On 12/2/2014 8:38 AM, Reindl Harald wrote:
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim:
On 12/2/2014 1:32 AM, Reindl Harald wrote:
ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH ssl_dh_parameters_length = 2048 ssl_parameters_regenerate = 0 ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2
But why does ssl_protocols behave differently depending on if $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient?
It seems that if ssl_cipher_list is defined, ssl_protocols = !SSLv2 !SSLv3
results in TLS1.2 being the only one active, but if it is defined, 1.0, 1.1, and 1.2 are all active?
ssl_protocols = !SSLv2 !SSLv3
and you are fine, aynthing else is nonsense because when TLSv1.3 will be released you go to each and every server to add it to the config? likely not!
Configuration management. :)
mis-management is the right word for disable future procotols
It wouldn't. As you've pointed out, you don't have to explicitly enable TLSv1.0+. That's because they're (now) enabled by default. There was a period of time when TLSv1.1 and TLSv1.2 weren't enabled by default. There are also some softwares that don't do the SSL setup correctly without explicit protocol lists. It's easier to be uniformly explicit everywhere. I'd rather be needlessly explicit than have a security failure due to incorrectly assuming an implicit behaviour.
Also, no, you need to do more than just disable SSLv3. You need to disable several cipher groups allowed in TLSv1.0 and TLSv1.1, bump up the DH parameter size, and, if your client base allows it, only allow ciphers with forward secrecy
i *only* referred to "ssl_protocols" and not to ciphers
Sorry, that wasn't obvious to me.
that below are sane settings supporting older Outlooks only talking RC4/DES but prefer a specific order for other clients
ssl_protocols = !SSLv2 !SSLv3 ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_cipher_list = [really long cipherspec snipped]
A student of Mozilla's security policies, I see. ;)
You really only need TLSv1 3DES without PFS for Outlook on Windows XP/2003. Outlook on later Windows will do TLSv1 DHE-AES. Older Android devices will need TLSv1 AES128 without PFS. The minimum would therefore be:
HIGH+kEECDH:HIGH+kEDH:-3DES:AES128-SHA:DES-CBC3-SHA:!aNULL:@STRENGTH
Supporting other older ciphers may support ancient Android, IOS, MacOS and Thunderbird clients, but IME AES128-SHA and DES-CBC3-SHA are all you need for a realistic userbase of old software.