|
I kind of wondered when I wrote that whether I might have added some explanation so here it is in very simplified terms. TLS/SSL has two purposes: encryption and authentication. Authentication is done through the use of certificates which describe public keys used to develop signatures. This involves the hash algorithms (like SHA-1) and public key algorithms like RSA. The encryption component uses a separately negotiated symmetric key cipher algorithm (like RC4) and a hash used to make a temp key (SHA1) that have no dependency on any algorithm used for authentication although you might see similar terms used. The ciphers that Paul mentioned removing were algorithms used for encryption. These are two distinct functions although obviously working together to give you the desired result. You might be flagged for weaknesses in your authentication algorithms as well as your encryption ones if they use the same methods.
On 4/22/2015 9:50 PM, Pete Helgren wrote:
"The certificate and the cipher have nothing to do with one another. "
Hmmm. News to me then. My understanding was that we needed to request a new Certificate from Comodo. Current certificate shows that it supports Signature algorithm SHA1RSA with a Signature hash algorithm of SHA1. Which is why Chrome flags our website with the red slash on our SSL connection. My understanding was that that the SHA1 cert would only negotiate a SHA1 cipher request (so the cipher and cert WERE related) so I guess I need to do more reading.....
Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
On 4/22/2015 12:20 PM, Tim Bronski wrote:
The certificate and the cipher have nothing to do with one another.
On 4/22/2015 7:12 PM, Steinmetz, Paul wrote:
Could/would the iSeries WC cert affect the cipher negotiation?
I still have a SHA 1 WC cert, the new SHA 256 WC cert not yet enabled.
Pa
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.