Jump to content
RESET Forums (homeservershow.com)

Cipher Suite Ordering


Sarge
 Share

Recommended Posts

A while back I tried taking Steve Gibson's Cipher Suite Ordering advice, and had no luck at all. Immediately, all machines associated with the server were unable to backup to it. I couldn't see any other issues, but that one was big enough to reset the cipher suite order back to the defaults. I forget if there was still some SHA1 and weak DH floating around in there, but I trust SG's recommendations and was trying to clean up the ordering and availability to push the preferred sets to the top. I was wondering if anyone else has had success in tightening the cryptography reigns on their WHS2011 boxes. So, anyone have any experience with this? Any success? What cipher suite ordering are you using?

 

For those who actually know something about this, the list I used is found at GRC.com/miscfiles/SChannel_Cipher_Suites.txt

Edited by Sarge
Link to comment
Share on other sites

He's got SSL_CK_DES_192_EDE3_CBC_WITH_MD5 in there which is insecure. I can't deny that he's popular but he's not infallible. He enjoys scaremongering (raw sockets), reinvents the wheel but breaks it in the process (GENESIS is just syncookies but broken and "invented" years later), makes very dubious claims about his software (spinrite claims to do things that are basically impossible) and in cases like this, just gives bad advice.

Use IIS Crypto and select best practices. ECDHE should be ahead of DHE due to the increased work needed for DHE. If your server is accessible from the internet then test using the Qualys SSL Labs server test.

  • Like 2
Link to comment
Share on other sites

spinrite claims to do things that are basically impossible

 

I can't comment about the rest, but I'm much more familiar with storage tech.

What does Steve claim SpinRite can do that's impossible?

 

Reading sectors can fix damage or "blurry"/"fuzzy" sectors, and cause the disk to correct the status or reallocate the sector.

Writing to the sector and re-writing to it again is even more aggressive, and may fix issues that the drive was having issues reading. 

 

As for fixing BSOD's and the like.... I've seen a chkdsk pass to do it. So why couldn't spinrite? 

Link to comment
Share on other sites

What does Steve claim SpinRite can do that's impossible?

Most of the things mentioned on Exclusive Feature Summary are BS.

 

SpinRite selectively disables and enables a drive's -

 

read caching: Yes

write caching: Yes

read-ahead buffering: No

on-the-fly sector relocation / Special Handling of Automatic Relocation: Rewriting that sector until the drive notices

on-the-fly error correction / Special Handling of Automatic Relocation: Rewriting that sector until the drive notices

dynamic servo thermal re-equalization: No

early and late ECC error correction / Special Handling of Extra ECC Data: No

 

Flux Synthesis Media Analysis Surface Defect Detection and DynaStat Data Recovery are technobabble and not something you can actually do.

 

Some of this stuff could have been possible back in the MFM drive days but that hasn't been true for decades. Back then, the controller was in a card and the drive itself wasn't intelligent at all so you had much lower level access. The controller on your card would do the low level formatting but with modern drives, that is handled by the drive electronics and you don't get low level access at all.

 

Reading sectors can fix damage or "blurry"/"fuzzy" sectors, and cause the disk to correct the status or reallocate the sector.

Writing to the sector and re-writing to it again is even more aggressive, and may fix issues that the drive was having issues reading.

Yes but you're not putting it behind a lot of technobabble and features impossible for IDE or newer drives. The drive electronics in anything even vaguely modern won't let you do that unless you secret manufacturer specific undocumented commands and they vary depending on the model of the drive. Spinrite can't be using them as he's not updated it in decades and it even apparently works on SSDs which aren't even vaguely similar to HD technology beyond it has a controller and some cache.

 

Spinrite doesn't give you anything extra beyond more polish that you couldn't have gotten using something like dd_rescue.

  • Like 1
Link to comment
Share on other sites

"Use this" isn't terribly useful guidance. I just want the server to be safe, but I don't know the ins and outs of how to get it that way. A pointer to an article discussing how to do so would be outstanding. The linked software appears to be another GUI for the built-in functions in WHS2011. I need to know which ciphers can be removed without breaking things, which ones to promote in the list, and which one's used for the backup function. I got a B+ on SSL labs scorecard after trying a wholesale change before, but that's when backups stopped working altogether and I had to revert my changes.

 

I seem to recall some discussion on Security Now about the cipher suite list, and why that last one was included. I seem to recall that it was a necessary evil for some compatability issue. I could be wrong on that, though. At least the list is ordered in a roughly best-to-worst fashion, and the connecting client should negotiate a connection with the highest matching suite from it's own cipher suite list. For browsing with my own machine to my own server I should be ok. The problem is when someone nefarious attacks using the low-hanging fruit at the bottom of the cipher suite list. That's what I'd like to guard against.

 

As for SpinRite religious debates, you don't have to believe it works if you don't want to, but I have had nothing but success with SR when the following conditions apply:

1) the disk spins

2) doesn't have "the click"

3) doesn't have mechanical damage (head stuck to a platter, etc.)

4) is less than 2.2TB (The size limit is to be fixed with the next version.)

 

I don't care what language or invented words are used for marketing the product, I just care that it works. From my experience, it does. If you've had bad luck with it, that's too bad. One shouldn't beat hardware to death and then expect software to fix it, nor should one expect any one tool to fix every problem, every time. SR has saved my arse many times, and the first time it worked the price of purchase was totally justified.

 

My strangest SR success was a server 2k unit I was given because it wouldn't boot. After recovering the disk with SR, I found that the administrator had a copy of SR in his downloads folder. I guess he hadn't burned a cd or built a usb key with it yet when the server "died". What is it they say about an ounce of prevention?

Edited by Sarge
Link to comment
Share on other sites

"Use this" isn't terribly useful guidance. I just want the server to be safe, but I don't know the ins and outs of how to get it that way. A pointer to an article discussing how to do so would be outstanding.

Your original post was pretty much just asking for a cipher suite ordering. Read this if you want more information about what you should be doing. The author/developer of that site is a recognised expert on SSL/TLS.

 

As you're wanting more information, I shall go into more technical detail. My specific cipher order is:

 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

This specific order will provide PFS for all modern clients. I have the luxury of not requiring backwards compatibility with XP users so therefore SSLv2 and SSLv3 are disabled and the DH parameters are 4096 bit in length. As previously noted, ECDHE should be before DHE due to the increased processing requirements of DHE. You can have it in the reverse order but you're using more CPU time for no gain.

 

Ideally everything but TLSv1.2 should be disabled for maximum security but that will adversely affect most browsers so compromising with TLSv1.0 + TLSv1.1 + TLSv1.2 is the only realistic option.

 

BEAST is not mitigated server side since that would require the RC4 cipher to be enabled which is a insecure. All recent clients should be avoiding it from their end anyway.

 

The domain + server has HSTS + HPKP + DNSSEC + DANE implemented to prevent any MitM attacks.

 

As for SpinRite religious debates, you don't have to believe it works if you don't want to

It does works for certain situations but there is nothing special about SpinRite in those situations. Alternative tools are just as good. I object to the attempt at baffling users by making false claims about abilities and features. You can get better results by running the diagnostic tools from your drive manufacturer.

 

If you've had bad luck with it, that's too bad. One shouldn't beat hardware to death and then expect software to fix it.

When did anybody say hardware was being beaten to death and expecting SpinRite to magically cure it? If you want to use SpinRite then that is your business but I'm not going to for the reasons I've stated. Don't imply I've made any statements other than what I have written. Thanks. Edited by GotNoTime
  • Like 1
Link to comment
Share on other sites

Ok, you got me there. I added the beaten hardware bit for effect.

 

Guidance on cipher suite ordering is absolutely what I need. What to drop from the default list, what to do to keep all the server's functions intact...

 

I'm still curious why the change I did before broke backups for my computers, or if there was something I should've done to fix backup after the changes.

 

Sorry I was being cantankerous. Thanks for the info.

Edited by Sarge
Link to comment
Share on other sites

I do not know if it correlates directly to your situation but the ciphers and the order of them I use for my SSL reverse proxy (runs on NGINX) is as follows

 

Enabled Ciphers kEECDH+ECDSA+AES256 kEECDH+AES256 kEDH+AES256

Disabled Ciphers: AES128 DES-CBC3-SHA aNULL eNULL LOW kECDH DSS MD5 EXP PSK SRP CAMELLIA SEED

 

I have also disabled all protocols bar TLS1.2 and a 2048 bit key

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...