AnsweredAssumed Answered

Why are poor implementations resulting in a "weak" label for TLS_RSA_WITH_AES_256_GCM_SHA384?

Question asked by Ken Peirce on Mar 5, 2018
Latest reply on Mar 5, 2018 by Rob_T

I would like to understand why Qualys is identifying this SSL ciphersuite as weak: TLS_RSA_WITH_AES_256_GCM_SHA384. I am aware of the Bleichenbacher Weak Oracle attack. There are implementations of the ciphersuite that are weak/deficient and many others that are not. The deficient implementations need to be identified and patched. This is not the same as having an algorithmic design weakness. It is a software bug.