Strong ssl ciphers - browsers

Hello,

we want to secure our server against beast attack like shown here:
http://nginx.org/en/docs/http/configuring_https_servers.html
This is all working.after first tests.
My Question is: are there some old but still used browsers which would
be
excluded from server?
I just want to know how many people cant do an ssl connection if only
strong
ciphers are used.

Thanks,
Hajo

Hi Hajo,

BEAST has nothing todo with weak ciphers. Because the workaround is to
prefer RC4 over AES from the server side, you are not excluding any
browsers (however, a short check with the oldest supported platform
isn’t a bad idea either).

I noticed the documentation about the default of the ssl_ciphers keyword
isn’t up-to-date: !ADH was replaced with !aNULL in 1.0.5 [2]. Can
someone update the docs?

[1] Module ngx_http_ssl_module

[2] Re: [PATCH] Disable Anonymous ECDH ciphersuites by default

On 5/8/12 6:15 PM, Lukas T. wrote:

Hi Hajo,

BEAST has nothing todo with weak ciphers. Because the workaround is to prefer
RC4 over AES from the server side, you are not excluding any browsers (however, a
short check with the oldest supported platform isn’t a bad idea either).

My advice to the OP is that if you want to provide secure connections
for your users, you will simply not support browsers that only use
insecure ciphers so I believe this is a non-issue. I wouldn’t purport to
provide a “secure” connection with an insecure cipher. Let your users
upgrade to a a 21st century browser. Shame on them if they haven’t.

I noticed the documentation about the default of the ssl_ciphers keyword isn’t
up-to-date: !ADH was replaced with !aNULL in 1.0.5 [2]. Can someone update the
docs?

Somewhat off topic but:

Perhaps it is reasonable to suggest that another change to the defaults
in light of BEAST.

We use OpenSSL 1.01 and support TLS versions 1.0,1.1, and 1.2 and use
the following:

ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers

ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!DH:!EDH;
ssl_prefer_server_ciphers on;

Using latest Opera of IE browsers TLS v1.2 is used along with one of the
first two ciphers which I believe are not available in SSL v3.0 or TLS
v1.0. Since TLS v1.2 is not vulnerable to BEAST those connections should
be “secure”.

In browsers like Firefox and Chrome (and presumably Safari, but I don’t
know how to tell), TLS v1.0 is used and an RC4 cipher is selected. This
again provides protection against beast.

While this approach won’t work for users without a recent OpenSSL
release, the following might work for earlier versions as “more secure”
default settings:

ssl_ciphers RC4:HIGH:!MD5:!aNULL:!DH:!EDH;
ssl_prefer_server_ciphers   on;

[1] Module ngx_http_ssl_module

[2] Re: [PATCH] Disable Anonymous ECDH ciphersuites by default


Jim O.

On Wed, 2012-05-09 at 00:15 +0200, Lukas T. wrote:

I noticed the documentation about the default of the ssl_ciphers
keyword isn’t up-to-date: !ADH was replaced with !aNULL in 1.0.5 [2].
Can someone update the docs?

[1] Module ngx_http_ssl_module

[2] Re: [PATCH] Disable Anonymous ECDH ciphersuites by default

We’re working on bringing the documentation up-to-date. I’ll add this
to the TODO list. Thanks for pointing it out.

Regards,
Cliff