SHA-1 Hashing and Old Cipher Suites

While the Battle.net app does use TLS 1.2, when you actually make connections to battle.net, the connections themselves are using antiquated hashing algorithms. After starting the battle.net client and connecting, I used Wireshark to find that the app itself was attempting to communicate with 137.221.105.152 - A Blizzard server. If I disable Sha 1 on my system or disable TLS_RSA_WITH_AES_256_CBC_SHA I can no longer connect to battle.net. Blizzard is using vulnerable encryption algorithms as a requirement to connect to battle.net. Firstly, SHA 1 is no longer safe to use. Secondly, pick a better cipher suite for your services. While Microsoft may include them by default in Windows, they consider it up to the end user to secure their communications. I normally only use 4 cipher suites that use GCM and forward secrecy with the SHA-1 hashing disabled (this is different for certificate signatures and SHA-1 is just fine for that). Before I can connect to Battle.net I have to enable vulnerable algorithms (that I previously disabled) which may lead to the compromise of my communications with other systems (since the world doesn’t revolve entirely around Blizzard).

Bottom Line - Get rid of the SHA-1 hashing on 137.221.105.152 - @Blizzard THIS MEANS YOU. If that’s too much to ask for then at least add secure hashing and algorithms for people who want that support (You don’t have to remove the old algorithm but please enable a secure hashing algorithm)