Enhancing SSL Security

Revision as of 12:55, 22 June 2022 by Bmeyn (talk | contribs)

The default configuration of most operating systems allow any set of supported ciphers and hashes to be used by applications when acting as SSL client or server. While this ensures full compatibility with other client and server applications, it does no longer match the expectation in SSL encrypted communication in regards to privacy and trust due to supporting insecure protocols, cipher suites and hash algorithms.

Thus enhancing the security of SSL mainly consists of disabling these insecure protocols, ciphers and hashes as well as prioritize cipher suites that allow the usage of Perfect Forward Secrecy.

As all components of the MailStore Service Provider Edition rely on Windows' security support provider (SSP) called Secure Channel (also known as Schannel), a number of registry keys have to be created or modified in order to disable insecure protocols, ciphers and hashes. Although Microsoft's article Transport Layer Security (TLS) registry settings describes in detail which registry keys affect the security provider settings, it is not recommended to manually change these keys. A safer way to adjust the Schannel settings for server applications is Nartac Software's IIS Crypto tool.

Recommended Settings

Highest level of security can be achieved with the following settings in IIS Crypto. In a multi-server setup of MailStore SPE, the changes should be applied to all servers with Management Server or Client Access Server role.

Protocols Enabled TLS 1.2
Ciphers Enabled AES 128/128

AES 256/256

Hashes Enabled SHA

SHA256
SHA384
SHA512

Key Exchange Enabled Diffie-Hellman

PKCS
ECDH

SSL Cipher Suite Order TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA