Encryption

Null Ciphers Supported

our services

NULL ciphers offer no true cryptographic data confidentiality. Instead of secure mathematical algorithms to protect data, null ciphers use predefined blocks of data to obfuscate plain-text. No protection is actually provided by null ciphers and should not be used in production environments where confidentiality is required.

These ciphers should only be used in isolated environments where latency is critical and other protections exist on data streams.

List of NULL Ciphers Suites (IANA and OpenSSL)

Cipher Name (IANA) Cipher Name (OpenSSL) Value
TLS_NULL_WITH_NULL_NULL N/A 0x00,0x00
TLS_RSA_WITH_NULL_MD5 NULL-MD5 0x00,0x01
TLS_RSA_WITH_NULL_SHA NULL-SHA 0x00,0x02
TLS_PSK_WITH_NULL_SHA PSK-NULL-SHA 0x00,0x2C
TLS_DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA 0x00,0x2D
TLS_RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA 0x00,0x2E
TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 0x00,0x3B
TLS_PSK_WITH_NULL_SHA256 N/A 0x00,0xB0
TLS_PSK_WITH_NULL_SHA384 N/A 0x00,0xB1
TLS_DHE_PSK_WITH_NULL_SHA256 N/A 0x00,0xB4
TLS_DHE_PSK_WITH_NULL_SHA384 N/A 0x00,0xB5
TLS_RSA_PSK_WITH_NULL_SHA256 N/A 0x00,0xB8
TLS_RSA_PSK_WITH_NULL_SHA384 N/A 0x00,0xB9
TLS_ECDH_ECDSA_WITH_NULL_SHA ECDH-ECDSA-NULL-SHA 0xC0,0x01
TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA 0xC0,0x06
TLS_ECDH_RSA_WITH_NULL_SHA ECDH-RSA-NULL-SHA 0xC0,0x0B
TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA 0xC0,0x10
TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA 0xC0,0x15
TLS_ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA 0xC0,0x39
TLS_ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256 0xC0,0x3A
TLS_ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384 0xC0,0x3B

Remediation

Virtue Security recommends that NULL ciphers are explicitly disabled. Additionally, support of NULL cipher suites often highlights a more severe problem of software which is significantly out of date which poses a broader systemic risk to the organization.

We
Are
Changing
The
Way
Pentesting
Is
Done
  • Application
  • Network
  • Mobile
  • AWS