[Ach] comments and questions about MS IIS (chapter 2.1.5)

cryptofriend at ruggedinbox.com cryptofriend at ruggedinbox.com
Sun May 10 17:26:23 CEST 2015


Hi,


1)
from chapter 2.1.5:

"
When trying to avoid RC4 (RC4 biases) as well as CBC (BEAST-Attack) by
using GCM and to support perfect forward secrecy, Microsoft
SChannel(SSL/TLS,Auth,..Stack) supports ECDSA but lacks support for RSA
signatures (see ECC suite B doubts).
Since one is stuck with ECDSA, an elliptic curve certificate needs to be
used."

Windows 2012 R2 appears to be supporting the following PFS+GCM ciphers
(that don't require ECDSA certificates):

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
(using 1024bit short DH params)

see:
https://support.microsoft.com/en-us/kb/2929781
also related:
MS14-066 (Vulnerability in SChannel could allow remote code execution)
https://support.microsoft.com/kb/2992611
https://www.nartac.com/Products/IISCrypto/FAQ.aspx

tested with Win 2012 R2

2)
later in the same chapter:
"
For example insisting on SHA-2 algorithms (only first two lines) would
eliminate all versions of firefox
"

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is supported in current firefox.


3)
TLS_ECDHE_ECDSA (P256) vs. TLS_DHE_RSA (1024bit DH params)

DHE_RSA uses 1024 bits only (considered 'insufficient' as per RFC7525).
P256 has potential trust problems (NSA/Suite B curves).
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929

Assuming P256 has no backdoor, ECDHE with 256bits would be supperior over
DHE using 1024bits (if one uses the usual comparision tables).

Is it possible to adjust the DHE params in MS SChannel to use 2048bit
instead of 1024?
Would major browsers support that?
In chapter 3.7 you mention "2048-8192 bit MODP" as recommended.


4)
There is one item missing in the list of registry settings:
HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

see:
https://www.nartac.com/Products/IISCrypto/FAQ.aspx

looking forward to your feedback!




More information about the Ach mailing list