Back to search

TLS/SSL Server Supports Weak Cipher Algorithms

Severity CVSS Published Added Modified
6 (AV:N/AC:M/Au:N/C:P/I:P/A:N) December 31, 1995 February 11, 2009 September 30, 2014


The TLS/SSL server supports cipher suites based on weak algorithms. This may enable an attacker to launch man-in-the-middle attacks and monitor or tamper with sensitive data. In general, the following ciphers are considered weak:

  • So called "null" ciphers, because they do not encrypt data.
  • Export ciphers using secret key lengths restricted to 40 bits. This is usually indicated by the word EXP/EXPORT in the name of the cipher suite.
  • Obsolete encryption algorithms with secret key lengths considered short by today's standards, eg. DES or RC4 with 56-bit keys.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now