EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Suggested SSL Versions for HTTPS Server

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#31022
Posted: 10/16/2014 09:23:46
by Darian Miller (Standard support level)
Joined: 06/27/2011
Posts: 48

I have an old note in code that I can no longer find the source reference:
Per Eugene Mayevski/Eldos "Advertising of TLS 1.1 and 1.2 sometimes causes badly written implementations (including some versions of OpenSSL) to crash or close connection immediately." They disable 1.1 and 1.2 in their SSL demo.

With the recent Poodle vulnerability focus, disabling SSL V3, or at least CBC ciphers for SSL V3, is the new requirement. Since SSL V3 is so old, it's past time for it to go away.

For establishing the Versions to uses, is the current recommendation to use
[sbTLS1, slTLS11, sbTLS12]?

Are there still many issues reported with TLS 1.1 or TLS 1.2? I'm assuming this is an old note..

Thanks
#31023
Posted: 10/16/2014 09:30:49
by Eugene Mayevski (EldoS Corp.)

The quoted comment applies more to the clients than to servers.

Version downgrading, mentioned in some articles as one of the reasons of the issue (when the client connects with higher version then, if the server fails, disconnects and reconnects with the lower version) is of the same cause.

On the server it's recommended to enable and support the most recent versions . TLS 1.0 is still required but TLS 1.1 and 1.2 should better be enabled as well.

We will publish the small article about POODLE tomorrow.


Sincerely yours
Eugene Mayevski
#31025
Posted: 10/16/2014 10:25:19
by Darian Miller (Standard support level)
Joined: 06/27/2011
Posts: 48

Thank you - look forward to your article!
#31026
Posted: 10/16/2014 11:03:24
by Ken Ivanov (EldoS Corp.)

Hi Darian,

Quote
For establishing the Versions to uses, is the current recommendation to use
[sbTLS1, slTLS11, sbTLS12]?

The comment you mentioned seems to be fairly old. As of today, most of widely used client and server implementations support TLS 1.1 and TLS 1.2 correctly. Even more, taking into account recently discovered attacks on earlier versions of the protocol (BEAST and renegotiation attacks in particular), it is strongly recommended to try to enforce the newer versions wherever possible.

As Eugene said, an article on POODLE will be published shortly. Note that the only guaranteed way to overcome SSL 3.0 vulnerabilities is to shut it down entirely. Even if you or your clients will be invulnerable to PUDDLE, they will still be vulnerable to other issues in the SSL 3.0 protocol.

This recent article on tuning up SSL components might be useful for you.

Ken
#31028
Posted: 10/16/2014 17:07:46
by Darian Miller (Standard support level)
Joined: 06/27/2011
Posts: 48

Thanks Ken...yes, my comment is likely from a (very) old source. Your article reference has been examined a few times.

One suggestion is to include a utility method in SBB that auto-configures the CipherSuits and CipherSuitePriorities arrays to utilize 'Current Best Practice' values. Perhaps have a compatibility level parameter that decides on how strict the current best practice settings should be.

I'd also suggest adding a column to that article's list of cipher suites for 'Relative Priority'. I've sorted mine and put those with AES256 ahead of those with AES128, SHA385 ahead of SHA256.. but, for example, should SB_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384 be ahead of SB_SUITE_ECDHE_RSA_AES256_GCM_SHA384?
#31032
Posted: 10/17/2014 03:31:10
by Ken Ivanov (EldoS Corp.)

Hi Darian,

Quote
One suggestion is to include a utility method in SBB that auto-configures the CipherSuits and CipherSuitePriorities arrays to utilize 'Current Best Practice' values. Perhaps have a compatibility level parameter that decides on how strict the current best practice settings should be.

OK, we will think about it.

Quote
I'd also suggest adding a column to that article's list of cipher suites for 'Relative Priority'. I've sorted mine and put those with AES256 ahead of those with AES128, SHA385 ahead of SHA256.. but, for example, should SB_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384 be ahead of SB_SUITE_ECDHE_RSA_AES256_GCM_SHA384?

The applicability of these particular cipher suites depends on the type of certificate(s) installed on the server. The first cipher suite can only be used with a ECDSA certificate, and the second one requires an RSA certificate. If your server has certificates of both types, the priorities should be chosen basing on the lengths of the public keys carried in those certificates.

Ken
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 815 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!