· 1 min read
TLS-DH-DSS-WITH-ARIA-256-CBC-SHA384 Cipher Suite
A breakdown of the Cipher Suite TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, its strengths, and its weaknesses.
Key Exchange Mechanism
Diffie Hellman - DH
Grade - B
Static Diffie Hellman (DH) does not use emphemeral (temporary) keys, meaning it violates perfect forward secrecy. Ephemeral Diffie Hellman (EDH) should be used instead.
Authentication
Digital Signature Standard - DSS
Grade - C
Low usage
Cipher
AEGIS - ARIA
Grade - C
Low usage
Hash
Secure Hash Algorithm 384 Bit - SHA384
Grade - A
Improving greatly from SHA1, SHA-256 and above create secure hashes through robust cryptographic algorithms that ensure collision resistance and preimage resistance. They process input data in fixed-size blocks, applying complex mathematical transformations that make it computationally impractical to reverse-engineer the original data from its hash.
Cipher Mode
Cipher Block Chaining - CBC
Grade - D
Cipher Block Chaining (CBC) mode is vulnerable to the Lucky13 and POODLE (in TLS v1.2 and below) attacks. The Lucky13 attack exploits timing discrepancies in padding validation, allowing attackers to gradually reveal plaintext. The POODLE attack leverages padding errors to decrypt ciphertext by repeatedly modifying and sending it to the server, observing the error responses. These vulnerabilities arise from CBC’s handling of padding and error messages, making it less secure than modern encryption modes like Galois Counter Mode (GCM), which offer stronger integrity and confidentiality guarantees.