Insecure Cipher Suite

IANA name:

TLS_ECDHE_RSA_WITH_NULL_SHA

OpenSSL name:

ECDHE-RSA-NULL-SHA

GnuTLS name:

TLS_ECDHE_RSA_NULL_SHA1

Hex code:

0xC0, 0x10

TLS Version(s):

TLS1.0, TLS1.1, TLS1.2

---

Protocol:

Transport Layer Security (TLS)

Key Exchange:

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

Authentication:

Rivest Shamir Adleman algorithm (RSA)

Encryption:

NULL Encryption (NULL)

NULL Encryption:

This cipher suite uses no encryption at all. Hence, it is not providing confidentiality.

Hash:

Secure Hash Algorithm 1 (SHA)

Secure Hash Algorithm 1 MAC:

The Secure Hash Algorithm 1 has been proven to be vulnerable to collision attacks as of 2017 (cf. shattered.io). While this does not affect its usage as a MAC, safer alternatives such as SHA-256, or SHA-3 should be considered.

---

Included in RFC:

• RFC 8422

Machine-readable:

application/json