Transport Layer Security (TLS) is the cryptography protocol designed to provide data security over network communication. TLS is the successor to encryption protocol SSL (Secure Sockets Layer) originally developed by Netscape. When TLS connection is first established, standard TLS protocol negotiates the algorithm to perform cryptographic functions (encryption, decryption, hashing or digital signatures) known as cipher. During this initial handshake, the client offers a choice on which cipher suite to use and server agrees on it after matching with the cipher suites enabled on its side and informs the client. These Cipher suites choosed by the client are arranged in order of security where most secure cipher suite is expected to become the first selection choice.

Cipher suite contains:

  • Key Exchange algorithm that is used to determine how the client and server will authenticate during the handshake.
  • Authentication/Digital Signature Algorithm, this determines how server authentication and (if needed) client authenticaton will be carried out.
  • Bulk Encryption Algorithm, this determines which algorithm will be used to encrypt the actual data.
  • Message Authentication Code (MAC) algorithm which is used to authenticate a message for data integrity checks.

Cipher suites are used in the network connections used by TLS, and these includes protocols like HTTPS, FTPS, POP3, IMAP, SMTP. Each cipher suite has a unique name that is used to describe the algorithmic content of it. Below is an example of a Cipher suite used in TLSv1.2:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS defines the protocol this cipher suite is for.
  • DHE is the key exchange algorithm.
  • RSA is the authentication algorithm.
  • AES_128_CBC indicates the bulk encryption used. This cipher suite specifically uses 128-bit AES (Advance Encryption Standard) operating in CBC (Cipher Block Chaining) mode.
  • SHA256 specifies the MAC algorithm. Here, cipher suite is using the specific version of the Secure Hash Algorithm (SHA)

To determine what ciphers are currently being enabled in your network services you can run the following command:

nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 your-domain.tld

In the above command:

443 is port used by HTTPS protocol

465 is port used by SMTPS protocol

993 is port used by IMAPS protocol

995 is port used by POP3S protocol

nmap is the free and open-source network scanner that can dicover hosts and services on a network by sending packets and analyzing the response.

Below is the sample output from the command:

PORT    STATE    SERVICE
443/tcp open     https
...
...
| ssl-enum-ciphers:
...
TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A
...
...

Each cipher suite from the command above is shown with the letter grade (A through F) indicating the strength of the connection. The grade is based on the cryptographic strength of the key exchange and of the stream. Once you have identified the list of Cipher suites that are currently enabled for use, you can disable the weaker Ciphers. If the version of encryption or authentication algorithm used in a Cipher suite is vulnerable then the Cipher suite and TLS connection becomes vulnerable. If the server provides many algorithms including the weaker ones, the client may choose the weak ones allowing to perform one of the common Downgrade Attack. Also note that if the server is too restrictive on the Cipher suites it supports (by disabling Cipher suites that are older and weaker), it can cause compability issues and the connection may fail with the clients.

The most recent version of TLS is TLSv1.3 and is recently approved by IETF (Internet Engineering Task Force) for use making it the new industry standard. This version of the TLS has speed and security improvements due to the force use of new encryption methods and elimination of unnecessary handshake steps (The structure of Cipher Suites has been updated from four Ciphers to just two and cutting the negotiations in half).

Below are the TLSv1.3 supported Ciphers:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256

Coocoor continiously monitors web applications and network services for cyber threats and provides insights and alerts. Coocoor has been identifying large number of insecure Ciphers used in hundreds of web applications and network services along with the vulnerabilities and has provided notifications allowing organizations to be proactive and have visibility on their network ensuring that it is operating to standards and compliance.

References:

Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (OTG-CRYPST-001)

Cipher Suite

TLS 1.3