1. [JA3 Fingerprint](https://scrapfly.io/web-scraping-tools/ja3-fingerprint)
2. [ Cipher Suites ](https://scrapfly.io/web-scraping-tools/ja3-fingerprint/cipher-suites "Browse all TLS Cipher Suites")
3. TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA
 
   [  Browse All Cipher Suites ](https://scrapfly.io/web-scraping-tools/ja3-fingerprint/cipher-suites) 

 # TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA

 TLS 1.0, TLS 1.1, TLS 1.2 | 128-bit + Forward Secrecy (CBC weak) Not Recommended

 

### Cipher Suite Details



Cipher Suite Name

`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`

 

Hex Value

`0xC013`

 

Decimal Code

`49171`

 

TLS Version

TLS 1.0, TLS 1.1, TLS 1.2

 

Security Level

128-bit + Forward Secrecy (CBC weak)

 

Recommended

  No 

 

 

 

### What is TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA?



TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA pairs ECDHE key exchange (with forward secrecy) and RSA authentication with AES-128 in CBC mode using SHA-1 HMAC. While ECDHE keeps past traffic safe even if the server private key leaks, the CBC mode and SHA-1 MAC make this suite vulnerable to padding-oracle (BEAST, Lucky 13) and length-extension issues, and SHA-1 is cryptographically broken for collision resistance. It is widely deprecated and disabled in TLS 1.3, but remains in fallback paths for legacy clients. Not recommended for new deployments.



 

### Role in JA3 Fingerprinting



The **TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA** cipher suite is part of the TLS Client Hello that JA3 analyzes. Cipher suite order and selection are key indicators of browser type and version.

**JA3 Format:** `TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS`

Different browsers prioritize different cipher suites (Chrome prefers ChaCha20 on mobile, Firefox prioritizes AES-GCM, etc.), making cipher suite ordering a reliable fingerprint.

 

 

 

### Test Your Cipher Suites



 [  View Your JA3 Fingerprint ](https://scrapfly.io/web-scraping-tools/ja3-fingerprint) 

See which cipher suites your browser advertises, including TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA.

 

### Technical References



- [RFC 4492 - Cipher Suite Specification ](https://datatracker.ietf.org/doc/html/rfc4492)
- [ciphersuite.info - TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA ](https://ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA/)
- [IANA TLS Cipher Suites Registry ](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4)