Sign InSign Up


Breakdown of the TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA cipher suite

Cyber Security Rating for TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - D


Key Exchange Mechanism

Elliptic Curve Diffie Hellman-ECDH

Static Elliptic Curve Diffie Hellman (ECDH) does not use ephemeral (temporary) keys, meaning it violates perfect forward secrecy. ECDHE should be used in preference.



Elliptic Curve Digital Signature Algorithm-ECDSA

ECDSA (Elliptic Curve Digital Signature Algorithm) is used in cipher suites for authentication and integrity verification. Its efficiency in generating and verifying digital signatures makes it suitable for secure communication protocols like TLS, ensuring data confidentiality and integrity during exchanges over networks.



Advanced Encryption Standard-AES

AES should be used in cipher suites because it offers strong security with efficient performance, large block size (128 bits), and resistance to known attacks. Its widespread adoption and thorough analysis by the cryptographic community ensure reliability and robustness for encrypting sensitive data.



Secure Hash Algorithm-SHA

Chosen prefix attacks for SHA1 are feasible at an accessible cost to a well-funded adversary. This level of expense, while significant, does not pose a substantial barrier to attackers with sufficient resources, making such attacks a credible threat.


Cipher Mode

Cipher Block Chaining-CBC

Cipher Block Chaining (CBC) mode is vulnerable to the Lucky13 and POODLE (in TLS v1.2 and below) attacks. The Lucky13 attack exploits timing discrepancies in padding validation, allowing attackers to gradually reveal plaintext. The POODLE attack leverages padding errors to decrypt ciphertext by repeatedly modifying and sending it to the server, observing the error responses. These vulnerabilities arise from CBC's handling of padding and error messages, making it less secure than modern encryption modes like Galois/Counter Mode (GCM), which offer stronger integrity and confidentiality guarantees.

Web infrastructure owners must ensure they only allow secure cipher suites to protect against potential security threats. Cipher suites determine the encryption algorithms and key exchange mechanisms used in HTTPS connections. Insecure cipher suites can leave data vulnerable to interception, decryption, and manipulation by malicious actors. By restricting to secure cipher suites, owners mitigate risks such as data breaches, unauthorized access, and compromise of sensitive information. This proactive measure helps maintain trust with users, ensures compliance with security standards, and safeguards the integrity and confidentiality of data transmitted over the web.
Contact Stellastra to Secure Your Web Traffic Today

Stellastra The Cyber Security Comparison Platform

© 2024 Stellastra Ltd. All rights reserved. All names, logos, trademarks, et al, belong to their respective owners. No endorsement or partnership is necessarily implied between company and Stellastra and vice versa. Information is provided for convenience only on an as is basis. For the most up to date information, contact vendor directly. Scores including email security, SPF, and DMARC are calculated based on Stellastra's algorithms and other analyses may return different results.



About StellastraContact usCyber Security Risk ScoreEmail Deliverability ToolTLS Cipher SuitesStellastra Discover

Stay up to date

Stellastra The Cyber Security Comparison Platform