Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
no edit summary
(→Cipher names correspondence table: Update reference from 'https://github.com/marumari/tls-table/blob/master/tls-table.py' to 'https://github.com/april/tls-table/blob/master/tls-table.py' ref Milton Smith) |
No edit summary |
||
| Line 32: | Line 32: | ||
The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. Each level shows the list of algorithms returned by its ciphersuite. If you have to pick ciphers manually for your application, make sure you keep the ordering. | The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. Each level shows the list of algorithms returned by its ciphersuite. If you have to pick ciphers manually for your application, make sure you keep the ordering. | ||
The ciphersuite numbers listed come from the IANA [https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 TLS Cipher Suite Registry]. Previous versions of these recommendations included draft numbers for ECDHE-ECDSA-CHACHA20-POLY1305 (0xCC,0x14) and ECDHE-RSA-CHACHA20-POLY1305 (0xCC,0x13). | |||
== <span style="color:green;">'''Modern'''</span> compatibility == | == <span style="color:green;">'''Modern'''</span> compatibility == | ||
| Line 51: | Line 53: | ||
0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD | 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD | ||
0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD | 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD | ||
0xCC, | 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD | ||
0xCC, | 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD | ||
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD | 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD | ||
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD | 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD | ||
| Line 74: | Line 76: | ||
* TLS curves: '''prime256v1, secp384r1, secp521r1''' | * TLS curves: '''prime256v1, secp384r1, secp521r1''' | ||
* Certificate type: '''RSA''' | * Certificate type: '''RSA''' | ||
* Certificate curve: | * Certificate curve: '''None''' | ||
* Certificate signature: '''sha256WithRSAEncryption''' | * Certificate signature: '''sha256WithRSAEncryption''' | ||
* RSA key size: '''2048''' | * RSA key size: '''2048''' | ||
| Line 83: | Line 85: | ||
<source> | <source> | ||
0xCC, | 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD | ||
0xCC, | 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD | ||
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD | 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD | ||
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD | 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD | ||
| Line 128: | Line 130: | ||
* TLS curves: '''prime256v1, secp384r1, secp521r1''' | * TLS curves: '''prime256v1, secp384r1, secp521r1''' | ||
* Certificate type: '''RSA''' | * Certificate type: '''RSA''' | ||
* Certificate curve: | * Certificate curve: '''None''' | ||
* Certificate signature: '''sha256WithRSAEncryption''' | * Certificate signature: '''sha256WithRSAEncryption''' | ||
* RSA key size: '''2048''' | * RSA key size: '''2048''' | ||
| Line 137: | Line 139: | ||
<source> | <source> | ||
0xCC, | 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD | ||
0xCC, | 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD | ||
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD | 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD | ||
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD | 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD | ||
| Line 530: | Line 532: | ||
more: https://weakdh.org | more: https://weakdh.org | ||
= SSL and TLS Settings = | |||
== SPDY == | == SPDY == | ||
| Line 545: | Line 548: | ||
more information: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf | more information: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf | ||
= Cipher suites = | |||
== Cipher names correspondence table == | == Cipher names correspondence table == | ||
| Line 2,791: | Line 2,796: | ||
|} | |} | ||
The table above was automatically generated via: [https://github.com/ | The table above was automatically generated via: [https://github.com/marumari/tls-table/blob/master/tls-table.py https://github.com/marumari/tls-table/blob/master/tls-table.py]. | ||
Colors correspond to the [[#Modern_compatibility|<span style="color: #008000; font-weight: bold;">Modern</span>]], [[#Intermediate_compatibility_.28default.29|<span style="color: #FFA500; font-weight: bold;">Intermediate</span>]], and [[#Old_backward_compatibility|<span style="color: #808080; font-weight: bold;">Old</span>]] compatibility levels. Each compatibility level is a superset of the more modern levels above it. | Colors correspond to the [[#Modern_compatibility|<span style="color: #008000; font-weight: bold;">Modern</span>]], [[#Intermediate_compatibility_.28default.29|<span style="color: #FFA500; font-weight: bold;">Intermediate</span>]], and [[#Old_backward_compatibility|<span style="color: #808080; font-weight: bold;">Old</span>]] compatibility levels. Each compatibility level is a superset of the more modern levels above it. | ||
| Line 2,807: | Line 2,812: | ||
gnutls-cli 3.1.26 | gnutls-cli 3.1.26 | ||
$ gnutls-cli -l --priority NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AES-256-CBC:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+SIGN-RSA-SHA224:+SIGN-RSA-SHA1:+SIGN-DSA-SHA256:+SIGN-DSA-SHA224:+SIGN-DSA-SHA1:+CURVE-ALL:+AEAD:+SHA256:+SHA384:+SHA1:+COMP- | $ gnutls-cli -l --priority NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AES-256-CBC:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+SIGN-RSA-SHA224:+SIGN-RSA-SHA1:+SIGN-DSA-SHA256:+SIGN-DSA-SHA224:+SIGN-DSA-SHA1:+CURVE-ALL:+AEAD:+SHA256:+SHA384:+SHA1:+COMP-NULL | ||
Cipher suites for NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AES-256-CBC:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+SIGN-RSA-SHA224:+SIGN-RSA-SHA1:+SIGN-DSA-SHA256:+SIGN-DSA-SHA224:+SIGN-DSA-SHA1:+CURVE-ALL:+AEAD:+SHA256:+SHA384:+SHA1:+COMP-NULL | |||
TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2 | TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2 | ||
TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.0 | TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.0 | ||