Insecure Cipher Suite

IANA name:

TLS_RSA_WITH_NULL_SHA

OpenSSL name:

NULL-SHA

GnuTLS name:

TLS_RSA_NULL_SHA1

Hex code:

0x00, 0x02

TLS Version(s):

TLS1.0, TLS1.1, TLS1.2

---

Protocol:

Transport Layer Security (TLS)

Key Exchange:

Rivest Shamir Adleman algorithm (RSA)

Authentication:

Rivest Shamir Adleman algorithm (RSA)

Encryption:

NULL Encryption (NULL)

NULL Encryption:

This cipher suite uses no encryption at all. Hence, it is not providing confidentiality.

Hash:

Secure Hash Algorithm 1 (SHA)

Secure Hash Algorithm 1 MAC:

The Secure Hash Algorithm 1 has been proven to be vulnerable to chosen-prefix collision attacks as of 2019 (cf. sha-mbles.github.io). While this does not affect its usage as a MAC, safer alternatives such as SHA-256, or SHA-3 should be considered.

The Secure Hash Algorithm 1 has been proven to be vulnerable to collision attacks as of 2017 (cf. shattered.io). While this does not affect its usage as a MAC, safer alternatives such as SHA-256, or SHA-3 should be considered.

---

Included in RFC:

• RFC 5246

Machine-readable:

application/json