Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 3, 2011 7:01 PM
I was wondering if some one could help me order the cipher suites in Server 2008 R2 from strongest to weakeast.
I did this in Server 2008 but I don't know about the new suites added in R2.
I have the following to choose from:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
TLS 1.2 SHA256 and SHA384 cipher suites:
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
TLS 1.2 ECC GCM cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
Thanks.
All replies (2)
Friday, February 4, 2011 1:58 PM âś…Answered
Without going through everything line by line it helps if you break down each cipher suite into three parts: the key exchange, the encryption, and message integrity and then make your preference decisions. The larger the keys the more computationally intensive they become.
In the end, most of those are completely unbreakable so it doesn't matter what you choose.
All the key exchange asymmetric algorithms are incredibly strong so it really doesn't matter. You can avoid the old ones by dropping these choices off the list because they are relatively weak as are their hashing and encryption:
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
These offer no encryption only message integrity so get rid of them as well:
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA256
Anything with AES is suitable for use. The larger the key length the stronger it is.
SHA is a strong hash and even the smaller digest sizes are still acceptable and in common use.
Prefer TLS 1.2 for the most part but just remember that old browsers won't be able to negotiate the newer algorithms if you completely exclude the old ones. I'd disable the ones that were part of the old SSL standard though since there are vulnerabilities IIRC.
Matt W. CCNP, CCDA, CCNA-S, RHCT, MCSE, MCSA, MCP+I, A+
Tuesday, July 2, 2013 3:47 PM | 1 vote
I second what Matt W. wrote, but like to add a few things:
The FIPS Suite B protocols are in general more secure.
There is another thing: Perfect Forward Secerecy (PFS). You'll get this only with elliptic curve cryptography or Diffie-Hellman.
So my personal grouping is:
- TLS_ECDHE_ECDSA_...
- TLS_DHE_DSS_...
- TLS_RSA_WITH_...
- SSL_...
Keep in mind though, that the other side (e.g. webserver) also determines which protocol is used. Due to higher performance impact, the Diffie-Hellman protocols are disabled on many webservers or not enabled by default (MS IIS).