martintoreilly
commented
4 years ago Candidate lists / sources for weak / strong cipher suites
Cipher suite
- Human readable, filterable list of ciphers
- Machine readable API
- 54 "Recommended". This is the strongest class, with all ciphers supporting Perfect Forward Secrecy (PFS)
- 117 "Secure". These use algorithms that have known issues but are not issues as used by current versions of TLS.
Qualys SSL Labs
- Live server test
- Server rating guide describes what they consider when rating cipher suites - - Has an API for machine readable server scans, along with a reference CLI API client
Microsoft Server 2019 TLS cipher suite official docs
- TLS cipher suite documentation
- Flags some cipher suites with
SCH_USE_STRONG_CRYPTO
jemrobinson
:scroll: Description
In July 2020, as part of the change to drop support for older TLS versions in PR #766, we limited the supported TLS cipher suites to remove all ciphers supported by Windows 2019 but not on the list at https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/. This list resulted in the Qualys SSL Labs server test reporting no weak ciphers.
In October 2020, @jemrobinson experienced issues with connecting to a newly deployed SRE RDS server, with the error being due to a failure to find a common supported cipher suite between client and server (see issue #842). Note that this issue was only encountered when launching an RDS app, implying that the browser and server had successfully negotiated a common acceptable TLS cipher suite when securing the initial connection to the RDS web app but there was then a subsequent failure when the we app was negotiating a secure connection with the RDS Connection Broker endpoint.
Expanding the list of supported ciphers to those classed as recommended or strong by the Cipher Suite API (applied in PR #843) resolved the connection problem described in issue #842, but several of the ciphers classed as strong by the Cipher Suite API are classed as weak by Qualys SSL Labs test.
We'd like to determine a principled subset of commonly agreed non-weak ciphers that we can support, along with a principled (and ideally automated) way of ensuring this list remains up to date.
:strawberry: Desired behaviour
We have no issues connecting to RDS apps from the latest version of Chrome, Firefox, Edge, Safari on Windows, Mac or Linux while also ensuring that we don't support any cipher suite considered weak by Qualys SSL Labs, Cipher Suite or any other list we choose to rely on.
:page_facing_up: Tasks
Include specific tasks (if any) in the order in which they need to be done.
Initially labelled as medium security as I think having a defensible list of supported TLS ciphers that excludes ones with known issues forms part of our security accreditation.