TLS-DH-DSS-WITH-ARIA-256-CBC-SHA384 Cipher Suite

Key Exchange Mechanism

Diffie Hellman - DH

Grade - B

Static Diffie Hellman (DH) does not use emphemeral (temporary) keys, meaning it violates perfect forward secrecy. Ephemeral Diffie Hellman (EDH) should be used instead.

Authentication

Digital Signature Standard - DSS

Grade - C

Low usage

Cipher

AEGIS - ARIA

Grade - C

Low usage

Hash

Secure Hash Algorithm 384 Bit - SHA384

Grade - A

Improving greatly from SHA1, SHA-256 and above create secure hashes through robust cryptographic algorithms that ensure collision resistance and preimage resistance. They process input data in fixed-size blocks, applying complex mathematical transformations that make it computationally impractical to reverse-engineer the original data from its hash.

Cipher Mode

Cipher Block Chaining - CBC

Grade - D

Cipher Block Chaining (CBC) mode is vulnerable to the Lucky13 and POODLE (in TLS v1.2 and below) attacks. The Lucky13 attack exploits timing discrepancies in padding validation, allowing attackers to gradually reveal plaintext. The POODLE attack leverages padding errors to decrypt ciphertext by repeatedly modifying and sending it to the server, observing the error responses. These vulnerabilities arise from CBC’s handling of padding and error messages, making it less secure than modern encryption modes like Galois Counter Mode (GCM), which offer stronger integrity and confidentiality guarantees.

TLS-DH-DSS-WITH-ARIA-256-CBC-SHA384 Cipher Suite

Key Exchange Mechanism

Diffie Hellman - DH

Grade - B

Authentication

Digital Signature Standard - DSS

Grade - C

Cipher

AEGIS - ARIA

Grade - C

Hash

Secure Hash Algorithm 384 Bit - SHA384

Grade - A

Cipher Mode

Cipher Block Chaining - CBC

Grade - D

Related Posts

What is Data Integrity in Healthcare

Difference Between Audit and Assurance

Data Integration vs Data Migration

Data Redaction vs Data Masking