How do I know which cipher suites can be disabled?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







16















I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).




If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)          ECDH x25519 (eq. 3072 bits RSA)   FS            128

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)          ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)              DH 2048 bits   FS                               128

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)              DH 2048 bits   FS                               256



// All below are weak

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)              DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)                 DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)              DH 2048 bits   FS   WEAK                        256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)                 DH 2048 bits   FS   WEAK                        256

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK                                                              128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK                                                              256





tls cipher-selection ciphers







share|improve this question

























  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02


















16















I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).




If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)          ECDH x25519 (eq. 3072 bits RSA)   FS            128

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)          ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)              DH 2048 bits   FS                               128

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)              DH 2048 bits   FS                               256



// All below are weak

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)              DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)                 DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)              DH 2048 bits   FS   WEAK                        256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)                 DH 2048 bits   FS   WEAK                        256

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK                                                              128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK                                                              256





tls cipher-selection ciphers







share|improve this question

























  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02














16












16








16


4






I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).




If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)          ECDH x25519 (eq. 3072 bits RSA)   FS            128

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)          ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)              DH 2048 bits   FS                               128

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)              DH 2048 bits   FS                               256



// All below are weak

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)              DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)                 DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)              DH 2048 bits   FS   WEAK                        256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)                 DH 2048 bits   FS   WEAK                        256

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK                                                              128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK                                                              256





tls cipher-selection ciphers







share|improve this question
















I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.

I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.



Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).




If it helps, this is the list:



TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)          ECDH x25519 (eq. 3072 bits RSA)   FS            128

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)          ECDH x25519 (eq. 3072 bits RSA)   FS            256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)              DH 2048 bits   FS                               128

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)              DH 2048 bits   FS                               256



// All below are weak

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)              DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)                 DH 2048 bits   FS   WEAK                        128

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)              DH 2048 bits   FS   WEAK                        256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)                 DH 2048 bits   FS   WEAK                        256

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK                                                           128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK                                                           256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK                                                              128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK                                                              256





tls cipher-selection ciphers




tls cipher-selection ciphers






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 15 at 11:53







Martijn

















asked May 14 at 11:14









MartijnMartijn

20719




20719













  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02



















  • Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

    – Martijn
    May 14 at 11:25








  • 2





    The Mozilla wiki has recommendations with compatibility indications.

    – Sjoerd
    May 14 at 11:27











  • Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

    – Martijn
    May 14 at 12:17











  • @Martijn I may have misinterpreted the intent of your question. I apologize for that.

    – MechMK1
    May 14 at 13:17






  • 1





    I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

    – niemiro
    May 14 at 21:02

















Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

– Martijn
May 14 at 11:25







Yeah, I was concidering that. But I dont require help on which files to find and to edit, I only need to know how to decide which ciphers are secure :) Which why I though this site would be better.

– Martijn
May 14 at 11:25






2




2





The Mozilla wiki has recommendations with compatibility indications.

– Sjoerd
May 14 at 11:27





The Mozilla wiki has recommendations with compatibility indications.

– Sjoerd
May 14 at 11:27













Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

– Martijn
May 14 at 12:17





Thanks Sjoerd, they link to a handy tool which I set to 'Modern'

– Martijn
May 14 at 12:17













@Martijn I may have misinterpreted the intent of your question. I apologize for that.

– MechMK1
May 14 at 13:17





@Martijn I may have misinterpreted the intent of your question. I apologize for that.

– MechMK1
May 14 at 13:17




1




1





I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

– niemiro
May 14 at 21:02





I used to follow the advice of various online guides, but, they are /constantly/ out of date. Most still aren't even updated for TLSv1.3. So now, instead, I simply copy what google.com does, which I presume offers a good tradeoff between security and compatibility: ssllabs.com/ssltest/…

– niemiro
May 14 at 21:02










1 Answer
1






active

oldest

votes


















15














The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer
























  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49














Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210165%2fhow-do-i-know-which-cipher-suites-can-be-disabled%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









15














The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer
























  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49


















15














The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer
























  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49
















15












15








15







The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.






share|improve this answer













The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:



TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)


Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:



Handshake Simulation



If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added



From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)



Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.







share|improve this answer












share|improve this answer



share|improve this answer










answered May 14 at 12:06









Esa JokinenEsa Jokinen

4,6911624




4,6911624













  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49





















  • So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

    – Martijn
    May 14 at 12:14













  • Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

    – Z.T.
    May 14 at 12:36






  • 1





    It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

    – Roy Tinker
    May 14 at 17:49



















So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

– Martijn
May 14 at 12:14







So you've checked the current good support TLS version, and in the specs checked the mathing ciphers. And than added the older Apple one? If I enabled that, doesnt that mean my whole security is as strong as that weak cipher?

– Martijn
May 14 at 12:14















Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

– Z.T.
May 14 at 12:36





Correct, by enabling the CBC cipher suite you weaken the security. Enable it only if you need to support clients that don't support an AEAD like AESGCM and ChaCha20Poly1305.

– Z.T.
May 14 at 12:36




1




1





It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

– Roy Tinker
May 14 at 17:49







It's worth noting that if you're configuring Windows/IIS servers, you also need to consider which services your server is a client to. Like, is it accesssing an old SQL Server instance? I once got burned when my web app died after I disabled 3DES, which was still needed to access a DBMS that hadn't yet been upgraded.

– Roy Tinker
May 14 at 17:49




















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210165%2fhow-do-i-know-which-cipher-suites-can-be-disabled%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

He _____ here since 1970 . Answer needed [closed]What does “since he was so high” mean?Meaning of “catch birds for”?How do I ensure “since” takes the meaning I want?“Who cares here” meaningWhat does “right round toward” mean?the time tense (had now been detected)What does the phrase “ring around the roses” mean here?Correct usage of “visited upon”Meaning of “foiled rail sabotage bid”It was the third time I had gone to Rome or It is the third time I had been to Rome

Image
Engineer refusing to file/disclose patents Extending the spectral theorem for bounded self adjoint operators to bounded normal operators Do varchar(max), nvarchar(max) and varbinary(max) columns affect select queries? Why is it that I can sometimes guess the next note? What linear sensor for a keyboard? Why don’t women say שלא עשני גויה and שפחה, according to Ashkenazim? Did arcade monitors have same pixel aspect ratio as TV sets? anything or something to eat Query about absorption line spectra Can I use my Chinese passport to enter China after I acquired another citizenship? Fuse symbol on toroidal transformer Create all possible words using a set or letters Does the Mind Blank spell prevent the target from being frightened? Can I sign legal documents with a smiley face? When quoting, must I also copy hyphens used to divide words that continue on the next line? Hot bath for aluminium engine block and heads Journal losing indexing services Is it possib
Read more

Bunad

Image
Tradisjonelle folkedrakter frå Aust-Telemark, truleg frå 1880-åra. Drakter som dette er grunnlaget for moderne bunadar. Foto: Axel Lindahl Bunad frå Eggedal i Buskerud fotografert i 1906. Bunad (frå kledebunad , der norrønt «búnaðr» har same rot som (føre)bu) er ei samnemning brukt om klesdrakter i tradisjonell nordisk stil — ofte utvikla frå folkedrakter, men likevel i ein eigen tradisjon. Ein bunad er typisk ei forseggjort og kostbar drakt, med mykje broderi, og med handsmidde smykke i gull eller sølv, særleg dei særeigne søljene, som obligatorisk prynad i tillegg. Bunad og bunadbruk er eit debattemne med mange ulike oppfatningar, til dømes om kva som er ein bunad, og om ein kan endra på utforminga av draktene eller ikkje. Den norske bunadrørsla går tilbake til folkedansrørsla og føregangsfolk som Hulda Garborg og Klara Semb. I dag blir bunad brukt som nasjonaldrakt. Festbunad er likestilt med galla-antrekk, og ofte nytta ved særskilde høve, som konfirmasjonar eller d
Read more

Færeyskur hestur Heimild | Tengill | Tilvísanir | LeiðsagnarvalRossið - síða um færeyska hrossið á færeyskuGott ár hjá færeyska hestinum

Image
FæreyjarHestar færeyskahjaltlandshestinumíslenski hesturinnBretlandskolanámumenskuWikipediafæreyskuWikipediaRossið - síða um færeyska hrossið á færeysku Færeyskur hestur Úr Wikipediu, frjálsa alfræðiritinu Jump to navigation Jump to search Rani og Grani. Grani í vetrarfeldi. Færeyski hesturinn (færeyska: Føroyska rossið ) er hestur sem hefur lifað í Færeyjum í hundruði ára. Hann er smágerður, 120-132 cm á hæð, og helst skyldur hjaltlandshestinum. Hlutverk hans var að draga vagna og plóg og bera klyfjar. Hann hefur fjórar gangtegundir eins og íslenski hesturinn (þar með talið tölt) og er með fjölda litaafbrigði. Nú til dags er hann notaður til frístunda. Í lok 19. aldar voru til um 800 hross. Mörg þeirra voru seld til Bretlands til að vinna í kolanámum og um 1960 voru aðeins nokkrir hestar eftir. Átak var gert í að varðveita hestinn og eru nú til 70-80 hross í Færeyjum. [1] Heimild |   Wikimedia Commons er með margmiðlunarefni sem te
Read more