1

When using a VPN-like connection between the two servers (not web servers or anything like it), besides authentication I would like to enable encryption.

The authentication portion is already working, wanted some help at the encryption level.

I know that TLSv1.2 and v1.1 is supported alongside wih SSLv3.

I would only like to use TLSv1.2 and nothing else.

TLSv1.2:!aNULL:!eNULL

Is the the correct cipher suite to use?

Information from https://www.openssl.org/docs/manmaster/apps/ciphers.html seems not to be very helpful...

Can anyone help this this matter?

Francisco Ramilo
  • 97
  • 10

1 Answers1

2

I would only like to use TLSv1.2 and nothing else.

If you want to use TLS 1.2 only you have to configure the protocol and not the ciphers. Limiting the ciphers to only TLS 1.2 ciphers drops support for all ciphers which are available since SSL 3.0 and which are still supported by TLS 1.2. Depending on the peer you might end up with no shared ciphers this way.

If you still want to restrict the ciphers you might try the string TLSv1.2:!aNULL:!eNULL. This will make it only use ciphers newly introduced in TLS 1.2 and thus implicitly enforce the protocol. But again, it is no guarantee that the server supports these ciphers even if the server can do the TLS 1.2 protocol.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Thank you for your quick response. After the VPN-like tunnel setup I can select several Security settings: None: NULL:!SHA or Low: LOW:!ADH or Medium: MEDIUM:!ADH or High: HIGH:!ADH. There is an option to input custom security settings, thus the request to make sure the cipther string that would only use TLSv1.2. – Francisco Ramilo Sep 07 '16 at 13:56
  • @FranciscoRamilo - For cipher suite support, you often use something like `HIGH:!aNULL:!RC4:!MD5:!SHA1`. Things have changed slightly since the release of OpenSSL 1.1.0. I included SHA1 for completeness, but there's nothing wrong with its use as a MAC in the protocol as far as I know. For the SHA1 hmac, an attacker must be able to forge a packet in 2-MSL, which is not possible at the moment. That is, a packet's life is measured in minutes, and collisions cannot be found in minutes. – jww Sep 07 '16 at 14:23
  • @FranciscoRamilo: again: protocol should be restricted using the protocol setting and not the cipher setting. While you might try to remove any ciphers supported by SSL 3.0, TLS 1.0 and TLS 1.1 you might end up with no shared ciphers even though the server can do TLS 1.2. Apart from that the possible values in the cipher string depend on the version of openssl which you did not specify. – Steffen Ullrich Sep 07 '16 at 14:37
  • OpenSSL version 1.0.1m of 19th March 2015. Did some extra research at the Out of the box security settings in the VPN-like tunneling NONE: SSL using cipher: NULL-MD5 SSLv3 Kx=RSA Au=RSA nc=None Mac=MD5 (NULL:!SHA) LOW: SSL using cipher: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 (LOW:!ADH) MEDIUM: SSL using cipher: DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 (MEDIUM:!ADH) HIGH: SSL using cipher: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 (HIGH:!ADH) None of these security settings would provide TLSv1.2 only right? – Francisco Ramilo Sep 07 '16 at 14:44
  • There is another thing I forgot to mention: Elliptic Curve cipher suites are not supported by the VPN-like tunneling. – Francisco Ramilo Sep 07 '16 at 14:49
  • @FranciscoRamilo: there is a difference between protocol and cipher. You can still use DHE-RSA-AES256-SHA (which you've mentioned) with TLS 1.2 but you can also use it with TLS 1.0. But for example AES256-GCM-SHA384 can only be used with TLS 1.2. But TLS 1.2 servers are not required to support this cipher. – Steffen Ullrich Sep 07 '16 at 14:57
  • Ok. The VPN-like tunning application will not allow the specification of the protocol, except for None, compatibility mode or SSL only (None is a proprietary protocol and compatibility mode will switch from SSL to the other one if SSL is not supported). One last question if I may: can you please explain the difference between TLSv1.2:!aNULL (you indicated) and the option TLSv1.2:!aNULL:!eNULL – Francisco Ramilo Sep 07 '16 at 15:02
  • @FranciscoRamilo: yes, adding `!eNULL` is better to also exclude `NULL-SHA256`. I've updated the answer. – Steffen Ullrich Sep 07 '16 at 15:09