Insecure Cipher Suite

IANA name:

TLS_PSK_WITH_NULL_SHA

OpenSSL name:

PSK-NULL-SHA

GnuTLS name:

TLS_PSK_NULL_SHA1

Hex code:

0x00, 0x2C

TLS Version(s):

TLS1.0, TLS1.1, TLS1.2, TLS1.3

---

Protocol:

Transport Layer Security (TLS)

Key Exchange:

Pre-Shared Key (PSK)

Non-ephemeral Key Exchange:

This key exchange algorithm does not support Perfect Forward Secrecy (PFS) which is recommended, so attackers cannot decrypt the complete communication stream.

Authentication:

Pre-Shared Key (PSK)

Encryption:

NULL Encryption (NULL)

NULL Encryption:

This cipher suite uses no encryption at all. Hence, it is not providing confidentiality.

Hash:

HMAC Secure Hash Algorithm 1 (SHA)

Secure Hash Algorithm 1:

The Secure Hash Algorithm 1 has been proven to be insecure as of 2017 (see shattered.io).

---

Included in RFC:

• RFC 4785

Machine-readable:

application/json