19

A security scan result prior to the deployment of a web application on Windows Server 2008 R2 has raised the below message :

Weak SSL Cipher Suites are Supported

Reconfigure the server to avoid the use of weak cipher suites. The configuration changes are server-specific.

SSLCipherSuite HIGH:MEDIUM:!MD5!EXP:!NULL:!LOW:!ADH

For Microsoft Windows Vista, Microsoft Windows 7, and Microsoft Windows Server 2008 remove the cipher suites that were identified as weak from the Supported Cipher Suite list by following these instructions:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v=vs.85).aspx

I've tried understanding the MSDN information but I'm totally lost in there.

First of all, I do not understand which is the cipher suite that should be removed or disabled.

Then how am I suppose to run the code given an example to remove a cipher suite? 

#include <stdio.h>
#include <windows.h>
#include <bcrypt.h>

void main()
{

SECURITY_STATUS Status = ERROR_SUCCESS;
  LPWSTR wszCipher = (L"TLS_RSA_WITH_RC4_128_SHA");

Status = BCryptRemoveContextFunction(
            CRYPT_LOCAL,
            L"SSL",
            NCRYPT_SCHANNEL_INTERFACE,
            wszCipher);
}
YLearn
  • 3,967
  • 1
  • 17
  • 34
DonQi
  • 293
  • 1
  • 2
  • 5
  • Also, the MSDN page is a bit deceptive in that you don't need to use code to remove/modify any. You can use GPEdit as specified at the top of the page. Just remove any cipher suites you don't want from the list. Though @gowenfawr's linked tool looks pretty handy in this scenario. – Steve Jan 09 '14 at 18:04
  • 1
    Typical recommendation is to supporting only 128 bit or greater ciphers, but this depends on required browser support. Avoiding RC4 won't harm either. – i0null Jan 09 '14 at 17:03

5 Answers5

29

Figuring out which cipher suites to remove can be very difficult. For Windows, I've used the free IIS Crypto tool in the past:

IIS Crypto is a free tool that gives administrators the ability to enable or disable
protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008
and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement
best practices with a single click and test your website.

This not only leverages someone's expert knowledge as far as which algorithms are more or less secure, but also takes the pain of figuring out how to actually implement the change in Windows away (hint: it's a bunch of registry entries).

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
0

Protocols

To disable Protocols create a Client and a Server key with the protocol version and add the DisabledByDefault = 1 (DWord) and Enabled = 0 (DWord) values.

Examples or keys: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server

Ciphers

To disable Ciphers create a key with the Suite name and add the Enabled = 0 (DWord) value

Example of keys: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128 HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168

Cipher suites

On Win 2016 systems and above there is the Disable-TlsCipherSuite cmdlet. On earlier operating systems, there is a Functions registry value which contains the whole list of accepted Cipher Suites. These values are located under subkeys from the following paths:

HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL

However, according to Microsoft:

The Microsoft SCHANNEL team does not support directly manipulating the Group Policy and Default Cipher suite locations in the registry.

This can also be achieved through a GPO located here: Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order

Source: https://blogs.technet.microsoft.com/askds/2015/12/08/speaking-in-ciphers-and-other-enigmatic-tonguesupdate/

Luke
  • 101
  • 4
0

Disabling weak ciphers seems to be done on a per application-configuration basis.

A guide to Web Server and Proxy Server cipher configurations is actively being maintained by Hynek Schlawack (includes Apache/httpd, nginx, HAProxy, and general notes).

As of 2015-01-16 his recommended "cipher suite" string is:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

I believe the tomcat equivalent is [edit: my previous list did not include any ciphers that worked with current versions of Firefox]: 

 ciphers="TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
          TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
          TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
          TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
          TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
          TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
          TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
          TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
          TLS_RSA_WITH_AES_256_GCM_SHA384,
          TLS_RSA_WITH_AES_128_GCM_SHA256,
          TLS_RSA_WITH_AES_256_CBC_SHA256,
          TLS_RSA_WITH_AES_128_CBC_SHA256,
          TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
          TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
          TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
          TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
          TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
          TLS_RSA_WITH_AES_128_CBC_SHA,
          TLS_RSA_WITH_AES_256_CBC_SHA,
          TLS_RSA_WITH_3DES_EDE_CBC_SHA,
          TLS_EMPTY_RENEGOTIATION_INFO_SCSV"

Formatting from Tomcat How To: SSL Ciphers and available ciphers from running code supplied by an email from Christopher Schultz.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Kevin
  • 101
  • 3
  • More recently, I have been using the [tool](https://ssl-config.mozilla.org/) provided by Mozilla. – Kevin Sep 26 '19 at 19:08
0

As far as figuring out which cipher suites to remove, I would first point you to my answer to Now that it is 2015, what SSL/TLS cipher suites should be used in a high security HTTPS environment? for a detailed rundown.

The short, short, short version is:

  • You can keep disabling whichever ones your scanner hates one at a time until your scanner quits squealing like a pig!
  • You can follow NIST SP131-52 revision 1 guidelines, or other guideance provided by your government or industry regulatory bodies.
  • You can use ssllabs.com to keep testing your server, following its advice until you get a score you like and remove any warnings you don't like
Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51
-2

Here is a good list that takes out the rc4 cipers. To use it you enable the ciper suite order in group policy editor and paste it all in.

TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA
schroeder
  • 123,438
  • 55
  • 284
  • 319
bryan
  • 1