AnsweredAssumed Answered

256 SHA1 vs 128 SHA256

Question asked by Rob_T on Feb 4, 2014
Latest reply on Feb 5, 2014 by Ivan Ristić

Hi Ivan,


due most browsers supports

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) [TLS 1.0-1.2]  

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) [TLS 1.2 only]  

but not

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) [TLS 1.2 only]



i have two questions


1) IMHO, this cipher below protect against beast (server side) if it is used in comination with TLS 1.2, right ?

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) [TLS 1.0-1.2] 

So no "TLS 1.2 only" cbc cipher is needed to be beast aware (server side), right ?



due to lack of support for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

what do you think should have a higher weight from security view ?

CBC Chipher Strength 256 but with SHA1 or

CBC Chipher Strength 128 but with SHA256