AnsweredAssumed Answered

Secure TLS/SSL Deployment: Cipher suite selection

Question asked by hugoc on Oct 20, 2012
Latest reply on Oct 22, 2012 by Ivan Ristić



I'm starting a pilot project with a local professor in cryptography (I work at a Uni) and the national CERT.


The goal is to provide is to provide a useful how to for systems administrators to deploy TLS in a secure manner.


To begin with we are only focusing on cipher suites.  Certificates will come.


Scope to begin with is Apache 2.2 and 2.4 and IIS 6, 7 and 8 (server side) and recent versions of IE, Firefox and Chrome (with possible addition of safari and opera).


There are a few parts to this: selection of cipher suites, based on input from the crypto expert and the threat analysts, and secondly knowing which suites the clients support and will then negotiate.


The sslhaf work recently published is great!  (Perviously I was using packet capture and the Env variables from mod_ssl).  However, the 'beautiful' solution is a MiTM that supports TLS 1.0, 1.1 and 1.2 that can watch the negotiation and then send back/log the results and then tear down the connection after the negotiation is complete and the contents of the negotiation are known.


With this one can test any client and any server.  (I realise that it could also be used for other nasty purposes, such is the nature of security research).


Is anyone working on similar areas of research?  Has such a tool been built?  Any general advice from the community?


(I am aware of and have read "SSL/TLS Deployment Best Practices"; great work).


The idea is to get a first publication of the how to's for the different servers with a list of client support, and then regularly update the list according to new known cipher suite / TLS vulnerabilities to create an ongoing reference for secure TLS deployment.


Thanks in advance for any responses.


Regards,  Hugo