Talk:Cipher suite

Latest comment: 3 years ago by Kvng in topic Vulnerabilities

named cipher suites

edit

The article incorrectly states "A reference for named cipher suites is provided in RFC 2434, the TLS Cipher Suite Registry."

The RFC given is the procedure for submissions. Lists of named cipher suites and reserved hex names are listed in the RFC for the TLS protocol (e.g. Appendix 5, RFC 4346 - TLS 1.1). Stephen Charles Thompson (talk) 21:16, 26 April 2010 (UTC)Reply

Aes_128_gcm Hoangcuong95 (talk) 15:34, 8 February 2018 (UTC)Reply

Chacha20_roly1305 Hoangcuong95 (talk) 15:39, 8 February 2018 (UTC)Reply

Block cipher list

edit

The TLS 1.0 - 1.2 section references block ciphers and specifically calls out RC4. However, RC4 is a stream cipher. Should this be updated? Timmattison (talk) 17:05, 24 February 2017 (UTC)Reply

Vulnerabilities

edit

The Vulnerabilities section states "If the version of encryption or authentication algorithm in a cipher suite have known vulnerabilities the cipher suite and TLS connection is then vulnerable." This is not accurate. A cipher suite may use a particular cipher that has a known vulnerability but that vulnerability may not apply within the context of how it is used in the suite. For example, collision attacks may apply to certain hash functions when an attacker controls part of the plaintext however the attacks may not apply in other scenarios (like in an HMAC construction). See https://en.wikipedia.org/wiki/Collision_attack#Attack_scenarios for details. 149.117.75.12 (talk) 00:15, 6 August 2021 (UTC)Reply

OK, I guess that's possible. I changed is to may. ~Kvng (talk) 16:37, 12 August 2021 (UTC)Reply