1

First, I may be asking a dumb question. I am trying to learn, so please, take it easy on me.

Second, if this is not the right place for this question, or you can link me elsewhere, please tell me/ do so.

Third, I appreciate anyone who takes the time to answer.

This said, I am utilizing a desktop program (as a customer) which streams real time information and holds sensitive data on it as well, such as account values and account numbers. It does not hold or transmit credit card information.

Occasionally I have Wireshark running and noticed that this program completes its handshake using TLSv1.0 with the cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA. I can't seem to understand why this would be considering what I understand about TLSv1.0 and CBC (but note above, I am new to this). Is this at all, in any manner, appropriate because of its key exchange being ECDHE and encryption cipher of AES 256?

I know this is not PCI-DSS compliant and I know many vendors have completely moved away from TLSv1.0, as in completely disabled. I can only think the reason for this is because the owner of the program does not want to put clients out who may be using old OS that don't have newer cipher suites, but I could be misguided in my understanding of this. The owner recommended specs for OS is Windows 10, but see no issue as to why it would not operate on previous OS versions, including possibly Vista.

Obviously I am being coy about the program as I really have no idea if this poses any risk. Since I am novice, I suspect those who are in charge of the program have a valid reason for using this version of TLS/ Cipher Suite, but I thought I'd ask.

Thanks for taking the time to read.

edit: forgot to mention- Compression Method: null (0) - I have read that this should be set to null, in case this matters.

Ryan
  • 11
  • 1
  • 3
  • I assume you mean CBC, not CDC? – forest Sep 19 '18 at 01:52
  • You are correct, Cipher Block Chaining. That was a mistype. – Ryan Sep 19 '18 at 01:56
  • If the program uses Windows 'schannel' for TLS-was-SSL, which some but not all Windows programs do, on Vista (which was released 2006) schannel doesn't do better than TLS1.0. (At least unlike XP from 2001 it does do ECDHE and AES. And sha-2+RSA/EC certs without needing a service pack.) – dave_thompson_085 Sep 19 '18 at 18:17

1 Answers1

4

The used protocol and ciphers depend on the capabilities of both client and server. You don't say what kind of server is involved but usually today's TLS stacks on the client side offer a variety of ciphers and also still support TLS 1.0. If the server cannot do better than TLS 1.0 then this is what is used as the minimal protocol version. The for the cipher: the server picks the one which is both offered by the client and supported on the server. And, while TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA might not be the most modern cipher it is perfectly safe to use today.

Thus, in order to find out who is to blame for TLS 1.0 and for the cipher look closer at the handshake, i.e. look at the ClientHello on what the client offers (as dave_thompson_085 correctly pointed out: look into the "inner" version and not the record layer version). If the client offers TLS 1.2 and the resulting protocol is only TLS 1.0 then the server is to blame for this and not the client. The same is true for the choice of ciphers, i.e. at the end the server decides what to use.

As to why a server still might support only TLS 1.0: it is probably some older system which does not support newer versions yet. And, since the cost of upgrade is not zero (not only the cost of software but also the cost of testing everything which depends on it and maybe more) the owner decided to not upgrade to a more modern system.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Be sure to look at the versions offered and accepted in the _body_ of ClientHello and ServerHello respectively, not the record-layer prefix, which especially for ClientHello is often different and 'wrong'. PS: you meant to say 'the **same** for the cipher' – dave_thompson_085 Sep 19 '18 at 18:07
  • @dave_thompson_085: thanks for the input, I've incorporated it into the answer. – Steffen Ullrich Sep 19 '18 at 19:04
  • Yes, it is on the server side, as this is the “best” of the ciphers offered by the server in the list of all available ciphers (if I’m saying that correctly). – Ryan Sep 19 '18 at 19:24