Forum Discussion
Stefan_Klotz
Cumulonimbus
CumulonimbusCBC ciphers in relation to RFC7366 Encrypt-then-MAC
Good morning, there is a recommendation from German federal security office to still allow CBC-mode ciphers as long as TLS extention "Encrypt-then-MAC" (RFC7366) is in use. But I can't find any info...
To my knowledge BIG-IP does not support/use the 'Encrypt-then-MAC' RFC7366 TLS extension. In fact, I can't find any mention of this RFC in our internal systems, so it is probably safe to say it is not supported. I think that, in general, the industry moved to AEAD ciphers instead.
As for AES-GCM - while it might be possible to configure a modern client NOT to use it, that'd very much be the exception and not the rule. Any browser old enough to lack AES-GCM support would be old enough to have many other issues (and probably wouldn't support TLSv1.2 anyway), so you're better off not allowing those to connect in the first place.
Especially has TLSv1.3 only has five supported cipher suites - and two of those are AES-GCM:- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
So AES-GCM support is basic table stakes for TLS these days.
Stefan_KlotzCumulonimbus
CumulonimbusMegaZone another question came up during checking clienssl profile statistics.
I see some profiles, which have counters for TLS1.0 and/or TLS1.1, although they are disabled in the cipher string list (with !TLSv1:!TLSv1_1:!3DES). Where is this coming from? Shouldn't this be all zero?!?! Or do I have to disable TLS1.0 and TLS1.1 via the Options List? Any more details would be very helpful.
Thank you!
Regards Stefan 🙂
MegaZone
SIRT
SIRTIt's hard to say, but if they're not disabled in the Options List it could be that the handshake is agreeing on TLSv1.0 or v1.1 as the protocol, and then failing when they can't find a cipher (since no cipher is enabled for those protocols). Disabling then in the cipher configuration is not turning off the entire protocol, it is only disabling the ciphers - which means it will effectively fail to connect, but it may fail in a different way than if the protocol is disabled.