Weak Cipher Suites: What They Are and How to Fix Them
Which cipher suites are considered weak?
| Algorithm | Status | Why It Is Weak |
|---|---|---|
| RC4 | Broken | Statistical biases allow plaintext recovery; prohibited by RFC 7465 |
| DES | Broken | 56-bit key crackable in hours with modern hardware |
| 3DES | Deprecated | SWEET32 attack exploits 64-bit block size; retired by NIST in 2023 |
| Export ciphers | Broken | Deliberately weakened encryption (40-bit or 56-bit keys); exploited by FREAK and Logjam |
| MD5 | Broken | Collision attacks demonstrated; unsuitable for any cryptographic purpose |
| SHA-1 | Deprecated | Collision attacks practical since 2017; deprecated for TLS certificates |
| Static RSA | Weak | No forward secrecy - compromised server key decrypts all past traffic |
| NULL encryption | None | No encryption at all; data transmitted in plaintext |
What are strong cipher suites to use instead?
Recommended TLS 1.3 cipher suites (all are strong by default):
TLS_AES_256_GCM_SHA384TLS_CHACHA20_POLY1305_SHA256TLS_AES_128_GCM_SHA256
Recommended TLS 1.2 cipher suites:
ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-RSA-AES256-GCM-SHA384ECDHE-ECDSA-CHACHA20-POLY1305ECDHE-RSA-CHACHA20-POLY1305ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-RSA-AES128-GCM-SHA256
Nginx configuration:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;How do you test your server’s cipher suite configuration?
testssl.sh (comprehensive, local):
testssl.sh --cipher-per-proto example.comThis reports every cipher suite supported by the server, grouped by protocol version, with colour-coded severity ratings.
SSL Labs (web-based, quick):
Navigate to ssllabs.com/ssltest and enter your domain. The test takes 1-2 minutes and produces a detailed report with an overall grade (A+ to F) including cipher suite analysis.
Nmap (targeted):
nmap --script ssl-enum-ciphers -p 443 example.comAfter testing, verify that only the recommended cipher suites are present and that no weak algorithms appear in the results.
How SurfaceLoop handles this
SurfaceLoop checks TLS configuration across all your domains and subdomains, including cipher suite analysis. It identifies servers supporting weak ciphers, deprecated protocol versions, and missing forward secrecy - and alerts when configuration changes introduce new weaknesses.
See TLS & Certificates feature →Frequently asked questions
- What is a cipher suite? +
- A cipher suite is a set of cryptographic algorithms used to secure a TLS connection. It specifies the key exchange method, authentication algorithm, bulk encryption cipher, and message authentication code. For example, TLS_AES_256_GCM_SHA384 uses AES-256 for encryption and SHA-384 for message authentication.
- How do I check which cipher suites my server supports? +
- Use tools like testssl.sh, SSL Labs (ssllabs.com/ssltest), or the nmap ssl-enum-ciphers script. These tools connect to your server and negotiate every supported cipher suite, reporting which are strong, which are weak, and which protocol versions are enabled.
- Which cipher suites should I disable? +
- Disable all cipher suites using RC4, DES, 3DES, MD5, SHA-1 for authentication, export-grade ciphers, and any cipher suite without forward secrecy. In practice, disable everything except TLS 1.2 cipher suites with AEAD (AES-GCM, ChaCha20-Poly1305) and all TLS 1.3 cipher suites.
- Will disabling weak cipher suites break compatibility? +
- Disabling SSLv3 and TLS 1.0/1.1 may break access for very old clients (Internet Explorer on Windows XP, Android 4.x). In 2026, these clients represent a negligible percentage of traffic. All modern browsers, operating systems, and API clients support TLS 1.2 and 1.3 with strong cipher suites.
Get SurfaceLoop security briefings
No spam, just findings that matter. Fortnightly.