2

I'm looking for web server (nginx) configuration that support current (Nov 2015) PCI-DSS requrements about SSL:

  • No TLSv1.0 (only TLSv1.1 and TLSv1.2, and TLSv1.3 in the future).
  • No weak ssl ciphers, it means no CBC (Cipher Block Chaining), no DES, IDEA Cipher Suites, no RC4 etc.

After many scans using Nexpose I created Nginx configuration, that fnally meet this very restrictive requirements. My current test config looks like this:

server {
#(..)
ssl_certificate      asdf.crt;
ssl_certificate_key  sadf.key;

ssl_protocols TLSv1.1 TLSv1.2; #see about TLSv1.1 below
ssl_ecdh_curve secp521r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_dhparam asdf-dh2048.pem; #sorry, no support for Java 6u45
ssl_ciphers    #ssh_ciphers of course should be in one line
  ECDHE-ECDSA-AES256-GCM-SHA384:
  ECDHE-ECDSA-AES128-GCM-SHA256:
  ECDHE-RSA-AES256-GCM-SHA384:
  ECDHE-RSA-AES128-GCM-SHA256:
  DHE-RSA-AES256-GCM-SHA384:
  DHE-RSA-AES128-GCM-SHA256:
  AESGCM:
  !aNULL:!eNULL:!EXPORT:!RC4:!MD5:!PSK;
}

Unfortunately:

  • There are only 7 ssl_ciphers, and generally used are only first 6.
  • Even if I enable TLSv1.1 it doesn't mather, the ciphers above are available only in TLSv1.2.
  • Scan using https://www.ssllabs.com/ssltest show that website has A+ grate (great!) but also show, that many (or most) of browser and libraries will be not able to connect due to "Protocol or cipher suite mismatch" (not working: IE 6-10, Java 6 and 7, Android 2.3-4.4, OpenSSL 0.9.8, Safari 5-8, etc).
  • I removed TLSv1.0 so there is no option to conect using apps installed on Win XP, Win Vista, Win Serv 2003, I know.
  • Scan using Nexpose show no problem (i.ed. no CBC in use, etc).

Nginx use openssl, so according to https://www.openssl.org/docs/manmaster/apps/ciphers.html (chapter "CIPHER SUITE NAMES" in the middle of page) after removing CBC,RC4 and other "weak" elements, I don't see any option to use TLSv1.0 or TLSv1.1 protocols. I don't see also possibilities to use TLSv1.2 with more ciphers.

Does anybody have idea, what in my config can be changed, for increasing compatibility with browsers/libraries/systems, and still be PCI-DSS compliant?

Jack
  • 156
  • 1
  • 5
  • You are not required to disable TLS 1.0 until 30th June 2016. – Michael Hampton Dec 04 '15 at 15:25
  • As I wrote above, if I disable ciphers using "weak" elements (CBC, RC4, etc) there is no more available ciphers in TLSv1.0 and TLSv1.1, so clients are not able to conect using this protocols. Since Nov 2015 enabling CBC causes automatic fail of PCI scan. – Jack Dec 04 '15 at 15:27

1 Answers1

1

There's not really much to do to increase compatibility with browsers, if you disable TLS1.0, and disable all CBC ciphers.

However, CBC ciphers are NOT considered "weak" if TLS1.0 is disabled. The vulnerability BEAST attack is based on is not present in TLS1.1 and above.

Laszlo Valko
  • 591
  • 6
  • 8