Forum Discussion
Stefan_Klotz
Cumulonimbus
CumulonimbusCBC ciphers in relation to RFC7366 Encrypt-then-MAC
Good morning, there is a recommendation from German federal security office to still allow CBC-mode ciphers as long as TLS extention "Encrypt-then-MAC" (RFC7366) is in use. But I can't find any info...
To my knowledge BIG-IP does not support/use the 'Encrypt-then-MAC' RFC7366 TLS extension. In fact, I can't find any mention of this RFC in our internal systems, so it is probably safe to say it is not supported. I think that, in general, the industry moved to AEAD ciphers instead.
As for AES-GCM - while it might be possible to configure a modern client NOT to use it, that'd very much be the exception and not the rule. Any browser old enough to lack AES-GCM support would be old enough to have many other issues (and probably wouldn't support TLSv1.2 anyway), so you're better off not allowing those to connect in the first place.
Especially has TLSv1.3 only has five supported cipher suites - and two of those are AES-GCM:- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
So AES-GCM support is basic table stakes for TLS these days.
Stefan_KlotzCumulonimbus
CumulonimbusOne final question regarding the "Options List" in the clientSSL profile, which setting will be used if I specify different values in the "Cipher" string and the "Options List"? E.g. the "Options List" includes "No TLSv1.3" (default), but in the "Cipher" string I include "TLSv1_3". Which setting has precendence?
Thank you!
Regards Stefan 🙂
- MegaZone
SIRT
The Options List will always win. Think of it this way - the Options List dictates which protocols are offered/accepted at all. And then the Cipher configuration specifies which ciphers can be used by those protocols.
If a protocol is disabled in Options, it won't be agreed on in the handshake - so it doesn't matter if ciphers that work with it are enabled. Conversely, if a protocol is enabled in Options it can be agreed on - but of no supporting ciphers are available to agree on.
The keywords in the Cipher config are not actually doing anything with regard to enabling/disabling the protocol, they're just shorthand to refer to *all* compatible ciphers. So '!TLS1_1' doesn't actually turn off TLSv1.1, but it does mean no compatible ciphers will be available - and thus no connection can succeed. Whereas 'No TLSv1.1' disables the entire protocol. (This is also how people get themselves in trouble when they do things like "TLSv1.2" in ciphers, thereby enabling *all* compatible ciphers - including the truly awful ones.)
So you need to both remove 'No TLSv1.3' from Options *and* ensure the required ciphers are enabled for it to actually be used.