[Cryptography] TLS 1.0, Diffie-Hellman, RSA, AES128 CBC, SHA seriously qualified as «broken»?
Peter Bowen
pzbowen at gmail.com
Sat Aug 29 19:11:05 EDT 2020
On Sat, Aug 29, 2020 at 2:20 PM Thierry Moreau
<thierry.moreau at connotech.com> wrote:
> The Firefox version 76.0.1 reported «TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> 128 bit keys, TLS 1.0» as the technical details for the security of the
> web page.
>
> In essence, it appears to work as intended ... but
>
> The firefox browser qualifies this as «broken encryption». «Your
> connection to this website uses weak encryption and is not private.
> Other people can view your information or modify the website's behavior.
> Information sent over the Internet without encryption can be seen by
> other people while it is in transit.»
>
> And the security icon on the left of the URL entry field is yellow.
See https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/
All modern browsers require or soon will require TLS 1.2 or later.
Chrome and Safari don't support (FF)DHE at all; you will need
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) if you want to stay as
close to what you listed and work with them.
https://ssl-config.mozilla.org/ will generate a configuration that
Mozilla recommends.
Thanks,
Peter
More information about the cryptography
mailing list