Null Cipher Vulnerability

The Null Cipher is data that is supposed to be encrypted, but in reality it is not.


What is Null Cipher?

The Null Cipher means it does not perform any encryption. That is, it simply copies the input stream to the output stream without any changes.


How does Null Cipher occur?

When a client application attempts to communicate to a server using SSL, both parties will usually negotiate to find a commonly supported encryption algorithm to be used for transmitting the data. If they do not support any common cipher suites, then it would fall back to the Null Cipher, causing plain text data to be sent.



If the communication is taken place outside a private network and in a non-secure network environment, then attackers can exploit the issue to obtain sensitive information that may aid in further attacks.


How to know if a server may suffer the Null Cipher vulnerability?

You can use the openssl to confirm if a server supports Null Cipher.


For example, the following command attempted to connect to using the Null Cipher encryption, and received an error. It proved that the site does not support Null Cipher encryption.

openssl s_client -connect -cipher NULL
Loading 'screen' into random state - done
4728:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:.\ssl\s23_clnt.c:562:


Similarly, you can use the openssl to test your server. If you get a similar error, that means the communication cannot be established using Null Cipher encryption. Otherwise, your server may be at risk.

You can even use the openssl to confirm if a server supports LOW strength encryption, e.g.

openssl s_client -connect -cipher LOW
Loading 'screen' into random state - done
5660:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:.\ssl\s23_clnt.c:562:



For more information about openssl, please follow this link