Null Ciphers Supported

NULL ciphers offer no true cryptographic data confidentiality. Instead of secure mathematical algorithms to protect data, null ciphers use predefined blocks of data to obfuscate plain-text. No protection is actually provided by null ciphers and should not be used in production environments where confidentiality is required.

These ciphers should only be used in isolated environments where latency is critical and other protections exist on data streams.

List of NULL Ciphers Suites (IANA and OpenSSL)

Cipher Name (IANA)	Cipher Name (OpenSSL)	Value
TLS_NULL_WITH_NULL_NULL	N/A	0x00,0x00
TLS_RSA_WITH_NULL_MD5	NULL-MD5	0x00,0x01
TLS_RSA_WITH_NULL_SHA	NULL-SHA	0x00,0x02
TLS_PSK_WITH_NULL_SHA	PSK-NULL-SHA	0x00,0x2C
TLS_DHE_PSK_WITH_NULL_SHA	DHE-PSK-NULL-SHA	0x00,0x2D
TLS_RSA_PSK_WITH_NULL_SHA	RSA-PSK-NULL-SHA	0x00,0x2E
TLS_RSA_WITH_NULL_SHA256	NULL-SHA256	0x00,0x3B
TLS_PSK_WITH_NULL_SHA256	N/A	0x00,0xB0
TLS_PSK_WITH_NULL_SHA384	N/A	0x00,0xB1
TLS_DHE_PSK_WITH_NULL_SHA256	N/A	0x00,0xB4
TLS_DHE_PSK_WITH_NULL_SHA384	N/A	0x00,0xB5
TLS_RSA_PSK_WITH_NULL_SHA256	N/A	0x00,0xB8
TLS_RSA_PSK_WITH_NULL_SHA384	N/A	0x00,0xB9
TLS_ECDH_ECDSA_WITH_NULL_SHA	ECDH-ECDSA-NULL-SHA	0xC0,0x01
TLS_ECDHE_ECDSA_WITH_NULL_SHA	ECDHE-ECDSA-NULL-SHA	0xC0,0x06
TLS_ECDH_RSA_WITH_NULL_SHA	ECDH-RSA-NULL-SHA	0xC0,0x0B
TLS_ECDHE_RSA_WITH_NULL_SHA	ECDHE-RSA-NULL-SHA	0xC0,0x10
TLS_ECDH_anon_WITH_NULL_SHA	AECDH-NULL-SHA	0xC0,0x15
TLS_ECDHE_PSK_WITH_NULL_SHA	ECDHE-PSK-NULL-SHA	0xC0,0x39
TLS_ECDHE_PSK_WITH_NULL_SHA256	ECDHE-PSK-NULL-SHA256	0xC0,0x3A
TLS_ECDHE_PSK_WITH_NULL_SHA384	ECDHE-PSK-NULL-SHA384	0xC0,0x3B

Remediation

Virtue Security recommends that NULL ciphers are explicitly disabled. Additionally, support of NULL cipher suites often highlights a more severe problem of software which is significantly out of date which poses a broader systemic risk to the organization.