Disable support for static key cipher suites

I have a requirement to disable in the windows 7 computers of the company the support for static key cipher suites.

I have searched and found that this registry key, holds the allowed cipher suites, in a value called Functions.

HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL010002 

I have searched about how to identify the static suites in order to remove them from the list. but I haven’t found anything.

My question is what I need to search in the ciphers string, to remove the support for static keys.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA25,…..

Caesar Cipher in C++

So I am pretty new to programming, trying to teach myself C++. I thought I would try to create a program based on the Caesar Cipher. The program I have will work fine as long as there are no spaces in the message I enter. So essentially I can encrypt a single word, but not a sentence. The program crashes on me if I try to input more than one word. How would I go about encrypting a sentence? Been working on this for a little while now to try and figure it out myself, but have yet to make progress on encrypting or decrypting more than a single word. Here is my code:

#include <iostream> #include <string> using namespace std; int main() {  string mess; char typ,rep; int rot, s; cout << "Welcome to Caesar Cipher!"; for (int x = 0; x < 1000; x++) {     cout << "Would you like to [E]ncrypt or [D]ecrypt: ";     cin >> typ;     switch(typ) {     case 'E':     case 'e':         cout << "Enter the message you would like to encrypt: ";         cin >> mess;         cout << "Enter rot #: ";         cin >> rot;         s = mess.size();         for (int c = 0; c < s; c++) {             mess[c] = mess[c] + rot;         }         cout << "New message is: " << mess << endl;         break;     case 'D':     case 'd':         cout << "Enter the message you would like to decrypt: ";         cin >> mess;         for (int ct = 0; ct < s; ct++) {             mess[ct] = mess[ct] - rot;         }         cout << "New message is: " << mess << endl;         break;     default:         cout << "Not a valid option!" << endl;         break;     }     cout << "Repeat? [Y]es or [N]o: ";     cin >> rep;     if (rep == 'Y' || rep == 'y')         x += 1;     else         x += 1000; }  return 0; } 

ServerHello selecting unavailable cipher suite

I am migrating a legacy Java application from OracleJDK to OpenJDK (Redhat distribution). This application makes a connection to the RabbitMQ server using the client certificate. The TLS connection (with 1.2 protocol) works fine with OracleJDK. However with OpenJDK connection is failing. With TLS 1.1 I am able to connect. If I see the handshake messages exchanged, incase of OracleJDK selected cipher suite is TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 which is present in the list of cipher suites proposed in the ClientHello message. But with OpenJDK server is selecting TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 suite which is not present in the client hello message. I believe because of this, connection fails. Is there a reason for server to select the cipher suite which is not present in client hello?

Note: Both client and server are running on hardended Windows Server 2012 with FIPS enabled.

What is the default cipher for SSL connections in Azure for MariaDB?

According to Microsoft’s Documentation, Azure should be configured to use SSL for connections.

In regards to default settings, they state the following:

By default, the database service should be configured to require SSL connections when connecting to MariaDB. We recommend to avoid disabling the SSL option whenever possible.

When provisioning a new Azure Database for MariaDB server through the Azure portal and CLI, enforcement of SSL connections is enabled by default.

Which ciphers are used by default? The documentation does not mention it.

What is the default cipher for SSL connections in Azure for MariaDB?

According to Microsoft’s Documentation, Azure should be configured to use SSL for connections.

In regards to default settings, they state the following:

By default, the database service should be configured to require SSL connections when connecting to MariaDB. We recommend to avoid disabling the SSL option whenever possible.

When provisioning a new Azure Database for MariaDB server through the Azure portal and CLI, enforcement of SSL connections is enabled by default.

Which ciphers are used by default? The documentation does not mention it.

How Asymmetric algorithm’s cipher text can be rerandomized without knowldge of secret key?

As public key algorithm Elgamal’s cipher text can be re-encrypted using its homomorphic property and can be used in many application i,e Mixnets.

I want some other public key algorithm can behave similarly such that we can re-encrypted/re-randomized cipher text of these algorithm without knowledge of secret key. Is there similar methodology can be applied to other asymmetric encryption algorithm like RSA, Diffie-Hellman key exchange etc?

How do I know which cipher suites can be disabled?

I have just performed a test via SSLlabs.com and I’m apparently supporting some weaker ciphers. I’ve managed to improve several settings (like CAA), but I’m getting stuck at the ciphers.
I’ve been looking around a bit, but can’t really find a method to determine which can be disabled, and which should remain allowed.

Is there a method I can apply, or some check, or a list of current smart config? I’m assuming I can’t just turn of all ciphers marked ‘weak’ if I want at least a mayority support (It’s a private server for some small projects, you may assume modern hard-/software accesses it).


If it helps, this is the list:

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)          ECDH x25519 (eq. 3072 bits RSA)   FS            128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)          ECDH x25519 (eq. 3072 bits RSA)   FS            256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)              DH 2048 bits   FS                               128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)              DH 2048 bits   FS                               256  // All below are weak TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)              DH 2048 bits   FS   WEAK                        128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)                 DH 2048 bits   FS   WEAK                        128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)              DH 2048 bits   FS   WEAK                        256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)                 DH 2048 bits   FS   WEAK                        256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK                                                           128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK                                                           256 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK                                                           128 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK                                                           256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK                                                              128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK                                                              256 

Determine if cipher suite is weak

I’m wondering if there is a way I can determine if a cipher suite is weak using python code. For example given this cipher suite as input: TLS_RSA_WITH_AES_256_CBC_SHA I would want my code to return the fact that it’s bad because there is no forward secrecy. I’m not asking for python code, I’m just wondering if anyone knows of any good resources that I can use in order to do this (i.e an API call that can give me the score of the cipher suite and reason for scoring)

Thanks!