Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
May 16, 2023
Solved

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

Good morning, there is a recommendation from German federal security office to still allow CBC-mode ciphers as long as TLS extention "Encrypt-then-MAC" (RFC7366) is in use. But I can't find any info...
cbc
cipher
security
  • MegaZone's avatar
    MegaZone
    May 17, 2023

    To my knowledge BIG-IP does not support/use the 'Encrypt-then-MAC' RFC7366 TLS extension.  In fact, I can't find any mention of this RFC in our internal systems, so it is probably safe to say it is not supported.  I think that, in general, the industry moved to AEAD ciphers instead.

    As for AES-GCM - while it might be possible to configure a modern client NOT to use it, that'd very much be the exception and not the rule.  Any browser old enough to lack AES-GCM support would be old enough to have many other issues (and probably wouldn't support TLSv1.2 anyway), so you're better off not allowing those to connect in the first place.

    Especially has TLSv1.3 only has five supported cipher suites - and two of those are AES-GCM:

    • TLS_AES_256_GCM_SHA384
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_128_CCM_8_SHA256
    • TLS_AES_128_CCM_SHA256
    • TLS_CHACHA20_POLY1305_SHA256

    So AES-GCM support is basic table stakes for TLS these days.

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus

Thanks again MegaZone for this another very useful and clear answer. This was indeed new for me, although I think I have a could knowledge about SSL and ciphers. Is there any other useful command other than "tmm --clientcipher '<cipher string>' " to not only verify which ciphers will be available based on the cipher string, but also include all settings from the option list, e.g. mentioning the clientSSL profile name?

Regards Stefan 🙂

MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
May 25, 2023

You're welcome.

Unfortunately, no, I'm not aware of any comprehensive command that would account for all variables.  For example, you can configure those ECDSA and DSS/DSA ciphers, and they'll show up with the 'tmm --clientcipher', but if the cert connected to that VIP doesn't support ECDSA/DSA then those ciphers will not actually be offered at all.  They just silently get disabled.

With the Options the ciphers are technically enabled and available, but since the protocol version is disabled they're just never called for.