AnsweredAssumed Answered

Cipher Strength verdict adjustment nessary?

Question asked by Thomas Born on May 18, 2015
Latest reply on May 21, 2015 by tlussnig

If I use

 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

 

I get a 100 rating for Cipher Strength. But TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA use less secure CBC instead of GCM. And TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uses in addition SHA-1 instead of secure SHA-2. (SHA-256 and SHA-384 are SHA-2)

 

So my suggestion would be that the use of for example TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 would also give a 100 rating on Cipher Strength because ist uses ECDHE, GCM and SHA256 with AES_128. Or to formulate it more general if AES_128 ist used together with ECDHE, GCM and SHA-2 (SHA-256 or higher) it should also get a 100 rating on Cipher Strength.

Outcomes