Sign InSign Up


Breakdown of the TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 cipher suite

Cyber Security Rating for TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 - D


Key Exchange Mechanism

Elliptic Curve Diffie Hellman Ephemeral-ECDHE

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) is used because it enhances security through the use of ephemeral keys, which are temporary and unique for each session. This ensures that even if one session's key is compromised, past and future sessions remain secure. ECDHE provides perfect forward secrecy, meaning that the compromise of long-term keys does not affect the confidentiality of past communications. The ephemeral nature of the keys significantly reduces the risk of long-term data breaches and enhances the overall robustness of the cryptographic protocol.



Pre-Shared Key-PSK

PSK (Pre-Shared Key) cipher suites are used for authentication in secure communication protocols like TLS. They allow parties to establish a shared secret beforehand, ensuring confidentiality and integrity of data exchanges without the overhead of public key infrastructure (PKI), suitable for constrained environments or specific security requirements.




Cryptographic algorithms with low adoption should be avoided due to several critical reasons. They often lack rigorous scrutiny and testing by the broader cryptographic community, which increases the risk of undetected vulnerabilities. Moreover, their limited deployment means fewer opportunities for real-world validation and feedback, hindering confidence in their security and interoperability with existing systems. High adoption indicates robustness from extensive scrutiny and successful implementation in diverse environments.



Secure Hash Algorithm 256 Bit-SHA256

Improving greatly from SHA1, SHA-256 and above create secure hashes through robust cryptographic algorithms that ensure collision resistance and preimage resistance. They process input data in fixed-size blocks, applying complex mathematical transformations that make it computationally impractical to reverse-engineer the original data from its hash.


Key Size

128 Bit-128

128-bit symmetric encryption keys are considered secure because they provide an astronomically large number of possible combinations (2^128), making brute-force attacks computationally infeasible with current technology. This level of security is sufficient for most practical purposes and is widely adopted in various encryption protocols.


Cipher Mode

Cipher Block Chaining-CBC

Cipher Block Chaining (CBC) mode is vulnerable to the Lucky13 and POODLE (in TLS v1.2 and below) attacks. The Lucky13 attack exploits timing discrepancies in padding validation, allowing attackers to gradually reveal plaintext. The POODLE attack leverages padding errors to decrypt ciphertext by repeatedly modifying and sending it to the server, observing the error responses. These vulnerabilities arise from CBC's handling of padding and error messages, making it less secure than modern encryption modes like Galois/Counter Mode (GCM), which offer stronger integrity and confidentiality guarantees.

Web infrastructure owners must ensure they only allow secure cipher suites to protect against potential security threats. Cipher suites determine the encryption algorithms and key exchange mechanisms used in HTTPS connections. Insecure cipher suites can leave data vulnerable to interception, decryption, and manipulation by malicious actors. By restricting to secure cipher suites, owners mitigate risks such as data breaches, unauthorized access, and compromise of sensitive information. This proactive measure helps maintain trust with users, ensures compliance with security standards, and safeguards the integrity and confidentiality of data transmitted over the web.
Contact Stellastra to Secure Your Web Traffic Today

Stellastra The Cyber Security Comparison Platform

© 2024 Stellastra Ltd. All rights reserved. All names, logos, trademarks, et al, belong to their respective owners. No endorsement or partnership is necessarily implied between company and Stellastra and vice versa. Information is provided for convenience only on an as is basis. For the most up to date information, contact vendor directly. Scores including email security, SPF, and DMARC are calculated based on Stellastra's algorithms and other analyses may return different results.



About StellastraContact usCyber Security Risk ScoreEmail Deliverability ToolTLS Cipher SuitesStellastra Discover

Stay up to date

Stellastra The Cyber Security Comparison Platform