How do I know which cipher suites can be disabled?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.
I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.
Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).
If it helps, this is the list:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
tls cipher-selection ciphers
|
show 1 more comment
I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.
I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.
Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).
If it helps, this is the list:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
tls cipher-selection ciphers
Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.
– Martijn
May 14 at 11:25
2
The Mozilla wiki has recommendations with compatibility indications.
– Sjoerd
May 14 at 11:27
Thanks Sjoerd, they link to a handy tool which I set to 'Modern'
– Martijn
May 14 at 12:17
@Martijn I may have misinterpreted the intent of your question. I apologize for that.
– MechMK1
May 14 at 13:17
1
I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…
– niemiro
May 14 at 21:02
|
show 1 more comment
I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.
I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.
Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).
If it helps, this is the list:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
tls cipher-selection ciphers
I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.
I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.
Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).
If it helps, this is the list:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
tls cipher-selection ciphers
tls cipher-selection ciphers
edited May 15 at 11:53
Martijn
asked May 14 at 11:14
MartijnMartijn
20719
20719
Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.
– Martijn
May 14 at 11:25
2
The Mozilla wiki has recommendations with compatibility indications.
– Sjoerd
May 14 at 11:27
Thanks Sjoerd, they link to a handy tool which I set to 'Modern'
– Martijn
May 14 at 12:17
@Martijn I may have misinterpreted the intent of your question. I apologize for that.
– MechMK1
May 14 at 13:17
1
I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…
– niemiro
May 14 at 21:02
|
show 1 more comment
Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.
– Martijn
May 14 at 11:25
2
The Mozilla wiki has recommendations with compatibility indications.
– Sjoerd
May 14 at 11:27
Thanks Sjoerd, they link to a handy tool which I set to 'Modern'
– Martijn
May 14 at 12:17
@Martijn I may have misinterpreted the intent of your question. I apologize for that.
– MechMK1
May 14 at 13:17
1
I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…
– niemiro
May 14 at 21:02
Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.
– Martijn
May 14 at 11:25
Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.
– Martijn
May 14 at 11:25
2
2
The Mozilla wiki has recommendations with compatibility indications.
– Sjoerd
May 14 at 11:27
The Mozilla wiki has recommendations with compatibility indications.
– Sjoerd
May 14 at 11:27
Thanks Sjoerd, they link to a handy tool which I set to 'Modern'
– Martijn
May 14 at 12:17
Thanks Sjoerd, they link to a handy tool which I set to 'Modern'
– Martijn
May 14 at 12:17
@Martijn I may have misinterpreted the intent of your question. I apologize for that.
– MechMK1
May 14 at 13:17
@Martijn I may have misinterpreted the intent of your question. I apologize for that.
– MechMK1
May 14 at 13:17
1
1
I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…
– niemiro
May 14 at 21:02
I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…
– niemiro
May 14 at 21:02
|
show 1 more comment
1 Answer
1
active
oldest
votes
The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:
If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK
From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)
Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
1
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210165%2fhow-do-i-know-which-cipher-suites-can-be-disabled%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:
If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK
From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)
Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
1
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
add a comment |
The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:
If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK
From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)
Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
1
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
add a comment |
The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:
If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK
From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)
Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.
The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:
If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK
From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)
Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.
answered May 14 at 12:06
Esa JokinenEsa Jokinen
4,6911624
4,6911624
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
1
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
add a comment |
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
1
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?
– Martijn
May 14 at 12:14
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.
– Z.T.
May 14 at 12:36
1
1
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.
– Roy Tinker
May 14 at 17:49
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210165%2fhow-do-i-know-which-cipher-suites-can-be-disabled%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.
– Martijn
May 14 at 11:25
2
The Mozilla wiki has recommendations with compatibility indications.
– Sjoerd
May 14 at 11:27
Thanks Sjoerd, they link to a handy tool which I set to 'Modern'
– Martijn
May 14 at 12:17
@Martijn I may have misinterpreted the intent of your question. I apologize for that.
– MechMK1
May 14 at 13:17
1
I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…
– niemiro
May 14 at 21:02