Drag

Jump to

Stay tuned for
more insights

NULL ciphers offer no true cryptographic data confidentiality. Instead of secure mathematical algorithms to protect data, null ciphers use predefined blocks of data to obfuscate plain-text. No protection is actually provided by null ciphers and should not be used in production environments where confidentiality is required.

These ciphers should only be used in isolated environments where latency is critical and other protections exist on data streams.

List of NULL Ciphers Suites (IANA and OpenSSL)

Cipher Name (IANA)Cipher Name (OpenSSL)Value
TLS_NULL_WITH_NULL_NULLN/A0x00,0x00
TLS_RSA_WITH_NULL_MD5NULL-MD50x00,0x01
TLS_RSA_WITH_NULL_SHANULL-SHA0x00,0x02
TLS_PSK_WITH_NULL_SHAPSK-NULL-SHA0x00,0x2C
TLS_DHE_PSK_WITH_NULL_SHADHE-PSK-NULL-SHA0x00,0x2D
TLS_RSA_PSK_WITH_NULL_SHARSA-PSK-NULL-SHA0x00,0x2E
TLS_RSA_WITH_NULL_SHA256NULL-SHA2560x00,0x3B
TLS_PSK_WITH_NULL_SHA256N/A0x00,0xB0
TLS_PSK_WITH_NULL_SHA384N/A0x00,0xB1
TLS_DHE_PSK_WITH_NULL_SHA256N/A0x00,0xB4
TLS_DHE_PSK_WITH_NULL_SHA384N/A0x00,0xB5
TLS_RSA_PSK_WITH_NULL_SHA256N/A0x00,0xB8
TLS_RSA_PSK_WITH_NULL_SHA384N/A0x00,0xB9
TLS_ECDH_ECDSA_WITH_NULL_SHAECDH-ECDSA-NULL-SHA0xC0,0x01
TLS_ECDHE_ECDSA_WITH_NULL_SHAECDHE-ECDSA-NULL-SHA0xC0,0x06
TLS_ECDH_RSA_WITH_NULL_SHAECDH-RSA-NULL-SHA0xC0,0x0B
TLS_ECDHE_RSA_WITH_NULL_SHAECDHE-RSA-NULL-SHA0xC0,0x10
TLS_ECDH_anon_WITH_NULL_SHAAECDH-NULL-SHA0xC0,0x15
TLS_ECDHE_PSK_WITH_NULL_SHAECDHE-PSK-NULL-SHA0xC0,0x39
TLS_ECDHE_PSK_WITH_NULL_SHA256ECDHE-PSK-NULL-SHA2560xC0,0x3A
TLS_ECDHE_PSK_WITH_NULL_SHA384ECDHE-PSK-NULL-SHA3840xC0,0x3B

Remediation

Virtue Security recommends that NULL ciphers are explicitly disabled. Additionally, support of NULL cipher suites often highlights a more severe problem of software which is significantly out of date which poses a broader systemic risk to the organization.