AnsweredAssumed Answered

Robot Attack -

Question asked by Mike Tarkowski on May 15, 2018
Latest reply on May 15, 2018 by Bhushan Lokhande

Using your excellent site SSL Server Test (Powered by Qualys SSL Labs)  for checking if a site is vulnerable to the Robot Attack vulnerability.  The following information is returned - "ROBOT (vulnerability) No", but the following list of TLS_RSA cipher suites as supported.  I was under the impression all TLS_RSA cipher suites needed to be removed in order to claim the site was no longer vulnerable to Robot Attack.  Are there different levels of adherence?  Any clarification would be appreciated.

 

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112

Outcomes