-
Notifications
You must be signed in to change notification settings - Fork 33
Schannel client side support in legacy OSes
Vladimir Vissoultchev edited this page Jul 27, 2022
·
3 revisions
Cipher suites are listed in order of preference.
Most connections to hosts which still support TLS 1.0 are able to negotiate TLS_RSA_WITH_3DES_EDE_CBC_SHA only.
| Name | Code |
|---|---|
| TLS_RSA_WITH_RC4_128_MD5 | 0x04 |
| TLS_RSA_WITH_RC4_128_SHA | 0x05 |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | 0x0A |
| TLS_RSA_WITH_DES_CBC_SHA | 0x09 |
| TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | 0x64 |
| TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | 0x62 |
| TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 0x03 |
| TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 0x06 |
| Name | Code |
|---|---|
| TLS_RSA_WITH_RC4_128_MD5 | 0x04 |
| TLS_RSA_WITH_RC4_128_SHA | 0x05 |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | 0x0A |
| TLS_RSA_WITH_DES_CBC_SHA | 0x09 |
| TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | 0x64 |
| TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | 0x62 |
| TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 0x03 |
| TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 0x06 |
| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | 0x13 |
| TLS_DHE_DSS_WITH_DES_CBC_SHA | 0x12 |
| TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA | 0x63 |
| Name | Verdict | Strength |
|---|---|---|
| TLS_RSA_WITH_RC4_128_MD5 (0x4) | INSECURE | 128 |
| TLS_RSA_WITH_RC4_128_SHA (0x5) | INSECURE | 128 |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) | WEAK | 112 |
| TLS_RSA_WITH_DES_CBC_SHA (0x9) | INSECURE | 56 |
| TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64) | INSECURE | 56 |
| TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62) | INSECURE | 56 |
| TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) | INSECURE | 40 |
| TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) | INSECURE | 40 |
| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13) | WEAK | 112 |
| TLS_DHE_DSS_WITH_DES_CBC_SHA (0x12) | INSECURE | 56 |
| TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x63) | INSECURE | 56 |
| Name | Verdict | Strength |
|---|---|---|
| TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) | WEAK | 256 |
| TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) | WEAK | 128 |
| TLS_RSA_WITH_AES_256_CBC_SHA (0x35) | WEAK | 256 |
| TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) | WEAK | 128 |
| TLS_RSA_WITH_RC4_128_MD5 (0x4) | INSECURE | 128 |
| TLS_RSA_WITH_RC4_128_SHA (0x5) | INSECURE | 128 |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) | WEAK | 112 |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a) | WEAK | 256 |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40) | WEAK | 128 |
| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13) | WEAK | 112 |