Posts

Showing posts with the label Cipher Suits

Disable Low and Medium Strength Cipher for Java Applications

I use SSL so I am secure, right? - Wrong A commonplace feeling is that if you are using TLS/SSL for communication between different components, the data in transit is safe. This is a misconception since the security of data in transit depends on what exact algorithms are being used for encryption. Some of the algorithms are deemed to be broken such as MD5 and RC4. During the negotiation between a client and a server when a TLS/SSL connection initiates, both the parties mutually decide which SSL version and cipher suite to go with for rest of the communication. SSL version 2 is considered to be unsafe while SSL v3 and TLS v1 are considerd safe. Cipher What? - Cipher Suite Cipher suites is a named combination of algorithms used for encryption when using TLS/SSL. It contains the encryption algorithm (like DES, RC4, AES) and the key size like (40, 56, 128 bit) and the hashing algorithm (like SHA and MD5). eg.  RSA_WITH_RC4_128_SHA.  Key size defines if the cipher is low, medium