Insecure Cipher Suite
- IANA name:
- Hex code:
- 0x00, 0x17
- TLS Version(s):
- TLS1.0, TLS1.1, TLS1.2
- Export-grade Transport Layer Security (TLS EXPORT)
- Key Exchange:
- Diffie-Hellman (DH)
- Anonymous (anon)
- Rivest Cipher 4 with 40bit key (RC4 40)
- Message Digest 5 (MD5)
- Included in RFC:
Export ciphers used to be legally exportable from the United States of America in the 1990s, when exporting military technology was heavily restricted. Nowadays, they are considered insecure (cf. FREAK Attack).
Diffie-Hellman key exchanges not using ephemeral keys do not support Perfect Forward Secrecy (PFS) which is recommended, so attackers cannot decrypt the whole communication stream.
Anonymous key exchanges are generally vulnerable to Man in the Middle attacks.
IETF has officially prohibited RC4 for use in TLS in RFC 7465. Therefore, it can be considered insecure.
The Message Digest 5 algorithm suffers form multiple vulnerabilities and is considered insecure.