**You are configuring the cipher suites for a web server that supports TLS 1.2. Which of the following can provide the highest level of security? (Wentz QOTD)**A. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

B. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

C. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

D. TLS_RSA_WITH_AES_256_GCM_SHA384

**Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.**

My suggested answer is A. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

Wentz’s book, *The Effective CISSP: Security and Risk Management*, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

## Cipher Suite

A cipher suite is a set of cryptographic algorithms, which can be expressed in a single string as follows:

Key exchange | Authentication | Block/stream ciphers | Message authentication |
---|---|---|---|

RSA | RSA | RC4 | Hash-based MD5 |

Diffie–Hellman | DSA | Triple DES | SHA hash function |

ECDH | ECDSA | AES | |

SRP | IDEA | ||

PSK | DES |

## Diffie-Hellman (DH)

Diffie-Hellman (DH) is “one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.” (Wikipedia)

“**Ephemeral Diffie-Hellman** (DHE in the context of TLS) differs from the **static Diffie-Hellman** (DH) in the way that static Diffie-Hellman key exchanges always use the same Diffie-Hellman private keys. So, each time the same parties do a DH key exchange, they end up with the same shared secret.” (mbed)

## ECDHE vs RSA

Elliptic-Curve Diffie-Hellman (ECDH) is a variant of the Diffie-Hellman protocol using elliptic curve cryptography. ECDHE is a version of ECDHE that uses ephemeral public keys and provides forward secrecy (FS).

Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel.

The public keys are either static (and trusted, say via a certificate) or ephemeral (also known as ECDHE, where final ‘E’ stands for “ephemeral”). Ephemeral keys are temporary and not necessarily authenticated, so if authentication is desired, authenticity assurances must be obtained by other means.

Source: Wikipedia

## Forward Secrecy (FS)

**Forward secrecy** means that “if the long-term private key of the server gets leaked, past communication is still secure.” (mbed) However, RSA doesn’t provides forward secrecy. If a server’s private key is stolen, all connections in the past would be vulnerable.

## AES-128 vs AES-256

Even though AES-256 provides higher level of protection than AES-128. However, AES-128 provides adequate security; it is still quite effective till 2030 or beyand as the following table shows:

## CBC vs GCM

AES in CBC mode is subject to the attacks, e.g., BEAST and Lucky-13 (both attack CBC-based ciphers). AES in GCM (Galois/Counter Mode) is much stronger than AES in CBC mode. (CloudFlare)

## Secure Hash Algorithms

SHA-0 has an undisclosed “significant flaw. “SHA-1 has been proven to be insecure as of 2017.” (ciphersuite)

The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS).

SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name “SHA”. It was withdrawn shortly after publication due to an undisclosed “significant flaw” and replaced by the slightly revised version SHA-1.

SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.

Source:Wikipedia

# Reference

- Cipher suite
- Cipher Suites in TLS/SSL (Schannel SSP)
- Get-TlsCipherSuite
- How to check the SSL/TLS Cipher Suites in Linux and Windows
- Configure the Cipher Suites
- How do I know which cipher suites can be disabled?
- RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
- What is ECDHE-RSA?
- Elliptic-curve Diffie–Hellman
- Staying on top of TLS attacks
- Why use Ephemeral Diffie-Hellman
- Elliptic-curve Diffie–Hellman
- Insecure Cipher Suite

**您正在為支持 TLS 1.2 的 Web 服務器配置密碼套件(cipher suites)。 以下哪項可以提供最高級別的安全性？ (Wentz QOTD)**

A. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

B. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

C. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

D. TLS_RSA_WITH_AES_256_GCM_SHA384