[Ach] Updated Mozilla TLS guide
Julien Vehent
julien at linuxwall.info
Mon Oct 13 13:43:28 CEST 2014
On 2014-10-13 03:27, Alan Orth wrote:
> Just wanted to point out
that Mozilla has updated their server-side TLS
> recommendations:
>
>
https://wiki.mozilla.org/Security/Server_Side_TLS [1]
>
> They now have
three compliance levels: old, intermediate, and modern.
I also wrote a
tool to analyze cipherscan's output against each recommended
level.
https://jve.linuxwall.info/blog/index.php?post/2014/10/09/Automated-configuration-analysis-for-Mozilla-s-TLS-guidelines
The
goal is to make it easier for admins to reach the intermediate level,
without asking a security expert to analyze their configuration.
It's
very opinionated, and I don't expect everyone to agree with its output.
But it serves Mozilla's needs.
$ ./cipherscan
bettercrypto.org
.....................................
prio ciphersuite
protocols pubkey_size signature_algorithm trusted ticket_hint
ocsp_staple pfs_keysize
1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 4096
sha1WithRSAEncryption True 300 True ECDH,P-384,384bits
2
ECDHE-RSA-AES256-SHA384 TLSv1.2 4096 sha1WithRSAEncryption True 300 True
ECDH,P-384,384bits
3 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 4096
sha1WithRSAEncryption True 300 True DH,1024bits
4 DHE-RSA-AES256-SHA256
TLSv1.2 4096 sha1WithRSAEncryption True 300 True DH,1024bits
5
AES256-GCM-SHA384 TLSv1.2 4096 sha1WithRSAEncryption True 300 True
6
AES256-SHA256 TLSv1.2 4096 sha1WithRSAEncryption True 300 True
7
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 4096 sha1WithRSAEncryption True 300
True ECDH,P-384,384bits
8 ECDHE-RSA-AES128-SHA256 TLSv1.2 4096
sha1WithRSAEncryption True 300 True ECDH,P-384,384bits
9
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 4096 sha1WithRSAEncryption True 300
True DH,1024bits
10 DHE-RSA-AES128-SHA256 TLSv1.2 4096
sha1WithRSAEncryption True 300 True DH,1024bits
11 AES128-GCM-SHA256
TLSv1.2 4096 sha1WithRSAEncryption True 300 True
12 AES128-SHA256
TLSv1.2 4096 sha1WithRSAEncryption True 300 True
13 ECDHE-RSA-AES256-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300 True
ECDH,P-384,384bits
14 DHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
4096 sha1WithRSAEncryption True 300 True DH,1024bits
15
DHE-RSA-CAMELLIA256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True DH,1024bits
16 AECDH-AES256-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None True None False ECDH,P-384,384bits
17
AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True
300 True
18 CAMELLIA256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True
19 ECDHE-RSA-DES-CBC3-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300 True
ECDH,P-384,384bits
20 EDH-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
4096 sha1WithRSAEncryption True 300 True DH,1024bits
21
AECDH-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None True None False
ECDH,P-384,384bits
22 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True
23 ECDHE-RSA-AES128-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300 True
ECDH,P-384,384bits
24 DHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
4096 sha1WithRSAEncryption True 300 True DH,1024bits
25
DHE-RSA-CAMELLIA128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True DH,1024bits
26 AECDH-AES128-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None True None False ECDH,P-384,384bits
27
AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True
300 True
28 CAMELLIA128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True
29 DHE-RSA-SEED-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300 True
DH,1024bits
30 SEED-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True
31 ECDHE-RSA-RC4-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300 True
ECDH,P-384,384bits
32 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None
True None False ECDH,P-384,384bits
33 RC4-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300 True
34
RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300
True
35 EDH-RSA-DES-CBC-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096
sha1WithRSAEncryption True 300 True DH,1024bits
36 DES-CBC-SHA
SSLv3,TLSv1,TLSv1.1,TLSv1.2 4096 sha1WithRSAEncryption True 300
True
OCSP stapling: supported
Server side cipher ordering
$
./analyze.py -t bettercrypto.org
bettercrypto.org:443 has bad
ssl/tls
Things that are really FUBAR:
* remove cipher
AECDH-AES256-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher
AECDH-DES-CBC3-SHA
* remove cipher AECDH-AES128-SHA
* remove cipher
DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher
ECDHE-RSA-RC4-SHA
* remove cipher AECDH-RC4-SHA
* remove cipher
RC4-SHA
* remove cipher RC4-MD5
* remove cipher EDH-RSA-DES-CBC-SHA
*
remove cipher DES-CBC-SHA
Changes needed to match the old level:
*
remove cipher AECDH-AES256-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
*
remove cipher AECDH-DES-CBC3-SHA
* remove cipher AECDH-AES128-SHA
*
remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher
ECDHE-RSA-RC4-SHA
* remove cipher AECDH-RC4-SHA
* remove cipher
RC4-SHA
* remove cipher RC4-MD5
* remove cipher EDH-RSA-DES-CBC-SHA
*
remove cipher DES-CBC-SHA
* use a certificate with sha1WithRSAEncryption
signature
* consider enabling OCSP Stapling
Changes needed to match the
intermediate level:
* remove cipher AECDH-AES256-SHA
* remove cipher
ECDHE-RSA-DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove
cipher AECDH-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher
AECDH-AES128-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher
SEED-SHA
* remove cipher ECDHE-RSA-RC4-SHA
* remove cipher
AECDH-RC4-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove
cipher EDH-RSA-DES-CBC-SHA
* remove cipher DES-CBC-SHA
* disable SSLv3
*
consider using a SHA-256 certificate
* consider enabling OCSP
Stapling
Changes needed to match the modern level:
* remove cipher
AES256-GCM-SHA384
* remove cipher AES256-SHA256
* remove cipher
AES128-GCM-SHA256
* remove cipher AES128-SHA256
* remove cipher
DHE-RSA-CAMELLIA256-SHA
* remove cipher AECDH-AES256-SHA
* remove cipher
AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher
ECDHE-RSA-DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove
cipher AECDH-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher
DHE-RSA-CAMELLIA128-SHA
* remove cipher AECDH-AES128-SHA
* remove cipher
AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher
DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher
ECDHE-RSA-RC4-SHA
* remove cipher AECDH-RC4-SHA
* remove cipher
RC4-SHA
* remove cipher RC4-MD5
* remove cipher EDH-RSA-DES-CBC-SHA
*
remove cipher DES-CBC-SHA
* disable TLSv1
* disable SSLv3
* use a
SHA-256 certificate
* consider enabling OCSP Stapling
- Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20141013/8a30efdf/attachment.html>
More information about the Ach
mailing list