Pale Moon forum

1. These tests will mark all "CBC" ciphers as "weak" because there have been several attacks against this class of ciphers. IMHO this is both generalizing and incorrect. They are not weak ciphers just because they have a -potential- of getting more of a similar class of attacks launched against them (each of which was easily countered), and even more so they are not insecure. Note that insecure ciphers in Qualys' interface will be marked as such (in red and with the term INSECURE, for e.g. RC4).
   In addition, they mark ciphers with a SHA-1 HMAC as "weak" which is actually kind of silly. While SHA-1 might not be strong enough for signatures, there is no problem using it for HMAC.
   HMAC can be secure even when the underlying hash function is not collision resistant.
   Intuitively, it makes sense that HMAC is secure as a MAC even with SHA-1, because a MAC does not allow a collision search. The only way to find the key would be to compromise the preimage resistance of SHA-1. HMAC in turn prevents length extension attacks and the like that would allow a forgery without knowing the key.
   As an aside, even HMAC-MD5 hasn't been broken.
2. The browser is a web client, which must maintain the broadest acceptable collection of cipher suites to prevent connectivity issues with sites that have "less than perfect" (according to the security community) scores for their https setups. While you personally might not have run into sites that would break by disabling all CBC ciphers, there are plenty of them out there. Unless the cipher suites involved become actually insecure (and not just "weak") or involving an unacceptable risk for secure connections, they should not be disabled by default in a client.

Sampei Nihira wrote: ↑

2019-07-17, 18:44

I know well that the website is secure.
Not only do I know the Director, but I have worked with him in the past on safety issues.