0

Mozilla has a tool to generate server configurations at Mozilla SSL Configuration Generator. For Amazon Elastic Load Balancing (ELB), the configuration does not appear to have a setting for "use server preference".

"Use server preference" is an important server-side option because it ensures the server's choice of cipher suite is used (as opposed to using the client's cipher suite) (modulo the intersection of them). In Apache, the setting is SSLHonorCipherOrder. In OpenSSL, the setting is SSL_OP_CIPHER_SERVER_PREFERENCE.

What is the ELB setting to ensure the server's preference for cipher suites is used?

2 Answers2

3

Amazon's predefined security policies already do this.

If you're trying to use the CloudFormation template that Mozilla gave you, you will see that the attribute is already there.

{
    "Name": "Server-Defined-Cipher-Order",
    "Value": true
},
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Perfect, thanks. Related: why is it called or named "order" rather than "choice" or "preference"? The TLS standard is ambiguous whether its the client's choice or the server's choice; so its a choice or preferences, and not an order. I can't help but feel AWS's inability to name it correctly resulted in my inability to locate it. –  May 16 '15 at 23:54
  • @jww No, the cipher list _is_ ordered. They aren't chosen at random. – Michael Hampton May 17 '15 at 00:03
  • Agreed with respect to lists and not random. But this has nothing to do with the order of the cipher list within either the client's list or the server's list. It has to do with either: (a) the server using the client's #1 choice of cipher suite; or (b) the server using the server's #1 choice of cipher suite. (Or #2 if there's no intersection with #1, etc). –  May 17 '15 at 00:07
  • @jww No, the preference matters when the server chooses what the client offered. See also [WP: Basic TLS handshake](https://en.wikipedia.org/wiki/Transport_Layer_Security#Basic_TLS_handshake) – sebix May 17 '15 at 08:11
  • @sebix - I'm not sure what you mean. Effectively, there are two lists - the client's list and the server's list. By convention (because the standard does not specify the behavior), the server honors the client's choice. If the client wants RC4-MD5, then that's what is used (some hand waiving). *If* the "server preference" option is configured at the server, then the server will use its its list, and not the client's list. In this case, the server chooses or the the server's preference is used. –  May 17 '15 at 20:57
  • @sebix - also, the details of this are not discussed in the [WP: Basic TLS handshake](https://en.wikipedia.org/wiki/Transport_Layer_Security#Basic_TLS_handshake). Its glossed over in a couple of places with *"depending on the selected cipher suite..."*. How the cipher suite is selected is not discussed. –  May 17 '15 at 21:01
  • The server _prefers_ to use its _order_ of cipher suites. This is just [english.se] now... – Michael Hampton May 18 '15 at 07:04
  • @Michael - you could re-arrange the client list or the server list and it won't change the outcome. The order of the ciphers don't make a difference in this question. What matters is the choice of who (client or server) drives the selection. Either the server uses the client's list; or the server uses the server's list. If you are arguing otherwise, then it makes me believe you don't quite understand what is going on. –  May 18 '15 at 09:27
  • @jww I am quite familiar with how the cipher suite is chosen in TLS, thank you very much. But you did ask why the terminology is confused. – Michael Hampton May 18 '15 at 15:39
1

From the SSL Negotiation Configurations for Elastic Load Balancing section of the documentation:

Server Order Preference

Elastic Load Balancing supports the Server Order Preference option for negotiating connections between the client and the load balancer. During the SSL connection negotiation process, the client and the load balancer present a list of ciphers and protocols that they each support, in order of preference. By default, the first cipher on the client's list that matches any one of the load balancer's ciphers is selected for the SSL connection. If the load balancer is configured to support Server Order Preference, then the load balancer selects the first cipher in its list that is in the client's list of ciphers. This ensures that the load balancer determines which cipher is used for SSL connection. If you do not enable Server Order Preference, the order of ciphers presented by the client is used to negotiate connections between the client and the load balancer.

For information about the order of ciphers used by Elastic Load Balancing, see Predefined SSL Security Policies.

Håkan Lindqvist
  • 35,011
  • 5
  • 69
  • 94