First cipher is a bit more secure since it uses GCM (Galois/Counter Mode) mode which is new to TLS 1.2 and is not vulnerable to BEAST attack (other two that use CBC mode may be vulnerable to this specific attack).
How to identify strong and weak ciphers?
Hi All,
We have a doubt on how to identify the strong and weak ciphers from below:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Can anyone help me identify?
2 answers
Sort by: Most helpful
-
-
Hannah Xiong 6,276 Reputation points
2020-10-08T08:09:28.657+00:00 Hello,
Thank you so much for posting here.
Have we checked the provided information? Hope it will be helpful to you.
For Windows 10, version 1607 and Windows Server 2016, the following cipher suites are enabled and in this priority order by default using the Microsoft Schannel Provider as shown below.
We could see that TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 has the higher priority order, which is more secure and strong. Below are the information we would like to share with you. Hope they could be helpful to you.
https://video2.skills-academy.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel
https://video2.skills-academy.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10-v1607
For any question, please feel free to contact us.
Best regards,
Hannah Xiong============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.