Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Stop MITM (and other) attacks against shitty ciphers:
- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DHE_DSS_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DHE_RSA_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_DSS_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_RSA_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DH_anon_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_KRB5_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_KRB5_EXPORT_WITH_RC4_40_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_KRB5_WITH_DES_CBC_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_KRB5_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,insecure_cipher_suites,fewBitCipherSuites:uses keys smaller than 128 bits in its encryption
- TLS_DHE_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_DHE_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_DHE_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDHE_ECDSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDHE_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDHE_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDHE_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDHE_RSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDH_ECDSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDH_RSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_ECDH_anon_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_NULL_WITH_NULL_NULL,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_RSA_PSK_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_RSA_PSK_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_RSA_PSK_WITH_NULL_SHA384,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_RSA_WITH_NULL_MD5,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_RSA_WITH_NULL_SHA,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_RSA_WITH_NULL_SHA256,insecure_cipher_suites,nullCipherSuites:specifies no encryption at all for the connection
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_AES_128_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_AES_128_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_AES_128_GCM_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_AES_256_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_AES_256_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_AES_256_GCM_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_DES_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_RC4_128_MD5,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_DH_anon_WITH_SEED_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_ECDH_anon_WITH_NULL_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_ECDH_anon_WITH_RC4_128_SHA,insecure_cipher_suites,nullAuthCipherSuites:is open to man-in-the-middle attacks because it does not authenticate the server
- TLS_RSA_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its output
- TLS_RSA_WITH_RC4_128_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its output
- TLS_RSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its output
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_DH_anon_WITH_RC4_128_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_KRB5_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_KRB5_WITH_RC4_128_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_KRB5_EXPORT_WITH_RC4_40_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_KRB5_EXPORT_WITH_RC4_40_MD5,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_DHE_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_RSA_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_ECDH_RSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_ECDHE_RSA_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_ECDH_anon_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_ECDHE_PSK_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_DHE_DSS_WITH_RC4_128_SHA,insecure_cipher_suites,uses RC4 which has insecure biases in its outputre biases in its output
- TLS_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite orderinsecure_cipher_suites,
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite orderinsecure_cipher_suites,
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_KRB5_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_KRB5_WITH_3DES_EDE_CBC_MD5,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,insecure_cipher_suites,sweet32CipherSuites:uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order
- SSL_RSA_FIPS_WITH_DES_CBC_SHA",insecure_cipher_suites,weirdNSSuites:was meant to die with SSL 3.0 and is of unknown safety
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",insecure_cipher_suites,weirdNSSuites:was meant to die with SSL 3.0 and is of unknown safety
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement