAaretooweaktograntgoodsecurity. 3DES-EDE CBC SHA SEED CBC SHA 3DES-EDEshouldn’tbeusedexceptforoldlegacy. AES128 CBC SHA SHA256 GCM SHA256 CAMELLIA128 CBC SHA AES128 CBC SHA SHA256 GCM SHA256 AES128isrecommendedbythefrenchagencyANSSI,however,theCNSArecommendstheuseofAES256. CAMELLIAisasymetricencryptionalgorithmbasedonFeistelnetwork.Anextensionofitsciphersuitsimplementationhasbeenbroughtbythe RFC6367 .Theseciphersuitsaren’tshownherebecauseoftheirlackofimplementation.ThisalgorithmisrecommendedbythejapaneseinitiativeCRYPTEREC.However,thisalgorithmisn’tsupportedbyanymajorwebbrowser. SHA-1isdeprecatedandshouldn’tbeusedanymore. AES256 CBC SHA SHA256 GCM SHA384 CAMELLIA256 CBC SHA AES256 CBC SHA SHA384 GCM SHA384 CHACHA20 POLY1305 SHA256 CBC isdegradedtoStandardalthoughitssecurityisperfectinmoderncontext.Howeverapaddingattackexists(POODLE)againstlegacybrowser. GCM ciphermodeisanAuthenticatedEncryptionwithAssociatedData(AEAD),i.e.thisciphermodegrantsbothintegrityANDauthenticity. TheCHACHA20algorithmisbasedonthe RFC7905 andbuiltfromSALSA20,POLY1305grantsaweakprobabilityofcolisionoccurrence. RSA isusedasauthenticatedkeyexchangeprotocolasspecifedinthe RFC5246- § 8.1 .Thisprotocolisbasedonthegenerationofa pre master secret bytheclientwhosendsitencryptedtotheserver.For RSA PSK ,thesharedkeybecomesaconcatenationofblock’ssize,versionand46randombitswiththePSK’ssizeandPSK(basedon RFC4279- § 4 ). SHA-1isdeprecatedandshouldn’tbeusedanymore. CAMELLIAisasymetricencryptionalgorithmbasedonFeistelnetwork.Anextensionofitsciphersuitsimplementationhasbeenbroughtbythe RFC6367 .Theseciphersuitsaren’tshownherebecauseoftheirlackofimplementation.ThisalgorithmisrecommendedbythejapaneseinitiativeCRYPTEREC.However,thisalgorithmisn’tsupportedbyanymajorwebbrowser. DH DHE DH ciphersuitsuseKeyExchangealgorithmsbasedonfactorisationdiffcultyofaGF(p). DHE ciphersuitsallowPerfectForwardSecrecy(PFS),i.e.previouscommunicationprotectionevenafterkeycompromission. RSA DSS RSAEXPORT Anon PSK DH TheKeyExchangeiseasytohijackwithoutauthenticationandshouldbesignedtoavoidMan-in-the-Middleattack. DES RC4128 NULL WithDHEKeyExchange,DSSoffersRC4128asencryptionalgorithm.Thisalgorithmmustnotbeused. RSA DSS RSAEXPORT Anon PSK DH CHACHA20 POLY1305 SHA256 3DESEDE CBC SHA CAMELLIA128 CBC SHA CAMELLIA256 CBC SHA SEED CBC SHA AES128 CBC SHA SHA256 GCM SHA256 AES256 CBC SHA SHA256 GCM SHA384 3DESEDE CBC SHA AES128 CBC SHA SHA256 GCM SHA256 AES256 CBC SHA SHA384 GCM SHA384 ECDHE RSA AES256 CBC SHA SHA384 GCM SHA384 NULL ECDSA 3DESEDE CBC SHA AES128 GCM SHA256 CBC SHA256 SHA RC4128 PSK 3DESEDE CBC SHA AES128 CBC SHA SHA256 GCM SHA256 AES256 CBC SHA SHA384 GCM SHA384 RC4128 NULL ECDH Anon TheKeyExchangeiseasytohijackwithoutauthenticationandshouldbesignedtoavoidMan-in-the-Middleattack. DH ciphersuitsuseKeyExchangealgorithmsbasedonfactorisationdiffcultyofaGF(p). DHE ciphersuitsallowPerfectForwardSecrecy(PFS),i.e.previouscommunicationprotectionevenafterkeycompromission. CBC isdegradedtoStandardalthoughitssecurityisperfectinmoderncontext.Howeverapaddingattackexists(POODLE)againstlegacybrowser. Theciphersuits *DHE *SA WITH AES 256 GCM SHA384 arerecommanded.IndeedwithPFSpropertyandAES256solidity,it’sthebestpossibility.Moreover,theuseofGCMmodeisauthenticatedandavoidpaddingattacklikePOODLE. TheCHACHA20algorithmisbasedonthe RFC7905 andbuiltfromSALSA20,POLY1305grantsaweakprobabilityofcolisionoccurrence. GCM ciphermodeisanAuthenticatedEncryptionwithAssociatedData(AEAD),i.e.thisciphermodegrantsbothintegrityANDauthenticity. PSK SRP SHA KRB5 3DESEDE CBC SHA AES128 CBC SHA SHA256 GCM SHA256 AES256 CBC SHA SHA384 GCM SHA384 CHACHA20 POLY1305 SHA256 RC4128 NULL PSK PSK isusedasanexchangeprotocolwithauthentifcationincluded.ItusesaPre-SharedKeyasspecifedinthe RFC4279- § 2 .PSKisusefulinembededsystems. SRP SHA 3DESEDE CBC SHA AES128 CBC SHA AES256 CBC SHA RSA DSS SRP isusedasauthenticatedkeyexchangeprotocolasspecifedinthe RFC2945- § 3 .TheserverstoresasaltHMACofusernameandpassword.Theexchangeuses Z /p Z .ThisauthenticationismanagedwithTLSextensionsSRPis deprecated becauseoftheuseofSHA-1asonlyHMAChashalgorithm. SRP isusedasauthenticatedkeyexchangeprotocolasspecifedinthe RFC2945- § 3 .TheserverstoresasaltHMACofusernameandpassword.Theexchangeuses Z /p Z .ThisauthenticationismanagedwithTLSextensionsSRPis deprecated becauseoftheuseofSHA-1asonlyHMAChashalgorithm. SRPcanuseDSSorRSAforauthentication.SKEwillbesignedwithprivatekey. KRB5 IDEA 3DESEDE CBC SHA DES RC4 The KRB5 ciphersuitsarebasedonKerberosandusetickettoencryptandsendthe pre master secret inKerberosSession. The KRB5 ciphersuitsarebasedonKerberosandusetickettoencryptandsendthe pre master secret inKerberosSession. ThisdocumentistheworkofPierred’HuyunderCC-by-sav1.4(en)– pierre.dhuy.net
1
  1. Titre
  2. AliceandBob
  3. AliceandBob
  4. AliceandBob
  5. AliceandBob
  6. AliceandBob
  7. AliceandBob
  8. AliceandBob
  9. AliceandBob
  10. AliceandBob
  11. TLS_Red
  12. TLS_Red
  13. TLS_RSA
  14. TLS_RSA
  15. TLS_RSA
  16. TLS_RSA
  17. TLS_RSA
  18. TLS_RSA
  19. TLS_RSA
  20. TLS_RSA
  21. TLS_RSA
  22. TLS_RSA
  23. TLS_RSA
  24. TLS_RSA
  25. TLS_RSA
  26. TLS_RSA
  27. TLS_RSA
  28. TLS_RSA
  29. TLS_RSA
  30. TLS_RSA
  31. TLS_RSA
  32. TLS_RSA
  33. TLS_RSA
  34. TLS_DH
  35. TLS_DH
  36. TLS_DH
  37. TLS_DH
  38. TLS_DH
  39. TLS_DH
  40. TLS_DH
  41. TLS_DH
  42. TLS_DH
  43. TLS_DH
  44. TLS_leaf
  45. TLS_PSK
  46. TLS_SRP_SHA
  47. TLS_SRP_SHA
  48. TLS_SRP_SHA
  49. TLS_KRB5
  50. TLS_complete
  51. Licence