TLSv1.2 with SHA1?
I'm sure there is a simple answer for this, but how do I use TLSv1.2 with non-TLSv1.2 sets? For example, does this link show that the connection uses TLS 1.2, but uses AES_256_CBC_SHA? I thought all TLSv1.2 should be SHA256 or higher?
And, paypal home shows "Connection is using TLS 1.2", but the chosen cipher is RSA_128_RC4_SHA ???
Am I missing something? (All info using google chrome)
Can't post a screenshot of my capture because I don't have at least 10 reputation ??? WTF
source to share
TLS 1.2 still supports all previously developed versions of SSL / TLS encryption, which include insecure ciphers using RC4, all EXPORT ciphers, etc. But it also defines some new ciphers such as GCM ciphers and various ciphers using SHA384 as HMAC.
I thought all TLSv1.2 should be SHA256 or higher
No, and you are probably confusing this with the deprecated SHA-1 as the signature algorithm for certificates. This rejection is independent of TLS itself, although certificates are commonly used in connection with TLS. And using SHA-1 or even MD5 as the HMAC for ciphers is still considered safe since the security prerequisites required for HMAC and certificate signing are different.
Also, the best forum for such questions would be security.stackexchange.com.
source to share
If you look at Chrome's output, it should be said that it is SHA1
used to authenticate messages, which is not really part of encryption. A quick Googles search reveals what SHA1
is still acceptable MAC
for TLSv1.2: http://en.wikipedia.org/wiki/Transport_Layer_Security#Data_integrity
source to share