0

We are trying to get approved from a vendor that requires cipher suites order to be processed in this way:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

We use Windows Server 2016 with IIS 10. If we use a wildcard certificate for the website, ssllabs.com only shows the RSA cipher. So, we bought an EV ECDSA certificate just for our website (no wildcard), installed it (which produced 2 separate certificates (ECDSA and RSA), and bond 443 to the ECDSA certificate. Ssllabs.com will only show the ECDSA cipher but no RSA cipher.

We have changed the order in

Local Group Policy-> Administrative Templates->Network-> SSL Configuration Setting-> SSL Cipher Suites Order

to have the above required order.

For someone that knows nothing about cipher suites and very little about certificates, is there a way to process the cipher suites in the order required? How would this be accomplished? Is it a configuration setup? Is it possible in a Windows environment?

schroeder
  • 276
  • 2
  • 4
  • 15
  • You need to have a word with the vendor. As you've just found out, you can either send an ECDSA certificate, or an RSA certificate, but not both. It's not a limitation of IIS, but of the protocols. – garethTheRed Aug 18 '22 at 19:23
  • Or don't use IIS to host the application. – Greg Askew Aug 18 '22 at 22:22
  • @garethTheRed+ you can _send_ only one leaf cert (plus its chain) on a handshake, but some servers can _have_ more than one cert and choose which to send based on the ciphersuite order. In particular OpenSSL supports this and Apache httpd can use it, although I don't know about other OpenSSL-using programs; similarly Java (JSSE) supports it and Tomcat can use it. AFAIK schannel (and IIS) can't. That said, the requirement doesn't really make sense and I would push back if satisfying it is costly. – dave_thompson_085 Aug 19 '22 at 05:21

0 Answers0