This is a difficult question to answer, because things aren't as simple
as "secure" or "not secure". Instead, there's a wide spectrum of
varying degrees of ease of cracking the cryptography.
To put it another way: It's not all black or white, there are many
shades of gray in between.
My opinion: This cipher uses an RSA non-ephemeral key exchange, and has
a 128-bit key. 128-bit key is relatively weak by today's standards, and
once broken the entire conversation will be completely visible to the
attacker. I would not call this secure by today's standards.
By contrast, if you used a Diffie-Hellman ephemeral (DHE) key exchange,
and the key is compromised, they'll only be able to see a part of the
conversation because the key will change periodically. So this is more
secure. Even better would be to use a 256 bit key.
But, it really depends on how big of a risk you're willing to take, how
crucial your data is, etc.
I wonder why you don't just use a stronger cipher and be done with it?
On 1/27/2022 1:56 PM, Steinmetz, Paul via MIDRANGE-L wrote:
IBM is stating that TLS 1.2 cipher RSA_AES_128_GCM_SHA256 is safe and secure, can be used.
According to site ciphersuite.info it is weak, should be removed.
https://ciphersuite.info/search/?q=RSA_AES_128_GCM_SHA256
One of our main apps uses this cipher.
Our IT folks are asking I remove it, IBM states its ok.
How does one deal with conflicting statements regarding ciphers?
Paul
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
