none
How to enable weak cipher suite, TLS_RSA_WITH_DES_CBC_SHA, RSA 512 bit key RRS feed

  • Question

  • Hello sir,

    The web server only supports SSL certificate cipher suite TLS_RSA_WITH_DES_CBC_SHA(0x0009), as well as only RSA 512 bit unsafe key.

    According to https://support.microsoft.com/ko-kr/help/2661254/microsoft-security-advisory-update-for-minimum-certificate-key-length, I added registry key, Chain\minRSAPubKeyBitLength is 512 decimal, and modify list data value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\0001002\Functions which are added "TLS_RSA_WITH_DES_CBC_SHA" and deleted "TLS_RSA_WITH_NULL_xxx".

    (https://answers.microsoft.com/ko-kr/ie/forum/ie11-windows_7/ssltls-%eb%82%ae%ec%9d%80/b6ab0f86-5c15-4b31-b104-f3026f670263?tm=1502702598816)

    As you see above screen shot, one client PC is good on hand shaking process of TLSv1 especially sending "Client Key Exchange, Change Cipher Spec, Finished" TLS packets well.

    Despite same config, the other client PC is, on the contrary, bad on TLS connection. This client PC missed "Client Key Exchange, Change Cipher Spec, Finished" TLS packets sending next "Server Hello Done" packet.

    Two client PC is same os windows 7, and same browser ie8, of course.

    How can I solve this problem.....I appreciate your help.


    Monday, August 14, 2017 10:21 AM