ssl web server allows insecure single-DES
|Reported by:||zooko||Owned by:||zooko|
This service to analyze your SSL server for you:
Cipher Suites (sorted by strength; we could not determine if server has a preference) TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
That means that the server will go ahead and do single-DES with a 56-bit key as its cipher. One particular reason not to allow single-DES is the possibility of "downgrade attacks" where the server prefers a strong cipher, and the client prefers a strong cipher but an attacker tricks the two of them into agreeing on a weak cipher. Better not to allow weak ciphers at all.
I looked for an API to control the cipher selection, but didn't find one. I looked in documents/current/api/twisted.internet.ssl.CertificateOptions.html, for example.