Project

General

Profile

Is Grease a Vulnerabilty?

Added by Raven Nine about 1 month ago

When I check howsmyssl.com it reports that my browser says it supports the following cipher suits;

Given Cipher Suites
The cipher suites your client said it supports, in the order it sent them, are:

TLS_GREASE_IS_THE_WORD_1A
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

I have not seen that grease one before do you know what that is?


Replies (2)

RE: Is Grease a Vulnerabilty? - Added by Soren Stoutner about 1 month ago

I don't know enough about it to comment on the security thereof, but GREASE is a proposed TLS extension.

https://datatracker.ietf.org/doc/html/draft-davidben-tls-grease-01

https://github.com/ssllabs/ssllabs-scan/issues/440

    (1-2/2)