Monday, December 03, 2012

Secure Browser Settings

I know this is going to be long and technical, but it is important for everyone regardless of your technical ability to look at.
The one line TLDR version (TLDR is internet speak for "too long, didn't read") is this:
Secure sites use SSL. TLS is the newer SSL. You should be using the newest one you can.

Ok, so for a while now webmasters, IT people, developers etc, have been slowly transitioning the internet away from SSL 2.0 to newer versions of the protocol. SSL is the s in https:// it is the secure part of secure websites. Version 1 was phased out before most folks even knew there was an internet, but version 2.0 has stuck with us, despite being broken in many different ways, for a long time.  The payment card industry, via their PCI-DSS rules by which individual merchants have to run their payment networks, and banking systems have to communicate with merchants across data networks like the internet, has outlawed the use of SSL 2.0. A while back. And so, most websites and some browsers (I think all browsers except Internet Explorer) have abandoned the old clunker of a security protocol. By default most newer web browsers support SSL 3.0 and TLS 1.0 (which can be thought of as SSL 3.1 or 4.0).

TLS 1.0 was first introduced back in 1999. In 2002 a theoretical exploit was discovered. About a year ago that exploit, dubbed the BEAST (Browser Exploit Against SSL and TLS) was made easy to do. It allows a person who can insert themselves between the user's browser and the secured web server to pick and choose what bits of encrypted data get sent and use the chosen length bits of ciphered text to get a head start on decrypting the conversation. This is effective only against SSL 3.0 and TLS 1.0, and only when they use block ciphers like AES and 3DES not stream ciphers like RC4. Because they have decided that we've had enough time, the payment card industry is starting to insist that merchants protect against the BEAST attack. This can cause someone with inadequate security settings on their browser to get a blank page when trying to connect to a secure website.

So far TLS 1.1 and 1.2 are still quite secure, but not used everywhere yet and not supported by every browser.

I'm going to show you how to turn on the best protocol available to you in the most popular browsers and then if you are also a techie running a server, I'll go into how to do the server side.

First Internet Explorer:


For Internet Explorer:  In internet options, under the advanced tab, scroll almost all the way to the bottom and you will find these settings.
By default SSL 2.0, SSL 3.0 and TLS 1.0 should be on, I am recommending that all users switch off SSL 2.0 as no sites on the internet rely on that anymore, and it is a very broken protocol.
Also,  if available (if you have Windows 7 or higher) you should turn on TLS 1.1 and TLS 1.2 as well.


Now Firefox:



Firefox  already should have only SSL 3.0 and TLS 1.0 enabled. If it does not have TLS 1.0 checked please make sure you enable it.
Again, TLS 1.0 dates back to 1999 there has been over a decade of use ensuring that all sites and browsers are compatible.
The only reason to have it turned off is if you are US Government and required to use only 1.1 and 1.2  :)  but as we can see with the Firefox example, not having anything older than 1.1 means breaking compatibility.

On the server side...

IIS:

IIS uses the Microsoft SChannel settings. The protocol versions it supports are turned on in the registry. Paste the following code into a file called saferSSL.reg or something like that. then double click on your new .reg file to import those settings.
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56] 
"Enabled"=dword:00000000 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server] 
"Enabled"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] 
"Enabled"=dword:00000000


And optionally (this one will break compatibility with IE6):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] 
"Enabled"=dword:00000000


And then to enable TLS 1.1 and 1.2:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1] 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\client] 
"Enabled"=dword:00000001 
"DisabledByDefault"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] 
"Enabled"=dword:00000001 
"DisabledByDefault"=dword:00000000 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\client] 
"Enabled"=dword:00000001 
"DisabledByDefault"=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] 
"Enabled"=dword:00000001 
"DisabledByDefault"=dword:00000000 
 
Then go into the group policy editor (type gpedit.msc into the run box or command line)
Find the section: Local Computer Policy -> Administrative Templates -> Network -> SSL Configuration Settings
edit the Cipher Order value to include only RC4 ciphers for SSL 3.0 and TLS 1.0.
Move "TLS_RSA_WITH_RC4_128_SHA" to the top of the priority list, and get rid of any SSL 3.0 or TLS 1.0 ciphersuites with CBC in the name. You can keep whatever TLS 1.1 or 1.2 ciphers you need (hint anything with SHA256 or higher is fine). If you are not sure what to include just copy this string into that box and click OK.

IIS 7.5:

TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

IIS 7.0:

TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5


Apache:
Put this into your config

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH


No comments: