The removal of weak ciphersuites requires knowing what software the platform operates on, but since it's not self-hosted, this might be hard to find out.

TLS ciphersuites should only contain AEAD (AES-GCM and ChaCha20-Poly1305) with ECDHE key exchange in the future once self-hosted.
No AES-CBC.

...and of course now the least painful thing to do is build socat against OpenSSL 1.0.2 and pipe things through it. One of these days I'm going to end up porting all the old, shitty ciphersuites back into the modern OpenSSL codebase just to unbreak this sort of thing.

While you're scanning en masse, a fun side quest might be to analyze the TLS configurations to get a breakdown of TLS versions, ciphersuites negotiated, etc. I'm also wondering how common HSTS is. Any patterns would be interesting. I suspect some sites need an upgrade. But which ones?

docs.rs/rustls/lates...

"rustls does not implement CBC MAC-then-encrypt ciphersuites for these reasons. TLSv1.3 removed support for these ciphersuites in 2018."

And it's not the TLS 1.3 single ciphersuite config deal! I set the max TLS version in the tests to 1.2 etc. Part of it is the loop is now over only the supported cipher suites instead a a goto that implicitly let me keep the ordering for the unsupported meta ciphersuites that are used by browsers

💭 Did you know that your web security depends on a Cipher Suite?

SSL/TLS Cipher Suites determine how your data is encrypted and protected online.

Learn more about how it protects your information.

www.ssl2buy.com/cybersecurit...

#ssl2buy #CyberSecurity #SSL #OnlineSecurity #TLS #CipherSuites

crypto-agility and maintaining backward compatibility through the use of ciphersuites. The performance of this approach has been demonstrated using a deployed production infrastructure. [9/9 of https://arxiv.org/abs/2502.17202v1]

To do:
- HSTS Preload*
- Secure HTTP headers*
- Remove weak ciphersuites*
- Prefer ChaCha20-Poly1305*
- Improve Key Exchange*
- Replace cert (no RSA 2048)
- DANE-TLSA

*Might be hard due to setup not being self-hosted at the moment, possibly in the future if project can sustain through donations.

🥷 How XMTP defends against "Harvest Now, Decrypt Later"

Our partners at Cryspen have been working on a post-quantum OpenMLS, & have implemented hybrid ciphersuites that can be dropped in to replace all cryptography with post-quantum algorithms.

This now means no one can HNDL.

每次看到别人是怎么「烂」用加密的都会被气死
说到底用 aes-cbc 本身就不是很合适，更别说搞成这样了（
refer: https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/

Hello @deck.blue Interesting project to port a similar concept of TweetDeck onto here, but would you consider looking at your web security and make improvements if possible?

internet.nl/site/deck.bl...
- IPv6, DNSSEC, Weak TLS ciphersuites & headers.

Others:
hstspreload.org
sslmate.com/caa/about

[Crypto] SSL/TLS, part 2: Toy TLS 1.2 client with TLS_DHE_RSA ciphersuites support.

interestingly this spec doesn't list specific ciphersuites 🤔

Good question! Haven't poked at it. The current blocker is something is reordering ciphersuites somewhere new so my client-side tls.Config's for the testing of Sweet32 mitigation detection (where we couldn't drop affected ciphersuites from clients but could put them last) stopped working.