Forum Discussion

Cumulonimbus

May 16, 2023

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

Good morning, there is a recommendation from German federal security office to still allow CBC-mode ciphers as long as TLS extention "Encrypt-then-MAC" (RFC7366) is in use. But I can't find any info...

cbc

cipher

security

MegaZone
May 17, 2023
To my knowledge BIG-IP does not support/use the 'Encrypt-then-MAC' RFC7366 TLS extension. In fact, I can't find any mention of this RFC in our internal systems, so it is probably safe to say it is not supported. I think that, in general, the industry moved to AEAD ciphers instead.

As for AES-GCM - while it might be possible to configure a modern client NOT to use it, that'd very much be the exception and not the rule. Any browser old enough to lack AES-GCM support would be old enough to have many other issues (and probably wouldn't support TLSv1.2 anyway), so you're better off not allowing those to connect in the first place.

Especially has TLSv1.3 only has five supported cipher suites - and two of those are AES-GCM:

TLS_AES_256_GCM_SHA384

TLS_AES_128_GCM_SHA256

TLS_AES_128_CCM_8_SHA256

TLS_AES_128_CCM_SHA256

TLS_CHACHA20_POLY1305_SHA256

So AES-GCM support is basic table stakes for TLS these days.

Stefan_Klotz

Cumulonimbus

Thanks again MegaZone for this another very useful and clear answer. This was indeed new for me, although I think I have a could knowledge about SSL and ciphers. Is there any other useful command other than "tmm --clientcipher '<cipher string>' " to not only verify which ciphers will be available based on the cipher string, but also include all settings from the option list, e.g. mentioning the clientSSL profile name?

Regards Stefan 🙂

MegaZone

SIRT

May 25, 2023

You're welcome.

Unfortunately, no, I'm not aware of any comprehensive command that would account for all variables. For example, you can configure those ECDSA and DSS/DSA ciphers, and they'll show up with the 'tmm --clientcipher', but if the cert connected to that VIP doesn't support ECDSA/DSA then those ciphers will not actually be offered at all. They just silently get disabled.

With the Options the ciphers are technically enabled and available, but since the protocol version is disabled they're just never called for.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Cipher Suite Practices and Pitfalls

Relation between Cipher-Suite and Key-type of server certificate

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

Disabling Weak Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS