[SERVER-34911] Restrict TLS ciphers supported by servers and clients Created: 08/May/18  Updated: 27/Oct/23  Resolved: 29/Jan/19

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Kenneth White
Resolution: Gone away Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
has to be done after SERVER-35064 OpenSSL Elliptic Curve Auto Negotiati... Closed
Related
Participants:

 Description   

There are a wide variety of ciphers suites, defined across the TLS RFCs. These suites will specify the hashing algorithm and the asymmetric and symmetric cryptography used in the TLS conversation. Some suites provide useful properties, like Perfect Forward Secrecy.

The server and shell should restrict themselves to using a limited set of suites which provide PFS, and use modern algorithms which are considered to have wide security margins.

Below are a set of cipher suites which would be supported.

Cipher Suites
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256


 Comments   
Comment by Kenneth White [ 23/Jan/19 ]

Thanks spencer.jackson. I'm fine with closing this for now. Independent of this ticket, I'll assign myself to put together a simple test suite and living doc to crosswalk server & drivers on the major supported platforms with modern PFS cipher suites (I know that RH/Cent 8 includes and Ubuntu 18LTS will backport TLS 1.3 natively, but it would be good to have a uniform central resource to point to).

Comment by Kenneth White [ 23/Jan/19 ]

Just to confirm, do we believe that 4.2 server and current drivers running on major supported modern platforms like Windows Server 2016+, Windows 10, RedHat/Cent 7.4+, and OSX can be configured to support at least one of these suites?

TLS_ECDHE_RSA_WITH_AES_128GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

If not, maybe we could create a simple crosstab of the major supported platforms vs cipher suites for the record and then revisit this post-4.2?

Generated at Thu Feb 08 04:38:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.