Difference between revisions of "Enhancing SSL Security"

[unchecked revision][unchecked revision]
m
Line 20: Line 20:
 
|-
 
|-
 
| '''Hashes Enabled'''
 
| '''Hashes Enabled'''
| SHA
+
| SHA<br/>
 +
SHA256<br/>
 +
SHA384<br/>
 +
SHA512<br/>
 
|-
 
|-
 
| '''Key Exchange Enabled'''
 
| '''Key Exchange Enabled'''
| Diffie-Hellman<br/>PKCS
+
| Diffie-Hellman<br/>
 +
PKCS<br/>
 +
ECDH
 
|-
 
|-
 
| '''SSL Cipher Suite Order'''
 
| '''SSL Cipher Suite Order'''
Line 33: Line 38:
 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256<br/>
 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521<br/>
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521<br/>
 
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256<br/>
 +
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256<br/>
 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256<br/>
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521<br/>
+
TLS_RSA_WITH_AES_256_GCM_SHA384*<br/>
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384<br/>
+
TLS_RSA_WITH_AES_128_GCM_SHA256*<br/>
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384<br/>
 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256<br/>
 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256<br/>
 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA<br/>
 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256<br/>
 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA<br/>
 
 
TLS_RSA_WITH_AES_256_CBC_SHA256<br/>
 
TLS_RSA_WITH_AES_256_CBC_SHA256<br/>
 
TLS_RSA_WITH_AES_256_CBC_SHA<br/>
 
TLS_RSA_WITH_AES_256_CBC_SHA<br/>
 
TLS_RSA_WITH_AES_128_CBC_SHA256<br/>
 
TLS_RSA_WITH_AES_128_CBC_SHA256<br/>
 
TLS_RSA_WITH_AES_128_CBC_SHA<br/>
 
TLS_RSA_WITH_AES_128_CBC_SHA<br/>
 +
TLS_RSA_WITH_3DES_EDE_CBC_SHA<br/>
 +
<br/>
 +
<nowiki>*Only in Windows 2012 R2 and above</nowiki>
 
|}
 
|}
 
  
 
[[de:SSL-Sicherheit verbessern]]
 
[[de:SSL-Sicherheit verbessern]]
 
[[en:Enhancing SSL Security]]
 
[[en:Enhancing SSL Security]]

Revision as of 13:35, 10 November 2014

The default configuration of most operating systems allow any set of supported ciphers and hashes to be used by applications when acting as SSL client or server. While this ensures full compatibility with other client and server applications, it does no longer match the expectation in SSL encrypted communication in regards to privacy and trust due to supporting insecure protocols, cipher suites and hash algorithms.

Therefore enhancing the security of SSL mainly consists of disabling these insecure protocols, ciphers and hashes as well as prioritize cipher suites that allow the usage of Perfect Forward Secrecy.

As MailStore Server relies on Windows' security support provider (SSP) called Secure Channel (also known as Schannel), a number of registry keys have to be created or modified in order to disable insecure protocols, ciphers and hashes. Although Microsoft's Technet article How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll describes in detail which registry keys affect the security provider settings, it is not recommended to manually change these keys. A safer way to adjust the Schannel settings for server applications is Nartac Software's IIS Crypto tool.

Important note: Modifying the configuration of the security support provider (SSP) in Windows may affect general operating system functions such as authentication services and remote desktop and management capabilities or other third party applications that rely on SSP. Thus careful testing of all services is required after applying the changes.

Recommended Settings

Highest level of security can be achieved with the following settings in IIS Crypto on the MailStore Server computer.

Please notice: The recommended settings will prevent Windows XP clients from connecting to MailStore Server. If supporting Windows XP clients is mandatory, use the Best Practice template of IIS Crypto which re-enables the insecure SSL 3.0 protocol as well as the weaker Triple DES 168/168 and RC4 128/128 ciphers and MD5 hashes.

Protocols Enabled TLS 1.0
TLS 1.1
TLS 1.2
Ciphers Enabled AES 128/128
AES 256/256
Hashes Enabled SHA

SHA256
SHA384
SHA512

Key Exchange Enabled Diffie-Hellman

PKCS
ECDH

SSL Cipher Suite Order TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_GCM_SHA384*
TLS_RSA_WITH_AES_128_GCM_SHA256*
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

*Only in Windows 2012 R2 and above

Retrieved from "https://help.mailstore.com/en/server/index.php?title=Enhancing_SSL_Security&oldid=4795"