bwbroersma
commented
6 months ago Internet.nl uses the NCSC-NL - IT Security Guidelines for Transport Layer Security (TLS) as baseline. NCSC-NL is currently in the process of revising the TLS guidelines document. If the update is published Internet.nl will follow.
Cipher block chaining (CBC) are considered week because of Padding oracle attack on CBC encryption. After four new vulnerabilities, Qualys made changes to SSLLabs, see the blog post Zombie POODLE and GOLDENDOODLE Vulnerabilities:
SSL Labs identifies cipher suites using CBC with orange color and with text WEAK. This change won’t have any effect on the grades, as it only means that SSL Labs discourages the use of CBC-based cipher suites further.
See the current page 25 of the NCSC-NL TLS guidelines:
Appendix C – List of cipher suites
Good
TLS_AES_256_GCM_SHA384⁵¹ TLS_CHACHA20_POLY1305_SHA256⁵¹ TLS_AES_128_GCM_SHA256⁵¹
Sufficient
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384⁵² TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256⁵² TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256⁵² TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384⁵² TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256⁵² TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256⁵² TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Phase out
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
⁵¹ When used in combination with Good algorithms for key exchange and certificate verification. See Figure 2 in chapter Versions, algorithms and options for an example that results in a lower security level. ⁵² These algorithm selections, combined with TLS 1.3 are Good. However, the (old) ciper suite notation used here will frequently result in the use of at most TLS 1.2 in software, which is Sufficient.
ItsmeHB
Hi, while checking a url on internet.nl and ssllabs.com I came across 2 ciphers that were flagged as Weak on ssllabs.com (also on ciphersuite.info) and sufficient on internet.nl internet.nl (OpenSSL) <> ssllabs.com (IANA) ECDHE-RSA-AES128-SHA256 <> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES256-SHA384 <> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Shouldn't weak ciphers have the "phase out" label on internet.nl?
Henri