From 1f4e2a663cd26fd46d414a8371c296f863df4664 Mon Sep 17 00:00:00 2001 From: Aaron Kaplan Date: Mon, 2 Dec 2013 21:44:09 +0100 Subject: [PATCH] comment out an old section which we simply kept before since it has a nice table formatting example. --- src/cipher_suites/choosing.tex | 208 ++++++++++++++++----------------- 1 file changed, 104 insertions(+), 104 deletions(-) diff --git a/src/cipher_suites/choosing.tex b/src/cipher_suites/choosing.tex index 19ffc47..e2bb92d 100644 --- a/src/cipher_suites/choosing.tex +++ b/src/cipher_suites/choosing.tex @@ -124,107 +124,107 @@ Other hash functions like MD2, MD4 or MD5 are unsafe and broken: \texttt{!MD2:!M %\item RFC7027 - Brainpool Curves %\end{itemize} -\subsubsection{Overview of SSL Server settings} - - -Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others. -We followed the recommendations by Ivan Ristic's SSL/TLS Deployment Best Practices\footnote{\url{https://www.ssllabs.com/projects/best-practices/index.html}} document (see section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers. - -Following Ivan Ristic's adivce we arrived at a categorisation of cipher suites. - -\begin{center} -\begin{tabular}{lllll} -\cmidrule[\heavyrulewidth]{2-5} -& \textbf{Version} & \textbf{KeyEx} & \textbf{Cipher} & \textbf{MAC} \\\cmidrule(lr){2-5} -\cellcolor{green}prefer & TLS 1.2 & DHE\_DSS & AES\_256\_GCM & SHA384 \\ - & & DHE\_RSA & AES\_256\_CCM & SHA256 \\ - & & ECDHE\_ECDSA & AES\_256\_CBC & \\ - & & ECDHE\_RSA & & \\ - & & & & \\ -\cellcolor{orange}consider & TLS 1.1 & DH\_DSS & AES\_128\_GCM & SHA \\ - & TLS 1.0 & DH\_RSA & AES\_128\_CCM & \\ - & & ECDH\_ECDSA & AES\_128\_CBC & \\ - & & ECDH\_RSA & CAMELLIA\_256\_CBC & \\ - & & RSA & CAMELLIA\_128\_CBC & \\ - & & & & \\ -\cellcolor{red}avoid -& SSL 3.0 & NULL & NULL & NULL \\ - & & DH\_anon & RC4\_128 & MD5 \\ - & & ECDH\_anon & 3DES\_EDE\_CBC & \\ - & & & DES\_CBC & \\ - & & & & \\ -\cellcolor{blue}{\color{white}special } -& & PSK & CAMELLIA\_256\_GCM & \\ - & & DHE\_PSK & CAMELLIA\_128\_GCM & \\ - & & RSA\_PSK & ARIA\_256\_GCM & \\ - & & ECDHE\_PSK & ARIA\_256\_CBC & \\ - & & & ARIA\_128\_GCM & \\ - & & & ARIA\_128\_CBC & \\ - & & & SEED & \\ -\cmidrule[\heavyrulewidth]{2-5} -\end{tabular} -\end{center} - -A remark on the ``consider'' section: the BSI (Federal office for information security, Germany) recommends in its technical report TR-02102-2\footnote{\url{https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2_pdf.html}} to \textbf{avoid} non-ephemeral\footnote{Ephemeral keys are session keys which are destroyed upon termination of the encrypted session. In TLS/SSL, they are realized by the DHE cipher suites. } keys for any communication which might contain personal or sensitive data. In this document, we follow BSI's advice and therefore only keep cipher suites containing (EC)DH\textbf{E} (ephemeral) variants. System administrators, who can not use forward secrecy can still use the cipher suites in the ``consider'' section. We however, do not recommend them in this document. - -%% NOTE: s/forward secrecy/perfect forward secrecy??? - -Note that the entries marked as ``special'' are cipher suites which are not common to all clients (webbrowsers etc). - - -\subsubsection{Tested clients} - -Next we tested the cipher suites above on the following clients: - -%% NOTE: we need to test with more systems!! -\begin{itemize} -\item Chrome 30.0.1599.101 Mac OS X 10.9 -\item Safari 7.0 Mac OS X 10.9 -\item Firefox 25.0 Mac OS X 10.9 -\item Internet Explorer 10 Windows 7 -\item Apple iOS 7.0.3 -\end{itemize} - - -The result of testing the cipher suites with these clients gives us a preference order as shown in table \ref{table:prefOrderCipherSuites}. -Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering. - -\begin{table}[h] -\centering\small - \begin{tabular}{cllcccc} - \toprule - \textbf{Pref} & \textbf{Cipher Suite} & \textbf{ID} & \multicolumn{4}{l}{\textbf{Supported by}}\\ - \cmidrule(lr){4-7} - & \textbf{OpenSSL Name} & & Chrome & FF & IE & Safari \\ - \cmidrule(lr){1-7} - \phantom{0}1 & \verb|TLS_DHE_RSA_WITH_AES_256_GCM_SHA384| & \verb|0x009f| & \no & \no & \no & \no \\ - & \verb|DHE-RSA-AES256-GCM-SHA384| & & &&&\\\rowcolor{lightlightgray} - \phantom{0}2 & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384| & \verb|0xC024| & \no & \no & \no & \yes \\\rowcolor{lightlightgray} - & \verb|ECDHE-ECDSA-AES256-SHA384| & & &&&\\ - \phantom{0}3 & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384| & \verb|0xC028| & \no & \no & \no & \yes \\ - & \verb|ECDHE-RSA-AES256-SHA384| & & &&&\\\rowcolor{lightlightgray} - \phantom{0}4 & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA256| & \verb|0x006B| & \yes & \no & \no & \yes \\\rowcolor{lightlightgray} - & \verb|DHE-RSA-AES256-SHA256| & & &&&\\ - \phantom{0}5 & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA| & \verb|0xC00A| & \yes & \yes & \yes & \yes \\ - & \verb|ECDHE-ECDSA-AES256-SHA| & & &&&\\\rowcolor{lightlightgray} - \phantom{0}6 & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA| & \verb|0xC014| & \yes & \yes & \yes & \yes \\\rowcolor{lightlightgray} - & \verb|ECDHE-RSA-AES256-SHA| & & &&&\\ - \phantom{0}7 & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA| & \verb|0x0039| & \yes & \yes & \no & \yes \\ - & \verb|DHE-RSA-AES256-SHA| & & &&&\\\rowcolor{lightlightgray} - \phantom{0}8 & \verb|TLS_DHE_DSS_WITH_AES_256_CBC_SHA| & \verb|0x0038| & \no & \yes & \yes & \no \\\rowcolor{lightlightgray} - & \verb|DHE-DSS-AES256-SHA| & & &&&\\ - \phantom{0}9 & \verb|TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA| & \verb|0x0088| & \no & \yes & \no & \no \\ - & \verb|DHE-RSA-CAMELLIA256-SHA| & & &&&\\\rowcolor{lightlightgray} - \phantom{}10 & \verb|TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA| & \verb|0x0087| & \no & \yes & \no & \no \\\rowcolor{lightlightgray} - & \verb|DHE-DSS-CAMELLIA256-SHA| & & &&&\\ - \bottomrule - \end{tabular} -\caption{Preference order of cipher suites. All suites are supported by OpenSSL.} -\label{table:prefOrderCipherSuites} -\end{table} - -Note: the above table \ref{table:prefOrderCipherSuites} contains Elliptic curve key exchanges. There are currently strong doubts\footnote{\url{http://safecurves.cr.yp.to/rigid.html}} concerning ECC. -If unsure, remove the cipher suites starting with ECDHE in the table above. - - -Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers. +%\subsubsection{Overview of SSL Server settings} +% +% +%Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others. +%We followed the recommendations by Ivan Ristic's SSL/TLS Deployment Best Practices\footnote{\url{https://www.ssllabs.com/projects/best-practices/index.html}} document (see section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers. +% +%Following Ivan Ristic's adivce we arrived at a categorisation of cipher suites. +% +%\begin{center} +%\begin{tabular}{lllll} +%\cmidrule[\heavyrulewidth]{2-5} +%& \textbf{Version} & \textbf{KeyEx} & \textbf{Cipher} & \textbf{MAC} \\\cmidrule(lr){2-5} +%\cellcolor{green}prefer & TLS 1.2 & DHE\_DSS & AES\_256\_GCM & SHA384 \\ +% & & DHE\_RSA & AES\_256\_CCM & SHA256 \\ +% & & ECDHE\_ECDSA & AES\_256\_CBC & \\ +% & & ECDHE\_RSA & & \\ +% & & & & \\ +%\cellcolor{orange}consider & TLS 1.1 & DH\_DSS & AES\_128\_GCM & SHA \\ +% & TLS 1.0 & DH\_RSA & AES\_128\_CCM & \\ +% & & ECDH\_ECDSA & AES\_128\_CBC & \\ +% & & ECDH\_RSA & CAMELLIA\_256\_CBC & \\ +% & & RSA & CAMELLIA\_128\_CBC & \\ +% & & & & \\ +%\cellcolor{red}avoid +%& SSL 3.0 & NULL & NULL & NULL \\ +% & & DH\_anon & RC4\_128 & MD5 \\ +% & & ECDH\_anon & 3DES\_EDE\_CBC & \\ +% & & & DES\_CBC & \\ +% & & & & \\ +%\cellcolor{blue}{\color{white}special } +%& & PSK & CAMELLIA\_256\_GCM & \\ +% & & DHE\_PSK & CAMELLIA\_128\_GCM & \\ +% & & RSA\_PSK & ARIA\_256\_GCM & \\ +% & & ECDHE\_PSK & ARIA\_256\_CBC & \\ +% & & & ARIA\_128\_GCM & \\ +% & & & ARIA\_128\_CBC & \\ +% & & & SEED & \\ +%\cmidrule[\heavyrulewidth]{2-5} +%\end{tabular} +%\end{center} +% +%A remark on the ``consider'' section: the BSI (Federal office for information security, Germany) recommends in its technical report TR-02102-2\footnote{\url{https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2_pdf.html}} to \textbf{avoid} non-ephemeral\footnote{Ephemeral keys are session keys which are destroyed upon termination of the encrypted session. In TLS/SSL, they are realized by the DHE cipher suites. } keys for any communication which might contain personal or sensitive data. In this document, we follow BSI's advice and therefore only keep cipher suites containing (EC)DH\textbf{E} (ephemeral) variants. System administrators, who can not use forward secrecy can still use the cipher suites in the ``consider'' section. We however, do not recommend them in this document. +% +%%% NOTE: s/forward secrecy/perfect forward secrecy??? +% +%Note that the entries marked as ``special'' are cipher suites which are not common to all clients (webbrowsers etc). +% +% +%\subsubsection{Tested clients} +% +%Next we tested the cipher suites above on the following clients: +% +%%% NOTE: we need to test with more systems!! +%\begin{itemize} +%\item Chrome 30.0.1599.101 Mac OS X 10.9 +%\item Safari 7.0 Mac OS X 10.9 +%\item Firefox 25.0 Mac OS X 10.9 +%\item Internet Explorer 10 Windows 7 +%\item Apple iOS 7.0.3 +%\end{itemize} +% +% +%The result of testing the cipher suites with these clients gives us a preference order as shown in table \ref{table:prefOrderCipherSuites}. +%Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering. +% +%\begin{table}[h] +%\centering\small +% \begin{tabular}{cllcccc} +% \toprule +% \textbf{Pref} & \textbf{Cipher Suite} & \textbf{ID} & \multicolumn{4}{l}{\textbf{Supported by}}\\ +% \cmidrule(lr){4-7} +% & \textbf{OpenSSL Name} & & Chrome & FF & IE & Safari \\ +% \cmidrule(lr){1-7} +% \phantom{0}1 & \verb|TLS_DHE_RSA_WITH_AES_256_GCM_SHA384| & \verb|0x009f| & \no & \no & \no & \no \\ +% & \verb|DHE-RSA-AES256-GCM-SHA384| & & &&&\\\rowcolor{lightlightgray} +% \phantom{0}2 & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384| & \verb|0xC024| & \no & \no & \no & \yes \\\rowcolor{lightlightgray} +% & \verb|ECDHE-ECDSA-AES256-SHA384| & & &&&\\ +% \phantom{0}3 & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384| & \verb|0xC028| & \no & \no & \no & \yes \\ +% & \verb|ECDHE-RSA-AES256-SHA384| & & &&&\\\rowcolor{lightlightgray} +% \phantom{0}4 & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA256| & \verb|0x006B| & \yes & \no & \no & \yes \\\rowcolor{lightlightgray} +% & \verb|DHE-RSA-AES256-SHA256| & & &&&\\ +% \phantom{0}5 & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA| & \verb|0xC00A| & \yes & \yes & \yes & \yes \\ +% & \verb|ECDHE-ECDSA-AES256-SHA| & & &&&\\\rowcolor{lightlightgray} +% \phantom{0}6 & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA| & \verb|0xC014| & \yes & \yes & \yes & \yes \\\rowcolor{lightlightgray} +% & \verb|ECDHE-RSA-AES256-SHA| & & &&&\\ +% \phantom{0}7 & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA| & \verb|0x0039| & \yes & \yes & \no & \yes \\ +% & \verb|DHE-RSA-AES256-SHA| & & &&&\\\rowcolor{lightlightgray} +% \phantom{0}8 & \verb|TLS_DHE_DSS_WITH_AES_256_CBC_SHA| & \verb|0x0038| & \no & \yes & \yes & \no \\\rowcolor{lightlightgray} +% & \verb|DHE-DSS-AES256-SHA| & & &&&\\ +% \phantom{0}9 & \verb|TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA| & \verb|0x0088| & \no & \yes & \no & \no \\ +% & \verb|DHE-RSA-CAMELLIA256-SHA| & & &&&\\\rowcolor{lightlightgray} +% \phantom{}10 & \verb|TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA| & \verb|0x0087| & \no & \yes & \no & \no \\\rowcolor{lightlightgray} +% & \verb|DHE-DSS-CAMELLIA256-SHA| & & &&&\\ +% \bottomrule +% \end{tabular} +%\caption{Preference order of cipher suites. All suites are supported by OpenSSL.} +%\label{table:prefOrderCipherSuites} +%\end{table} +% +%Note: the above table \ref{table:prefOrderCipherSuites} contains Elliptic curve key exchanges. There are currently strong doubts\footnote{\url{http://safecurves.cr.yp.to/rigid.html}} concerning ECC. +%If unsure, remove the cipher suites starting with ECDHE in the table above. +% +% +%Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers. -- 2.20.1