TLSv1.2 with SHA1?

I'm sure there is a simple answer for this, but how do I use TLSv1.2 with non-TLSv1.2 sets? For example, does this link show that the connection uses TLS 1.2, but uses AES_256_CBC_SHA? I thought all TLSv1.2 should be SHA256 or higher?

And, paypal home shows "Connection is using TLS 1.2", but the chosen cipher is RSA_128_RC4_SHA ???

Am I missing something? (All info using google chrome)

Can't post a screenshot of my capture because I don't have at least 10 reputation ??? WTF


source to share

2 answers

TLS 1.2 still supports all previously developed versions of SSL / TLS encryption, which include insecure ciphers using RC4, all EXPORT ciphers, etc. But it also defines some new ciphers such as GCM ciphers and various ciphers using SHA384 as HMAC.

I thought all TLSv1.2 should be SHA256 or higher

No, and you are probably confusing this with the deprecated SHA-1 as the signature algorithm for certificates. This rejection is independent of TLS itself, although certificates are commonly used in connection with TLS. And using SHA-1 or even MD5 as the HMAC for ciphers is still considered safe since the security prerequisites required for HMAC and certificate signing are different.

Also, the best forum for such questions would be



If you look at Chrome's output, it should be said that it is SHA1

used to authenticate messages, which is not really part of encryption. A quick Googles search reveals what SHA1

is still acceptable MAC

for TLSv1.2:



All Articles