Author: HollyGraceful Published: 25 October 2022 Last Updated: 03 November 2022
The use of Cipher Block Chaining (CBC) mode ciphers is “discouraged”. This term is used as these cipher suites have not been formally deprecated but have effectively been superseded. For example, later version of Transport Layer Security support more secure cipher mode options such as Galois/Counter Mode (GCM) ciphers. Additionally, CBC-mode ciphers have had a series of vulnerabilities such as Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE.
This combination of several previous vulnerabilities and more secure alternatives being available has resulted in a number of security professionals discouraging the use of CBC-mode ciphers where possible and marking them as weak.
It is recommended that:
- All CBC-mode ciphers are disabled in favour of more secure alternatives such as GCM-mode and CCM-mode ciphers.