How do I know which cipher suites can be disabled?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







16















I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).





If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256

// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256









share|improve this question

























  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02


















16















I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).





If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256

// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256









share|improve this question

























  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02














16












16








16


4






I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).





If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256

// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256









share|improve this question
















I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).





If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256

// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256






tls cipher-selection ciphers






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 15 at 11:53







Martijn

















asked May 14 at 11:14









MartijnMartijn

20719




20719













  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02



















  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02

















Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

– Martijn
May 14 at 11:25







Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

– Martijn
May 14 at 11:25






2




2





The Mozilla wiki has recommendations with compatibility indications.

– Sjoerd
May 14 at 11:27





The Mozilla wiki has recommendations with compatibility indications.

– Sjoerd
May 14 at 11:27













Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

– Martijn
May 14 at 12:17





Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

– Martijn
May 14 at 12:17













@Martijn I may have misinterpreted the intent of your question. I apologize for that.

– MechMK1
May 14 at 13:17





@Martijn I may have misinterpreted the intent of your question. I apologize for that.

– MechMK1
May 14 at 13:17




1




1





I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

– niemiro
May 14 at 21:02





I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

– niemiro
May 14 at 21:02










1 Answer
1






active

oldest

votes


















15














The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer
























  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49














Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210165%2fhow-do-i-know-which-cipher-suites-can-be-disabled%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









15














The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer
























  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49


















15














The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer
























  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49
















15












15








15







The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer













The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.







share|improve this answer












share|improve this answer



share|improve this answer










answered May 14 at 12:06









Esa JokinenEsa Jokinen

4,6911624




4,6911624













  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49





















  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49



















So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

– Martijn
May 14 at 12:14







So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

– Martijn
May 14 at 12:14















Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

– Z.T.
May 14 at 12:36





Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

– Z.T.
May 14 at 12:36




1




1





It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

– Roy Tinker
May 14 at 17:49







It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

– Roy Tinker
May 14 at 17:49




















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210165%2fhow-do-i-know-which-cipher-suites-can-be-disabled%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Færeyskur hestur Heimild | Tengill | Tilvísanir | LeiðsagnarvalRossið - síða um færeyska hrossið á færeyskuGott ár hjá færeyska hestinum

He _____ here since 1970 . Answer needed [closed]What does “since he was so high” mean?Meaning of “catch birds for”?How do I ensure “since” takes the meaning I want?“Who cares here” meaningWhat does “right round toward” mean?the time tense (had now been detected)What does the phrase “ring around the roses” mean here?Correct usage of “visited upon”Meaning of “foiled rail sabotage bid”It was the third time I had gone to Rome or It is the third time I had been to Rome

Slayer Innehåll Historia | Stil, komposition och lyrik | Bandets betydelse och framgångar | Sidoprojekt och samarbeten | Kontroverser | Medlemmar | Utmärkelser och nomineringar | Turnéer och festivaler | Diskografi | Referenser | Externa länkar | Navigeringsmenywww.slayer.net”Metal Massacre vol. 1””Metal Massacre vol. 3””Metal Massacre Volume III””Show No Mercy””Haunting the Chapel””Live Undead””Hell Awaits””Reign in Blood””Reign in Blood””Gold & Platinum – Reign in Blood””Golden Gods Awards Winners”originalet”Kerrang! Hall Of Fame””Slayer Looks Back On 37-Year Career In New Video Series: Part Two””South of Heaven””Gold & Platinum – South of Heaven””Seasons in the Abyss””Gold & Platinum - Seasons in the Abyss””Divine Intervention””Divine Intervention - Release group by Slayer””Gold & Platinum - Divine Intervention””Live Intrusion””Undisputed Attitude””Abolish Government/Superficial Love””Release “Slatanic Slaughter: A Tribute to Slayer” by Various Artists””Diabolus in Musica””Soundtrack to the Apocalypse””God Hates Us All””Systematic - Relationships””War at the Warfield””Gold & Platinum - War at the Warfield””Soundtrack to the Apocalypse””Gold & Platinum - Still Reigning””Metallica, Slayer, Iron Mauden Among Winners At Metal Hammer Awards””Eternal Pyre””Eternal Pyre - Slayer release group””Eternal Pyre””Metal Storm Awards 2006””Kerrang! Hall Of Fame””Slayer Wins 'Best Metal' Grammy Award””Slayer Guitarist Jeff Hanneman Dies””Bullet-For My Valentine booed at Metal Hammer Golden Gods Awards””Unholy Aliance””The End Of Slayer?””Slayer: We Could Thrash Out Two More Albums If We're Fast Enough...””'The Unholy Alliance: Chapter III' UK Dates Added”originalet”Megadeth And Slayer To Co-Headline 'Canadian Carnage' Trek”originalet”World Painted Blood””Release “World Painted Blood” by Slayer””Metallica Heading To Cinemas””Slayer, Megadeth To Join Forces For 'European Carnage' Tour - Dec. 18, 2010”originalet”Slayer's Hanneman Contracts Acute Infection; Band To Bring In Guest Guitarist””Cannibal Corpse's Pat O'Brien Will Step In As Slayer's Guest Guitarist”originalet”Slayer’s Jeff Hanneman Dead at 49””Dave Lombardo Says He Made Only $67,000 In 2011 While Touring With Slayer””Slayer: We Do Not Agree With Dave Lombardo's Substance Or Timeline Of Events””Slayer Welcomes Drummer Paul Bostaph Back To The Fold””Slayer Hope to Unveil Never-Before-Heard Jeff Hanneman Material on Next Album””Slayer Debut New Song 'Implode' During Surprise Golden Gods Appearance””Release group Repentless by Slayer””Repentless - Slayer - Credits””Slayer””Metal Storm Awards 2015””Slayer - to release comic book "Repentless #1"””Slayer To Release 'Repentless' 6.66" Vinyl Box Set””BREAKING NEWS: Slayer Announce Farewell Tour””Slayer Recruit Lamb of God, Anthrax, Behemoth + Testament for Final Tour””Slayer lägger ner efter 37 år””Slayer Announces Second North American Leg Of 'Final' Tour””Final World Tour””Slayer Announces Final European Tour With Lamb of God, Anthrax And Obituary””Slayer To Tour Europe With Lamb of God, Anthrax And Obituary””Slayer To Play 'Last French Show Ever' At Next Year's Hellfst””Slayer's Final World Tour Will Extend Into 2019””Death Angel's Rob Cavestany On Slayer's 'Farewell' Tour: 'Some Of Us Could See This Coming'””Testament Has No Plans To Retire Anytime Soon, Says Chuck Billy””Anthrax's Scott Ian On Slayer's 'Farewell' Tour Plans: 'I Was Surprised And I Wasn't Surprised'””Slayer””Slayer's Morbid Schlock””Review/Rock; For Slayer, the Mania Is the Message””Slayer - Biography””Slayer - Reign In Blood”originalet”Dave Lombardo””An exclusive oral history of Slayer”originalet”Exclusive! Interview With Slayer Guitarist Jeff Hanneman”originalet”Thinking Out Loud: Slayer's Kerry King on hair metal, Satan and being polite””Slayer Lyrics””Slayer - Biography””Most influential artists for extreme metal music””Slayer - Reign in Blood””Slayer guitarist Jeff Hanneman dies aged 49””Slatanic Slaughter: A Tribute to Slayer””Gateway to Hell: A Tribute to Slayer””Covered In Blood””Slayer: The Origins of Thrash in San Francisco, CA.””Why They Rule - #6 Slayer”originalet”Guitar World's 100 Greatest Heavy Metal Guitarists Of All Time”originalet”The fans have spoken: Slayer comes out on top in readers' polls”originalet”Tribute to Jeff Hanneman (1964-2013)””Lamb Of God Frontman: We Sound Like A Slayer Rip-Off””BEHEMOTH Frontman Pays Tribute To SLAYER's JEFF HANNEMAN””Slayer, Hatebreed Doing Double Duty On This Year's Ozzfest””System of a Down””Lacuna Coil’s Andrea Ferro Talks Influences, Skateboarding, Band Origins + More””Slayer - Reign in Blood””Into The Lungs of Hell””Slayer rules - en utställning om fans””Slayer and Their Fans Slashed Through a No-Holds-Barred Night at Gas Monkey””Home””Slayer””Gold & Platinum - The Big 4 Live from Sofia, Bulgaria””Exclusive! Interview With Slayer Guitarist Kerry King””2008-02-23: Wiltern, Los Angeles, CA, USA””Slayer's Kerry King To Perform With Megadeth Tonight! - Oct. 21, 2010”originalet”Dave Lombardo - Biography”Slayer Case DismissedArkiveradUltimate Classic Rock: Slayer guitarist Jeff Hanneman dead at 49.”Slayer: "We could never do any thing like Some Kind Of Monster..."””Cannibal Corpse'S Pat O'Brien Will Step In As Slayer'S Guest Guitarist | The Official Slayer Site”originalet”Slayer Wins 'Best Metal' Grammy Award””Slayer Guitarist Jeff Hanneman Dies””Kerrang! Awards 2006 Blog: Kerrang! Hall Of Fame””Kerrang! Awards 2013: Kerrang! Legend”originalet”Metallica, Slayer, Iron Maien Among Winners At Metal Hammer Awards””Metal Hammer Golden Gods Awards””Bullet For My Valentine Booed At Metal Hammer Golden Gods Awards””Metal Storm Awards 2006””Metal Storm Awards 2015””Slayer's Concert History””Slayer - Relationships””Slayer - Releases”Slayers officiella webbplatsSlayer på MusicBrainzOfficiell webbplatsSlayerSlayerr1373445760000 0001 1540 47353068615-5086262726cb13906545x(data)6033143kn20030215029