2

Is there a way to add/enable ECDHE-ECDSA-CHACHA20-POLY1305 and ECDHE-RSA-CHACHA20-POLY1305 ciphersuites on Windows Server 2019 (Build 1809 or later) for HTTPS configuration of IIS webserver?

According to the TLS Cipher Suites in Windows 10 v1809 (unfortunately, this page does not explicitly mentions Windows Server 2019 OS) there is no support of these ciphersuites on Windows by default.

Executing the following PowerShell command

Enable-TlsCipherSuite -Name ECDHE-ECDSA-CHACHA20-POLY1305
Enable-TlsCipherSuite -Name ECDHE-RSA-CHACHA20-POLY1305

Added CHACHA20-POLY1305 ciphersuites as "empty" ciphersuites (output below is a result of Get-TlsCipherSuite PowerShell command)

KeyType               : 0
Certificate           :
MaximumExchangeLength : 0
MinimumExchangeLength : 0
Exchange              :
HashLength            : 0
Hash                  :
CipherBlockLength     : 0
CipherLength          : 0
BaseCipherSuite       : 0
CipherSuite           : 0
Cipher                :
Name                  : TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Protocols             : {}

KeyType               : 0
Certificate           :
MaximumExchangeLength : 0
MinimumExchangeLength : 0
Exchange              :
HashLength            : 0
Hash                  :
CipherBlockLength     : 0
CipherLength          : 0
BaseCipherSuite       : 0
CipherSuite           : 0
Cipher                :
Name                  : TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Protocols             : {}
Pylyp Lebediev
  • 123
  • 5
  • 1
    The link in your question doesn't list this cipher suites as supported. This is an official Microsoft documentation. How does that not answer your question? – Josef Nov 09 '20 at 15:11
  • I am looking for a possibility to have these ciphersuites on Windows Server 2019 installed and enabled, perhaps via manual installation (e.g. 3-party tool or application). Unfortunately, there is not much information regarding these ciphersuites and Windows Server 2019 on the Internet – Pylyp Lebediev Nov 09 '20 at 15:18
  • The information and configuration is specific to the Windows native TLS stack Schannel. As far as I know there are now third-party extensions to this TLS stack. This does not mean that you cannot use these ciphers on this OS, but only that you need to use a different TLS stack (like OpenSSL) and your application must use this TLS stack, for example nginx web server on Windows does support it. In the end it boils down to what you want to have this cipher enabled for - which is unknown. – Steffen Ullrich Nov 09 '20 at 15:35
  • Thank you Steffen. There is a missing point in my question, we need to have these ciphersuites for HTTPS on IIS webserver – Pylyp Lebediev Nov 10 '20 at 07:25
  • 2
    @PylypLebediev you can't! – Josef Nov 10 '20 at 09:48
  • @Josef It should be possible using a CNG SSL Provider to add cipher suites; that's one of the things they can do. SChannel's built-in CNG provider doesn't support it, but you can configure a different provider, and I believe IIS will respect that. – CBHacking Aug 10 '22 at 11:16

4 Answers4

2

You could install a reverse proxy in front of your IIS webserver, which handles TLS with the ECDHE-ECDSA-CHACHA20-POLY1305 cipher suite you require.

andaris
  • 81
  • 2
2

Below are snippets from the Microsoft Security blog post Taking Transport Layer Security (TLS) to the next level with TLS 1.3 (published August 20, 2020).

Transport Layer Security (TLS) 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170...

TLS 1.3 now uses just 3 cipher suites, all with perfect forward secrecy (PFS), authenticated encryption and additional data (AEAD), and modern algorithms...

We highly recommend for developers to start testing TLS 1.3 in their applications and services. The streamlined list of supported cipher suites reduces complexity and guarantees certain security properties, such as forward secrecy (FS). These are the supported cipher suites in Windows TLS stack (Note: TLS_CHACHA20_POLY1305_SHA256 is disabled by default):

  1. TLS_AES_128_GCM_SHA256
  2. TLS_AES_256_GCM_SHA384
  3. TLS_CHACHA20_POLY1305_SHA256

The protocol enables encryption earlier in the handshake, providing better confidentiality and preventing interference from poorly designed middle boxes. TLS 1.3 encrypts the client certificate, so client identity remains private and renegotiation is not required for secure client authentication.

TLS 1.3 is enabled by default in IIS/HTTP.SYS.

TLS 1.3 support will also be added to .NET beginning with version 5.0.

For more information about TLS 1.3, refer to the Microsoft TLS 1.3 support reference.

phbits
  • 1,002
  • 2
  • 5
  • 12
  • 2
    To be a little more specific in what this post says: as of today it'll be available in the next major release of Windows, and as such is not available in Windows Server 2016 or 2019. Whether it gets backported to earlier builds like 2019 remains to be seen. – Steve Nov 11 '20 at 16:10
0

CHACHA20-POLY1305 is TLS 1.3, which is only supported as of Windows Server 2022.

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-#tls-protocol-version-support

PasWei
  • 722
  • 3
  • 14
Alex Millà
  • 1
  • _Microsoft_ (schannel) implements ChaCha/Poly only for 1.3, but there are ChaCha/Poly suites for 1.2 (including those stated in the Q) which are implemented by other software, including OpenSSL (since 2016) as Steffen Ulrich commented long ago. – dave_thompson_085 Aug 10 '22 at 01:46
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 10 '22 at 07:45
0

Windows Vista/Server 2008 and newer uses a pluggable cryptography framework (CNG, CryptoAPI Next Generation) which allows developers to write, and system administrators to install, "providers" that allow software to use new or alternative cryptographic implementations (Microsoft's own implementations are merely in the default providers). This can be used to implement new symmetric ciphers (such as ChaCha20-Poly1305) and probably to implement entire new cipher suites.

I say probably because, unlike simply implementing ciphers, I have never actually implemented a new TLS cipher suite. However, it appears it should be possible if you implement an "SSL provider", which includes a function to enumerate cipher suites; you could add e.g. ECDHE-ECDSA-CHACHA20-POLY1305 to the returned list. You'd also need to return any other suites you want to support, though you could pass those through to the default SChannel provider as a wrapper. For ChaCha20, you would of course need to supply an implementation of the relevant primitives (hooked up to the appropriate functions in the SSL provider). You could then, in theory, install the SSL provider and configure it as the default.

The documentation for CNG SSL providers is unfortunately not great. The link above might get you started, but the documentation on writing, debugging, installing, configuring as default, and otherwise using custom SSL providers is somewhat lacking. The CNG overview page links to a download page for a CNG provider SDK that hopefully contains more information (as well as the headers, etc. needed to create such a provider).

CBHacking
  • 40,303
  • 3
  • 74
  • 98