1

I need to disable the weak ciphers within a weak protocol version, namely TLS1.0, on a windows server 2012 R2 running IIS. I understand that cipher suites are tied to protocol, i.e. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 would be specific to TLS. I am able to disable the cipher suite in regedit, but I am unable to do so only for TLS version 1.0.

Context

Part of my hardening of IIS8.5 requires the disabling of TLS1.0, which unfortunately I cannot do so due to business requirements (client machines that I do not have control over do not have TLS1.2 enabled). The next best alternative would be to disable the as many ciphers for TLS1.0 that business don't require.

Can anyone shed some light?

Reference tables from Wiki: Cipher Suite enter image description here

George
  • 739
  • 1
  • 6
  • 22
  • 1
    Any ciphersuite with **GCM** is tied to TLS **1.2** (or 1.3 when it comes out); so are CCM and (ChaCha-)Poly, together called AEAD. The _next_ table after the one you took from wikipedia shows (most of) this. Formally 1.1 drops/prohibits the export suites and 1.2 deprecates single-DES and IDEA, but those are broken and should not (and need not) be used in any protocol version. RC4 also should not be used If at all possible but that's a different RFC not the base TLS RFCs. If your clients don't do 1.2, the **"next best workaround" is 1.1** not 1.0. – dave_thompson_085 Aug 25 '16 at 01:41
  • @dave, thanks for pointing that out. It's clearly now. On the note on TLS1.1, I should have clarified that the client machines only supports with TLS1.0. If I were to enable TLS1.1 on all of them, I would might as well enable TLS1.2 (it's just that I don't have control over who would be using my application) – George Aug 25 '16 at 02:18

1 Answers1

2

While it would be in theory possible for an TLS stack to offer the configuration you like the common TLS stacks don't allow this. They let you limit the protocol version and they let you limit the ciphers but they don't let you limit the ciphers for a specific protocol version only.

The next best workaround would be to disable the weak ciphers for TLS1.0.

If a cipher is weak you should disable it for all protocol versions, not only for TLS 1.0. I don't know if any cipher which is considered weak with TLS 1.0 but is considered strong with TLS 1.2.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thanks Steffen for the insights. What I meant as the next best alternative is to limit the ciphers to a minimum to TLS1.0, only for those absolutely for the application to run. For example IF I have 20 ciphers enabled for TLS and (in theory) they are tied to version 1.0 and 1.2 of TLS, then I would want as little ciphers enabled on TLS1.0 given it's a weak protocol, to limit exposure. – George Aug 25 '16 at 02:22
  • @George: the problem with TLS 1.0 is a design flaw regarding CBC ciphers so you would ideally disable all CBC ciphers. Unfortunately I think there are no ciphers left if you require that they are available in TLS 1.0, are considered strong and which are not CBC. Such ciphers are only introduced with TLS 1.2. – Steffen Ullrich Aug 25 '16 at 04:11