This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF only 128bit SSL

Hi,

i have one ASG that only uses a RC4 encryption 128bit. I guess its a revision 4, Firmware 8.309.
All of my Rev. 5 and UTM9 are using Camellia 256bit encryption.

Does the encryption algorythm depend on the ASG revision or is it a bug in my machine?

Thanks for your help (hope my english was not to bad).

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi, all the CBC modes are frowned upon due to BEAST (at least until TLS gets upgraded everywhere), and apparently ECB is not very secure:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_.28ECB.29

Unfortunately, that seems to rule out all the AES modes for now.

BTW, upgrading servers to TLS 1.1 or 1.2 doesn't completely solve the problem as they will fallback to TLS 1.0 modes if the client doesn't have support for the newer protocols.

IMHO, we shouldn't care so much about BEAST as it's already been worked-around in most clients, but the PCI group and/or the assessors don't seem to care.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi, all the CBC modes are frowned upon due to BEAST (at least until TLS gets upgraded everywhere), and apparently ECB is not very secure:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_.28ECB.29

Unfortunately, that seems to rule out all the AES modes for now.

BTW, upgrading servers to TLS 1.1 or 1.2 doesn't completely solve the problem as they will fallback to TLS 1.0 modes if the client doesn't have support for the newer protocols.

IMHO, we shouldn't care so much about BEAST as it's already been worked-around in most clients, but the PCI group and/or the assessors don't seem to care.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data

WAF only 128bit SSL

Submitted a Tech Support Case lately from the Support Portal?