802
edits
Changes
GC HTTPS Web Server Config (view source)
Revision as of 11:24, 30 September 2019
, 11:24, 30 September 2019no edit summary
<br><br>
<br><br>
Additional References:
Additional References:
# [https://www.htaccessredirect.net .htaccess Generator]
# [https://github.com/cisagov/pshtt#domain-and-redirect-info CISAGOV-pshtt (Github)] - fully explains redirects, defaults vs. enforces HTTPS measurement by domain-scan
<br>
<br>
For details on the TLS handshake, see [https://tls.ulfheim.net/ The Illustrated TLS Connection].
For details on the TLS handshake, see [https://tls.ulfheim.net/ The Illustrated TLS Connection].
<br><br>
<br><br>
In the following table, the first column lists all ciphers which satisfy the cryptographic guidance provided in ITSP.40.111. It is recommended that servers be configured to exclusively support the cipher suites listed in the second column, preferring them in the listed order:
In the following table, the first column lists all ciphers as found in cryptographic guidance provided in ITSP.40.111. Departments are recommended to consider configurations that exclusively support the cipher suites listed in the second column, while preparing for CCCS updates to guidance for use of modern cipher suites of the third column (eliminating known vulnerable ciphers, and introducing approved TLS 1.3 cipher suites), preferring them in the listed order:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Full ITSP.40.111 Cipher Suites
! Full ITSP.40.111 Cipher Suites
! Modified ITSP 40.111 Cipher Suites
! Modified ITSP 40.111 Cipher Suites
! Target Cipher Suites (06/01/19)
! Target Cipher Suites (Publication Pending)
|- style="vertical-align:top;"
|- style="vertical-align:top;"
|
|
* TLS_AES_128_CCM_SHA256 (5)
* TLS_AES_128_CCM_SHA256 (5)
* TLS_AES_128_CCM_8_SHA256 (5)
* TLS_AES_128_CCM_8_SHA256 (5)
|
|
Recommended and prioritized (TLS 1.3):
* TLS_AES_256_GCM_SHA384 (5)
* TLS_AES_256_GCM_SHA384 (5)
* TLS_AES_128_GCM_SHA256 (5)
* TLS_AES_128_GCM_SHA256 (5)
* TLS_AES_128_CCM_SHA256 (5)
* TLS_AES_128_CCM_SHA256 (5)
Recommended and prioritized (TLS 1.2):
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CCM
* TLS_ECDHE_ECDSA_WITH_AES_256_CCM
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Sufficient (Exception Use Only) and prioritized (TLS 1.2):
* TLS_DHE_RSA_WITH_AES_256_CCM
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (6)
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (6)
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_CCM (6)
* TLS_DHE_RSA_WITH_AES_128_CCM
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (6)
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (6)
* TLS_DHE_RSA_WITH_AES_128_CCM (6)
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (6)
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (6)
|}
|}
* (3) While presently included in CSE guidance, the use of 3DES is not recommended in the context of HTTPS.
* (3) While presently included in CSE guidance, the use of 3DES is not recommended in the context of HTTPS.
* (4) Mandatory cipher suite for TLS 1.2 as specified in [https://tools.ietf.org/html/rfc5246#page-65 RFC 5246]
* (4) Mandatory cipher suite for TLS 1.2 as specified in [https://tools.ietf.org/html/rfc5246#page-65 RFC 5246]
* (5) Approved TLS 1.3 cipher suite, as specified in [https://tools.ietf.org/html/rfc8446 RFC 8446]. Note: The use of TLS_CHACHA20_POLY1305_SHA256 is not approved for use in the GC at this time.
* (5) Approved TLS 1.3 cipher suite, as specified in [https://tools.ietf.org/html/rfc8446 RFC 8446]. Note: The use of TLS_CHACHA20_POLY1305_SHA256 is not approved for use in the GC at this time. TLS_AES_128_CCM_8_SHA256 has been removed from the target cipher suites list as is no longer recommended for TLS 1.3.
* (6) All Diffie-Hellman (DH/DHE) cipher suites must adhere to CSE guidance to use a minimum 2048-bit key.
<br>
<br>
For a complete list of major differences, see the [https://tools.ietf.org/html/draft-ietf-tls-tls13-28 Transport Layer Security (TLS) Protocol Version 1.3 specification], section 1.3.
For a complete list of major differences, see the [https://tools.ietf.org/html/draft-ietf-tls-tls13-28 Transport Layer Security (TLS) Protocol Version 1.3 specification], section 1.3.
<br /><br />
<br /><br />
=== Web Server Configuration Templates ===
For example templates of popular Web Server Configurations [[GC HTTPS Everywhere - Web Server Configurations|click here]]!
* [https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Mozilla Security/Server Side TLS]
* [https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Mozilla Security/Server Side TLS]
* [https://infosec.mozilla.org/guidelines/web_security Mozilla web security general reference]
* [https://infosec.mozilla.org/guidelines/web_security Mozilla web security general reference]
* [https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls Transport Layer Security (TLS) best practices with the .NET Framework]
In Mozilla’s advice on Server Side TLS, several TLS configurations are described (‘Modern’, ‘Intermediate’, and ‘Old’) that refer to some of the 'best' security settings possible, depending on the versions of the browsers that need to be supported. Supporting the ‘Old’ profile is risky and should be avoided, as it would mean supporting the insecure SSL protocol.
In Mozilla’s advice on Server Side TLS, several TLS configurations are described (‘Modern’, ‘Intermediate’, and ‘Old’) that refer to some of the 'best' security settings possible, depending on the versions of the browsers that need to be supported. Supporting the ‘Old’ profile is risky and should be avoided, as it would mean supporting the insecure SSL protocol.
<br>
<references />