Score:-2

Will Disabling All Non-256-bit Cipher Suites Cause An Issue?

in flag

I want to disable some risky cipher suites (especially for TLS 1.1 and 1.0) which are 128-bit, in order to achieve a more secure server in Windows. But these cipher suites may be used by some client. They probably use a 256 bit version of some cipher suite. I just want to be sure this won't cause a problem.

Steffen Ullrich avatar
se flag
There is nothing known about the clients which access your server, so it is impossible to say if this would be a problem.
Score:4
jo flag

Its not possible to answer this conclusively.

Generally SSL/TLS negotiates up to the strongest possible cipher and most modern systems of at least the last 5 years will support 256 bit symmetric ciphers.

You have to make a pragmatic decision as to what you want.

You can either choose to speak to less secure clients using 'risky cipher suites' and not block them, or not speak to these clients and cause a problem for them, but become more secure.

Its kind of a mutually exclusive deal.

Only you are in a position to know the SSL clients you speak to. You're going to need to do an analysis or stachostic guess on:

  1. Who you're clients are.
  2. How recent are their SSL clients.
  3. What the actual impact is of not speaking to any blocked clients to your service delivery.

If you want any confidence at all on what impact it might have.

Failing that, if you do not have the time, money or inclination you can just change it and see if you hear any bad news..

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.