3

Intended result: To have identical cipher support in IIS 8.5 (new server), as I have support for in Apache 2.4 (the server I want to copy the supported ciphers from).

ssllabs.com info : Apache 2.4 gives A+ rating with Robust FS support and support for Android 2.x. IIS 8.5, playing around, I can get either an A rating with 'modern browser' FS, or an A+ rating with no Android 2.x support.

Apache 2.4 conf params related to ciphers:

    SSLProtocol -all -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite -LOW:AESGCM:AES:!kRSA:!kPSK:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!ADH
    SSLStrictSNIVHostCheck Off
    SSLCompression off

    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLHonorCipherOrder on

What is the equivalent cipher list for IIS 8.5 on Windows Server 2012r2, to the following Apache2.4 (linux) suite. The available cipher names from Windows are after the cipher list shown below from Apache2.

Apache2 cipher list (in order of strength)

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1

In Windows Server 2012r2, I have the following ciphers available to choose from:

TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 SSL_CK_RC4_128_WITH_MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TLS_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

Kraang Prime
  • 195
  • 1
  • 1
  • 10
  • You actually only need awk/sed to match them – Alex H Feb 25 '16 at 14:12
  • the differences are subtle ( use of `-` instead of `_` ) or a pain such as trailing `P521` or inline block types ( `CBC` `CBC_SHA` etc ) which make this not a simple automatic seek and find. Several of the protocols don't match, however I know the apache2 ones definitely handshake with every client (aside from IE on XP, and Java6) according to ssllabs.com. Since each client is using the ciphers available to the system, and iis also uses these ciphers, then it can be concluded there is a viable match even when it isn't obvious. Frustrated as the variation makes this confusing and painful. – Kraang Prime Feb 25 '16 at 14:20
  • The ones on windows can actually be extended, as you can add them to the registry https://technet.microsoft.com/en-us/library/dn786419.aspx. On Tomcat atleast it bypasses the OS completelly. I would actually look on which ones are modern or needed by the application and only leave those ones, this will get the list quite small. There is no exact 1 to 1 list of protocols because OpenSSL and Schannel SSP implementations on Windows are different, as you explained earlier. – Alex H Feb 25 '16 at 14:31
  • Actually I might be wrong, but if the SSL provider is OpenSSL you might be able to use the same ones *needs testing* – Alex H Feb 25 '16 at 14:35
  • IIS default setup without strange and magical 3rd party layers, does use the system crypto and is also configurable via gpedit.msc (cipher order). The problem I am having primarily, is the block type variation or 'missing' (even though supported) cipher suites. _missing_ likely due to being under a different name, and not actually missing. I tried playing around with https://www.nartac.com/Products/IISCrypto/Download and while dated, it is fairly decent. Doesn't update the cipher order policy properly tho, or give any further clarity into cipher matching to openssl. – Kraang Prime Feb 25 '16 at 14:36
  • Very cool tool, did not know about it. Please update the question to say that you want the same protocols from Apache2/Linux to Windows/IIS. I misunderstood that you actually still want Apache2 on Windows. – Alex H Feb 25 '16 at 14:42
  • Added some more details as requested. Also included the conf information pertaining to perfect FS in apache. – Kraang Prime Feb 25 '16 at 14:55

1 Answers1

1

There is no exact list as far as I know as they are different implementation of SSL/TLS. If you know exactly which ciphers you would need you can try to enable everything on the Windows server, then test it with the openssl tool https://www.openssl.org/docs/manmaster/apps/s_client.html. This way you might get as close as possible to have the same ciphers.

Alex H
  • 1,814
  • 11
  • 18
  • Just a comment for those seeking this. there are a couple of ciphers missing which prevent as thorough backwards comparability with older devices AND have perfect forward secrecy. – Kraang Prime Mar 03 '16 at 13:39