802
edits
Changes
Jump to navigation
Jump to search
Line 55:
Line 55: − + − + Line 149:
Line 149: − Line 285:
Line 284: + + + + Line 310:
Line 313: + − + +
GC HTTPS Web Server Config (view source)
Revision as of 11:24, 30 September 2019
, 11:24, 30 September 2019no edit summary
For details on the TLS handshake, see [https://tls.ulfheim.net/ The Illustrated TLS Connection].
For details on the TLS handshake, see [https://tls.ulfheim.net/ The Illustrated TLS Connection].
<br><br>
<br><br>
In the following table, the first column lists all ciphers which satisfy the cryptographic guidance provided in ITSP.40.111. It is recommended that servers be configured to exclusively support the cipher suites listed in the second column, preferring them in the listed order:
In the following table, the first column lists all ciphers as found in cryptographic guidance provided in ITSP.40.111. Departments are recommended to consider configurations that exclusively support the cipher suites listed in the second column, while preparing for CCCS updates to guidance for use of modern cipher suites of the third column (eliminating known vulnerable ciphers, and introducing approved TLS 1.3 cipher suites), preferring them in the listed order:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Full ITSP.40.111 Cipher Suites
! Full ITSP.40.111 Cipher Suites
! Modified ITSP 40.111 Cipher Suites
! Modified ITSP 40.111 Cipher Suites
! Target Cipher Suites (<span style="color:red;">NEW:</span> 09/01/19)
! Target Cipher Suites (Publication Pending)
|- style="vertical-align:top;"
|- style="vertical-align:top;"
|
|
|
|
Recommended and prioritized (TLS 1.3):
Recommended and prioritized (TLS 1.3):
* TLS_AES_256_GCM_SHA384 (5)
* TLS_AES_256_GCM_SHA384 (5)
For a complete list of major differences, see the [https://tools.ietf.org/html/draft-ietf-tls-tls13-28 Transport Layer Security (TLS) Protocol Version 1.3 specification], section 1.3.
For a complete list of major differences, see the [https://tools.ietf.org/html/draft-ietf-tls-tls13-28 Transport Layer Security (TLS) Protocol Version 1.3 specification], section 1.3.
<br /><br />
<br /><br />
=== Web Server Configuration Templates ===
For example templates of popular Web Server Configurations [[GC HTTPS Everywhere - Web Server Configurations|click here]]!
* [https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Mozilla Security/Server Side TLS]
* [https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Mozilla Security/Server Side TLS]
* [https://infosec.mozilla.org/guidelines/web_security Mozilla web security general reference]
* [https://infosec.mozilla.org/guidelines/web_security Mozilla web security general reference]
* [https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls Transport Layer Security (TLS) best practices with the .NET Framework]
In Mozilla’s advice on Server Side TLS, several TLS configurations are described (‘Modern’, ‘Intermediate’, and ‘Old’) that refer to some of the 'best' security settings possible, depending on the versions of the browsers that need to be supported. Supporting the ‘Old’ profile is risky and should be avoided, as it would mean supporting the insecure SSL protocol.
In Mozilla’s advice on Server Side TLS, several TLS configurations are described (‘Modern’, ‘Intermediate’, and ‘Old’) that refer to some of the 'best' security settings possible, depending on the versions of the browsers that need to be supported. Supporting the ‘Old’ profile is risky and should be avoided, as it would mean supporting the insecure SSL protocol.
<br>
<references />
