John's Blog: SSL/TLS Security Level

June 23, 2017

First things first... When discussing SSL/TLS encryption security issues, the first and most important thing to keep in mind is that encryption accounts for only one component of overall server security. It is critically important to understand that a high SSL/TLS test scan score does not mean you have a secure server. It means that your server's encryption mechanism is well-implemented. However, well-implemented encryption is meaningless if you don't also have a solid password policy that you monitor and enforce, carefully constructed content access areas, closely manage other services running on the server, etc.

User sessions carried out over older SSL connections, even those that might rate an "F" on a security scan, are far more secure than plain text connections, and other aspects of server security must be locked down before SSL/TLS encryption becomes the "weak link" in your server's overall security scheme. For details, please see the "Server Security" article in the Rumpus package.

With that said, for those administrators who have high security needs and have a carefully constructed set of security processes, making sure your server's encryption capabilities are correctly configured is essential to ensuring the absolute best data security for your clients. So let's take a look at SSL/TLS security options in Rumpus.

Supported Ciphers

Rumpus supports SSL versions and cipher suites ranging from older protocols dating back more than a decade to the latest DH and ECDH encryption mechanisms. And Rumpus will always use the most modern and secure cipher suite supported by the client. So, even when you configure the server to allow older clients to connect via SSL, when modern clients connect, modern ciphers will be used to ensure maximum security for those connections.

The question when configuring the server is whether or not you want to allow older clients to connect using weak or potentially exploitable encrypted sessions. Older clients, say MSIE running on Windows XP, will simply not be capable of connecting via strong modern connections. The real question is whether or not you want to allow these older clients to connect, or whether the server should deny those connections and require that the client use a more modern client capable of advanced encryption.

Again, modern clients will always connect using the most advanced encryption supported by both the server and the client, so your security setting in Rumpus does not effect the encryption level of modern clients connecting to the server. The issue is whether or not you want to allow older clients to connect using only the older encryption mechanisms they have available to them.

Automated Test Suites

The primary drivers of interest in SSL/TLS encryption deployment are test services like Qualys SSL Labs. Again, while these services only test a very limited array of issues, they can be useful in assessing SSL deployment. Typically, these tests involve a robot that executes a series of probes to your server, resulting in a grade ranging from insecure (usually "F") to very secure ("A" or "A+").

SSL/TLS Security Level

In versions of Rumpus prior to 8.1.7, there were several configuration options allowing the server administrator to control various SSL settings. As of Rumpus 8.1.7, these options have been combined into a single pop-up menu, "SSL/TLS Security Level". Your selection of security level automatically adjusts each of the indvidual SSL settings according to your preference between supporting a wide range of (usually older) clients and requiring users to run more modern clients to ensure a higher level of security.

The SSL/TLS Security Level options are:

Support Ancient Clients (Least Secure)

If you would like to support virtually all clients, including those running older and potentially even obsolete browsers, operating systems, and FTP clients, "Support Ancient Clients" is the option to choose. In this case, SSLv3 and later will be allowed, any cipher suite may be used, and the DH key will be 512 bits.

With this option selected, your server is likely to achieve a poor score in automated tests, but as noted above, sessions will still be encrypted in such a way that security is far greater than plain text transfers. This option is not appropriate in high security environments, but is useful to achieve basic encryption when virtually any client needs to be be able to access the server.

Support Older Clients (Less Secure)

This option is a big step up in security, while still offering support for the large majority of clients in use today. SSLv3 is disabled in this mode, so clients will need to support TLSv1 or later, and reasonably strong ciphers are required. The DH key is 1024 bits.

This is a good option when a compromise between supporting older clients and enforcing reasonable security is necessary. The score your server will achieve from automated test sites is likely to be in the "C" range.

The following cipher suites are required, while less secure ciphers are disabled.

    ECDHE-ECDSA-AES128-GCM-SHA256
    ECDHE-RSA-AES128-GCM-SHA256
    ECDHE-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-GCM-SHA384
    DHE-RSA-AES128-GCM-SHA256
    DHE-RSA-AES256-GCM-SHA384
    ECDHE-ECDSA-AES128-SHA256
    ECDHE-RSA-AES128-SHA256
    ECDHE-ECDSA-AES128-SHA
    ECDHE-RSA-AES256-SHA384
    ECDHE-RSA-AES128-SHA
    ECDHE-ECDSA-AES256-SHA384
    ECDHE-ECDSA-AES256-SHA
    ECDHE-RSA-AES256-SHA
    DHE-RSA-AES128-SHA256
    DHE-RSA-AES128-SHA
    DHE-RSA-AES256-SHA256
    DHE-RSA-AES256-SHA
    ECDHE-ECDSA-DES-CBC3-SHA
    ECDHE-RSA-DES-CBC3-SHA
    EDH-RSA-DES-CBC3-SHA
    AES128-GCM-SHA256
    AES256-GCM-SHA384
    AES128-SHA256
    AES256-SHA256
    AES128-SHA
    AES256-SHA

Support Modern Clients (More Secure)

Most clients in use today are reasonably up to date, because older clients tend to misbehave on many modern Web sites. So configuring your server to support most modern clients should not cause too many people problems. By doing so, Rumpus is able to disable known problematic protocols and cipher suites and enforce very good encryption.

This option is the default in Rumpus because it will test very well with automated SSL test services but also offers broad support for any client running relatively recent software. Only TLSv1.1 and later will be allowed, the DH key length is a strong 2048 bits, and the following list of ciphers are supported, while less secure suites are disabled.

    ECDHE-ECDSA-AES128-GCM-SHA256
    ECDHE-RSA-AES128-GCM-SHA256
    ECDHE-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-GCM-SHA384
    DHE-RSA-AES128-GCM-SHA256
    DHE-RSA-AES256-GCM-SHA384
    ECDHE-ECDSA-AES128-SHA256
    ECDHE-RSA-AES128-SHA256
    ECDHE-ECDSA-AES128-SHA
    ECDHE-RSA-AES256-SHA384
    ECDHE-RSA-AES128-SHA
    ECDHE-ECDSA-AES256-SHA384
    ECDHE-ECDSA-AES256-SHA
    ECDHE-RSA-AES256-SHA
    DHE-RSA-AES128-SHA256
    DHE-RSA-AES128-SHA
    DHE-RSA-AES256-SHA256
    DHE-RSA-AES256-SHA
    ECDHE-ECDSA-DES-CBC3-SHA
    ECDHE-RSA-DES-CBC3-SHA
    EDH-RSA-DES-CBC3-SHA

Require Up To Date Clients (Most Secure)

When you wish to enforce only the most modern, strongest cryptographic functions, choose "Require Up To Date Clients". In this mode, some users may be forced to update their client software in order to connect to the server, and by doing so will allow the client and server to communicate using the most secure encryption currently available.

With this option enabled, clients must use TLSv1.2 to connect, the DH key is 2236 bits, and only the strongest ciphers that provide forward secrecy are allowed.

    ECDHE-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-GCM-SHA384
    DHE-RSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-SHA384
    ECDHE-ECDSA-AES256-SHA384
    ECDHE-ECDSA-AES256-SHA
    ECDHE-RSA-AES256-SHA
    DHE-RSA-AES256-SHA256
    DHE-RSA-AES256-SHA

One final note: The information above is current as of this writing, but cryptography continues to evolve as computers get faster, networks increase in bandwidth, and as flaws in existing cryptography are found. Moving forward, these settings may be changed to improve security as this evolution continues.

A useful side-effect of selecting a "Security Level", rather than specifying specific SSL/TLS options, is that Maxum can adjust and advance the underlying security options without administrators needing to change settings in Rumpus. For example, the "Require Up To Date Clients" option enforces security options as described above today, but in the future, we can keep those options up to date with the latest cryptographic standards, and those updates will be automatically be implemented on your server simply by applying a newer Rumpus update.

© Copyright 2018, Maxum Development Corp.