API tools faq
paste
Advertisement
Guest User

Shitty Ciphers

a guest
Dec 18th, 2017
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.73 KB | None | 0 0
raw download clone embed print report
  1. Stop MITM (and other) attacks against shitty ciphers:
  2. TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  3. TLS_DHE_DSS_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  4. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  5. TLS_DHE_RSA_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  6. TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  7. TLS_DH_DSS_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  8. TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  9. TLS_DH_RSA_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  10. TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  11. TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  12. TLS_DH_anon_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  13. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  14. TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  15. TLS_RSA_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  16. TLS_RSA_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  17. TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  18. TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  19. TLS_KRB5_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  20. TLS_KRB5_EXPORT_WITH_RC4_40_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  21. TLS_KRB5_WITH_DES_CBC_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  22. TLS_KRB5_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  23. TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  24. TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  25. TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  26. TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  27. TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  28. TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
  29. TLS_DHE_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  30. TLS_DHE_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  31. TLS_DHE_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  32. TLS_ECDHE_ECDSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  33. TLS_ECDHE_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  34. TLS_ECDHE_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  35. TLS_ECDHE_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  36. TLS_ECDHE_RSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  37. TLS_ECDH_ECDSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  38. TLS_ECDH_RSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  39. TLS_ECDH_anon_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  40. TLS_NULL_WITH_NULL_NULL,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  41. TLS_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  42. TLS_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  43. TLS_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  44. TLS_RSA_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  45. TLS_RSA_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  46. TLS_RSA_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  47. TLS_RSA_WITH_NULL_MD5,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  48. TLS_RSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  49. TLS_RSA_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
  50. TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  51. TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  52. TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  53. TLS_DH_anon_WITH_AES_128_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  54. TLS_DH_anon_WITH_AES_128_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  55. TLS_DH_anon_WITH_AES_128_GCM_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  56. TLS_DH_anon_WITH_AES_256_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  57. TLS_DH_anon_WITH_AES_256_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  58. TLS_DH_anon_WITH_AES_256_GCM_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  59. TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  60. TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  61. TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  62. TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  63. TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  64. TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  65. TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  66. TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  67. TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  68. TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  69. TLS_DH_anon_WITH_DES_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  70. TLS_DH_anon_WITH_RC4_128_MD5,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  71. TLS_DH_anon_WITH_SEED_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  72. TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  73. TLS_ECDH_anon_WITH_AES_128_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  74. TLS_ECDH_anon_WITH_AES_256_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  75. TLS_ECDH_anon_WITH_NULL_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  76. TLS_ECDH_anon_WITH_RC4_128_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
  77. TLS_RSA_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its output
  78. TLS_RSA_WITH_RC4_128_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its output
  79. TLS_RSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its output
  80. TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  81. TLS_DH_anon_WITH_RC4_128_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  82. TLS_KRB5_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  83. TLS_KRB5_WITH_RC4_128_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  84. TLS_KRB5_EXPORT_WITH_RC4_40_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  85. TLS_KRB5_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  86. TLS_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  87. TLS_DHE_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  88. TLS_RSA_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  89. TLS_ECDH_ECDSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  90. TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  91. TLS_ECDH_RSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  92. TLS_ECDHE_RSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  93. TLS_ECDH_anon_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  94. TLS_ECDHE_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  95. TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  96. TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  97. TLS_DHE_DSS_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
  98. TLS_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite orderinsecure_cipher_suites,
  99. TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite orderinsecure_cipher_suites,
  100. TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  101. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  102. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  103. TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  104. TLS_KRB5_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  105. TLS_KRB5_WITH_3DES_EDE_CBC_MD5,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  106. TLS_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  107. TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  108. TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  109. TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  110. TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  111. TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  112. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  113. TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  114. TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  115. TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  116. TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  117. TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
  118. SSL_RSA_FIPS_WITH_DES_CBC_SHA",insecure_cipher_suites,weirdNSSuites:was meant to die with SSL 3.0 and is of unknown safety
  119. SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",insecure_cipher_suites,weirdNSSuites:was meant to die with SSL 3.0 and is of unknown safety
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!