Layla Benmusa Q&A Obsolete encryption.

Can you give your advise on the use of obsolete encryption protocols?

Any encryption protools, that are rendered redundant, by official bodies, should be phased out, as soon as it is feasible to do so.

What are the risk’s of not phasing out obsolete encryption protocols?

If you, are tasked with protecting sensitive, or confidential data, then I see it fundamentally vital, to ensure that you only use protocols that offer adequate and security.

Can you explain what vulnerabilities if any surround the use of obsolete protocols?

There are plenty, but to keep it short, you are most likely to be at risk of man in the middle attacks, and this poses a serious risk, due to confidential data crossing the network, that a malicious adversary, could attempt to intercept.

What encryption protools do you recommended to use?

I would only recommended, the usage of TLS1.2 or TLS.1.3. If you happened to use TLS1.1 SSL 3.0, TLS1.0,TLS1.1 or any other lower version of the TLS protocol my recommendations is to phase it out as soon as it is feasible to do so.

What are your final thoughts on the topic discussed?

I would, always, ensure you are using the most up to date technology, that is in-keeping with industry standards, and that if you are using a less secure protocol, that you at minimum, allow only ciphers that proffer the highest level of security, and disable anyones that don’t.