Black-list-based cipher tuning (deprecated)

warning: rather go for white-list tuning

Introduction

We are setting up a whiltelist here, which is not as good as a blacklist because our network service won’t scale while upgrading the SSL library. However we grap the cipher suite names from the library itself, and not from ssllabs or the capabilities seen online, so we’re compatible with both RSA and ECDSA key pairs and certificates.

PFS and no CBC

openssl ciphers -s -V > ciphers.all
openssl ciphers -tls1_2 -s -V > ciphers.tls12
openssl ciphers -tls1_3 -s -V > ciphers.tls13

avoid CBC mode of operation and no need to list the tls13 ciphers, those are configured within openssl.

grep -E 'GCM|CCM|POLY' ciphers.tls12 | awk '{print $3}' > ciphers.selected

change the order as such (faster to slower but without RSA key exchange)

vi ciphers.selected

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305

    for cipher in `cat ciphers.selected`; do echo -n :$cipher; done; unset cipher; echo

gives

    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

too bad we are missing CAMELLIA here (CBC mode)

DHE-RSA-CAMELLIA128-SHA
DHE-RSA-CAMELLIA128-SHA256

DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA256

Some results

BRUTAL RSA with tls12 and 13 (w/o RSA key exchanges to enforce PFS)

key exchange    90
cipher strength 90

BRUTAL RSA with tls12 only (idem)

key exchange    90
cipher strength 90

BRUTAL RSA with tls12 only (idem and w/o 128-bit ciphers)

    key exchange    90
    cipher strength 100

BRUTAL RSA with tls12 only (idem and w/ tuned ssl_dhparam & ssl_ecdh_curve)

    key exchange    100
    cipher strength 100

BRUTAL ECDSA/384 with tls12 only (idem)

    key exchange    100
    cipher strength 100

BRUTAL ECDSA/384 with tls12 and 13 w/o listing the 13 ciphers (tls13 has a 128-bit cipher)

    key exchange    100
    cipher strength 90

GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH