Forum Discussion
NimbostratusSSL Client Profile Cipher Suites
I'm working on a project to re-order the client-side cipher suites on phases. Here is the ssl client profiles base configuraiton:
-ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
We can add any additional cipher suites we'd like in phase 1 without removing existing cipher suites. We are proposing the following:
!ADH:!LOW:!EXP:!NULL:!SSLv3:!DTLSv1:HIGH:MEDIUM:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA:!DHE-RSA-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA:RC4
This generally produces the tmm --clientciphers output we are looking for (for now).
Now for the problem. If you run that string above tmm it shows the cipher suites ordered by TLS1, TLS1.1 and TLS1.2. The exact opposite of what we'd like. We found in one of our test cases the packet capture showing ECDHE-RSA-AES256-CBC-SHA was the chosen cipher suite. And it shows the TLS1.2 and TLS1.1 handshake failures even though the client supports both. And they finally settled on TLS1.
So scaling things back and just looking at the cipher suite this one particular client would like and focusing on just the TLS version.
We understand the behavior based on the following:
tmm --clientciphers 'ECDHE-RSA-AES256-CBC-SHA'
0: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
1: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
2: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
What we don't understand is how to order these TLS1.2, TLS1.1 and TLS1. Like this (which I've just cut/paste):
0: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
1: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
2: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
I've spent hours on F5's knowledge base, Google and trying things out in our lab i.e. :@STRENGTH.
Who knows how to order these cipher suites TLS1.2, TLS1.1 and TLS1?
In case it matters, this platform is BIG-IP 3900 running 11.6 HF4.
3 Replies
- Stefan_Klotz
Cumulonimbus
Hi Brian,
I don't have a LTM currently available (for testing), but please try the following according to your last example:
tmm --clientciphers 'ECDHE-RSA-AES256-CBC-SHA+TLSv1_2:ECDHE-RSA-AES256-CBC-SHA+TLSv1_1:ECDHE-RSA-AES256-CBC-SHA+TLSv1'
Ciao Stefan :)
Brian_DeanThat was it. And likewise changing the whole string to the following is exactly what we are looking for, for now.
!ADH:!LOW:!EXP:!NULL:!SSLv3:!DTLSv1:HIGH+TLSv1_2:HIGH+TLSv1_1:HIGH+TLSv1:MEDIUM+TLSv1_2:MEDIUM+TLSv1_1:MEDIUM+TLSv1:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA:!DHE-RSA-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA:RC4
Thank you very much Stefan. I am truly grateful.
- Brian_Dean
We have completed this project so I thought I'd follow-up with what we finalized on.
We've set the default clientssl SSL client profiles ciphers value to this: !ADH:!LOW:!EXP:!SSLv2:!SSLv3:!DTLSv1:!NULL:!MD5:!RC4:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA:!DHE-RSA-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA:ECDHE_ECDSA:ECDHE+TLSv1_2:-SHA:ECDHE_ECDSA+SHA+TLSv1_2:ECDHE+SHA+TLSv1_2:HIGH+TLSv1_2:MEDIUM+TLSv1_2:ECDHE_ECDSA+SHA+TLSv1_1:ECDHE+SHA+TLSv1_1:HIGH+TLSv1_1:MEDIUM+TLSv1_1:ECDHE+SHA+TLSv1:HIGH+TLSv1:MEDIUM+TLSv1
You'll be able to see how this string orders the ciphers and protocols by using the tmm --clientciphers command on the BIG-IP. This configuration eliminates the "obsolete cryptography" message recent versions of Chrome would show users. It also provides forward secrecy support for all modern desktop and mobile browsers. Along with preferring the TLS 1.2, TLS 1.1 and TLS 1.0 protocols in that order along with removing SSL 2.0 and SSL 3.0 support. And produces an beautiful overall rating of A from SSL Labs.
There are obviously other profile settings that need to be addressed. But settling on what this cipher string should be was the most time consuming IMHO.
