My understanding is that that 3DES can be configured to use multiple modes including cipher block chaining (CBC) and electronic code book (ECB).
Does anyone know which one is used by IIS whenever 3DES is configured in the machineKey?
Related
I have configured my Tomcat 8.5 cipher suites as below
<Connector
....
sslEnabledProtocols="TLSv1.2"
ciphers="
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
... />
While testing the site with www.ssllabs.com I find strange result in Server Supported Cipher Suites section. The list is as below :
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 .... OK
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 .... WEAK
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA .... WEAK
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 .... OK
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 .... WEAK
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA .... WEAK
Where are the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 come from, I have not configure them in ā€¨server.xml ?!
Is it any default list of cipher suites in tomcat ?!
When you specify ciphers, no additional ciphers will be made available, regardless of the capabilities of the cryptographic provider being used (e.g. JSSE, OpenSSL, etc.).
If you are seeing a different set of cipher suites being negotiated, I would check two things:
Your configuration is actually being used. Try adding a syntactic error to your XML configuration file to see if Tomcat still starts. Tomcat should refuse to start if the file is not well-formed, confirming that you are in fact changing the right configuration file.
If you are not directly connecting to Tomcat, you may be negotiating your TLS handshake with another network component such as a reverse proxy which is terminating TLS. If that's the case, the configuration of Tomcat is not relevant; the client is really talking to the reverse proxy and not to Tomcat, so the list of ciphers will be different as far as the client can tell. You will need to reconfigure the reverse proxy in this situation. The cipher suites list in Tomcat is still important, as you want to be using a secure cipher suite even "inside" your own network.
I'm working on snmpv3. In the RFC and internet I haven't seen any documentation regarding how the encryption and hashing algorithms exchanged between the entities. I wonder will there be any cipher negotiation happens in SNMPv3 or both parties should agree upon a specific set of algorithms prior to the communication and use them?
I wonder whether you are reading the proper RFC documents. For SNMP v3 there is no cipher negotiation at all. You have to know exactly how a device is configured so as to manage it.
It is not something like HTTP over SSL.
In SSL connections. As far as I understand that the the order of the cipher suit that the client offers to the server matters. How can I know what is the order of the client's offered cipher suit in my Firefox or IE browsers?
In FF, I tried to type about:config and then filtered the output to: security.ssl, I got:
Is this is the exact order that the client offers to SSL servers? Does this means, my browser prefers DHE and ECDHE over RSA key exchange because the DHE and ECDHE ciphers came first?
There is nothing in the TLS RFC that says the order matters. Specific servers may choose to honor the order provided by the client as an order of preference, but it isn't required, and neither JSSE not OpenSSL does so to the best of my knowledge.
How can I identify the cipher strength of an active https connection to a linux redhat apache webserver. I want to harden my web server by removing lower strength ciphers and would like to check if clients are even using them.
EDIT
My goal is to avoid negative impact of removal of a lower security cipher that a client relies on. Worst case scenario there is a stupid non browser (or old browser) app that is using an old insecure cipher, when I disallow the use of this cipher his/her app could break. I'm trying to proactively identify if there are any apps/browsers using any of the ciphers I'm going to disable.
You can identify unsuccessful handshakes by enabling the appropriate level of logging on mod_ssl. See the Custom Log Formats section on http://httpd.apache.org/docs/2.2/mod/mod_ssl.html, notably
CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
This should enable you to make a list of ciphers requested by clients and configure Apache accordingly.
Your question and your goal aren't necessarily related. Each active connection may use a difference cipher based on the combination of: (a) the capabilities on the server (b) the capabilities of the client (c) cipher preference of the server and client. Looking at any individual connection will not tell you if your SSL configuration is optimal.
If your goal is to harden your SSL configuration, I suggest you use
the SSL Server Test from SSL labs. It grades your server configuration based on known SSL vulnerabilities and best practices.
The last time I updated my SSL configuration I used the configuration tips from this blog post. Note that understanding of SSL vulnerabilities is constantly changing so I suggest you rerun the test every once in a while to ensure your configuration is the best that is currently known.
Due to a couple of issues with my host, I'm unable to use a SSL-certificate on my server (I'm not ready to change provider just yet), and can't therefore use HTTPS. This server will communicate with a couple of client-computers and will transfer data that's somewhat secret.
Would it be reasonable to simply use AES encryption (encryption on client before sending, decryption on server before processing) instead of HTTPS?
This depends on your deployment environment.
Replacing SSL/TLS (and HTTPS) with your own encryption protocol for use by a web browser is always a bad idea, since it relies on JavaScript code delivered insecurely (for details, see this question on Security.SE, for example).
If the client isn't a web browser, you have more options available. In particular, you can implement message-level security instead of transport-level security (which is what HTTPS uses).
There are a number of attempts to standardise message-level security with HTTP. For example:
HTTPsec had a public specification (still available on WebArchive), but a commercial implementation. I'm not sure whether this has been widely reviewed.
WS-Security, oriented towards the world of SOAP.
Perhaps more simply, if you want to re-use existing tools, you could use S/MIME or PGP (in the same way as you would for e-mails) to encrypt the HTTP message entities. Unlike HTTPS, this won't protect the URL or the HTTP headers, but this might be enough if you don't put any sensitive data there.
The further down you go with "raw encryption" yourself (using AES directly, for example), the more likely you'll have to implement other aspects of security manually (typically, verifying the remote party's identity and dealing with the problem of pre-sharing the keys).
If you have a small list of clients that don't change often, you could implement your own SSL-Tunnel using SSH. On the clients do a;
ssh -D 4444 nulluser#example.com -N
where nulluser has no shell or file access on example.com.
Then add a foxyproxy whitelist setting - so that for example.com the client browsers use the localhost:4040 proxy.
It's a hack, it's totally unscalable, but it would work as I say for a small, static number of clients, and it has the advantage of not reinventing any wheels while being totally secure.