Let’s tune our cipher suites (OpenSSL)

tested with OpenSSL 1.1.1i and 3.0.0-dev

Introduction

We are setting up a whiltelist here, which is not as good as a blacklist because our network service won’t scale while upgrading the SSL library. However we grap the cipher suite names from the library itself, and not from ssllabs or the capabilities seen online, so we’re compatible with both RSA and ECDSA key pairs and certificates.

PFS and no CBC

openssl ciphers -s -V > ciphers.all
openssl ciphers -tls1_2 -s -V > ciphers.tls12
openssl ciphers -tls1_3 -s -V > ciphers.tls13

avoid CBC mode of operation and no need to list the tls13 ciphers, those are configured within openssl.

grep -E 'GCM|CCM|POLY' ciphers.tls12 | awk '{print $3}' > ciphers.selected

change the order as such (faster to slower but without RSA key exchange)

vi ciphers.selected

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305

    for cipher in `cat ciphers.selected`; do echo -n :$cipher; done; unset cipher; echo

gives

    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

too bad we are missing CAMELLIA here (CBC mode)

DHE-RSA-CAMELLIA128-SHA
DHE-RSA-CAMELLIA128-SHA256

DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA256

Some results

BRUTAL RSA with tls12 and 13 (w/o RSA key exchanges to enforce PFS)

key exchange    90
cipher strength 90

BRUTAL RSA with tls12 only (idem)

key exchange    90
cipher strength 90

BRUTAL RSA with tls12 only (idem and w/o 128-bit ciphers)

    key exchange    90
    cipher strength 100

BRUTAL RSA with tls12 only (idem and w/ tuned ssl_dhparam & ssl_ecdh_curve)

    key exchange    100
    cipher strength 100

BRUTAL ECDSA/384 with tls12 only (idem)

    key exchange    100
    cipher strength 100

BRUTAL ECDSA/384 with tls12 and 13 w/o listing the 13 ciphers (tls13 has a 128-bit cipher)

    key exchange    100
    cipher strength 90

Resources

openssl-ciphers, ciphers - SSL cipher display and cipher list tool https://www.openssl.org/docs/man1.1.1/man1/ciphers.html

SSL and TLS Deployment Best Practices https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites

TLS Cipher String ยท OWASP Cheat Sheet Series https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

Mapping OpenSSL Cipher Suite Names to Official Names and RFCs https://www.woolie.co.uk/article/mapping-openssl-ciphers-to-iana-cipher-suite-registy/

A list of recommended cipher suites for TLS 1.2 https://www.peerlyst.com/posts/a-list-of-recommended-cipher-suites-for-tls-1-2-guurhart

hardening

SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT https://blog.qualys.com/ssllabs/2018/02/02/forward-secrecy-authenticated-encryption-and-robot-grading-update

[stunnel-users] STUNNEL — How to chose the AES cipher with TLS v1.2 https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html

Cipher Security: How to harden TLS and SSH https://www.linuxjournal.com/content/cipher-security-how-harden-tls-and-ssh

ciphers https://www.openssl.org/docs/manmaster/man1/ciphers.html

Security/Server Side TLS https://wiki.mozilla.org/Security/Server_Side_TLS

Recommendations for TLS/SSL Cipher Hardening https://securityboulevard.com/2018/04/recommendations-for-tls-ssl-cipher-hardening/

Recommendations: SSL/TLS Protocols and Cipher Suites https://grok.lsu.edu/Article.aspx?articleid=17596

Recommendations for TLS/SSL Cipher Hardening https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/ SSL!