Not logged in » Login

Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now

Recent Discussion:

NickBown | 22.12.2018, 14:18
We have come across this issue as well, and don't seem to have found a way around it (the server is ...
NickBown | 20.12.2018, 18:40
Hi everyoneWe've got an RX2540 M1 which won't boot past the Fujitsu splash screen (which shows the i...
MarkM | 15.10.2018, 11:33
Hi there.I do not believe the Fujitsu policy on this subject has changed.So NO you can not order dri...
May 23 2015

IETF Refreshes Best Practice Guide on TLS/SSL

In response SSL/TSL attacks brought about by vulnerabilities such as Heartbleed and POODLE, the Internet Engineering Task Force (IETF) has provided administrators with a new version of its best current practice (BCP) guide on secure encryption of data in motion. Key advice to be gleaned from the rules laid down in RFC 7525 is as follows: support TLS 1.2 and DTLS 1.2, never ever allow devices to negotiate sessions using TLS 1, TLS 1.1, SSL v2 or SSL v3, and deploy TLS 1.3 as soon as possible.

Following a detailed account of the state of encryption, the RFC authors Yaron Sheffer, Ralph Holz and Peter Saint-Andre provide hands-on recommendations for the secure use of TLS and its cousin DTLS (Datagram Transport Layer Security). The text combines viable best practices with constant references to the aim of improving a sometimes frustrating encryption reality, which makes it a valuable tool for users who implement encryption on web servers and client systems.

RFC 7525 describes mandatory and recommended setups that help admins avoid classic pitfalls, for example SSL stripping – which occurs when TLS-protected sessions are combined with unprotected ones – or compression-related attacks such as CRIME, TIME and BREACH, which can be avoided by disabling TLS-level compression. By providing such practical advice, the authors manage to add a lot of weight to their more radical recommendations: RFC 7525 effectively bans various algorithms, cipher suites and key lengths that were often considered "secure enough" in the pre-Snowden era, but are by now completely discredited. The list of candidates for elimination includes:

  • SSL protocol versions 2 and 3
  • Client-side implementations that fall back to SSL v3 if a server doesn't support TLS 1.0 or higher
  • Cipher suites with NULL encryption
  • RC4 cipher suites
  • Cipher suites with key lengths below 112 or rather 128 bits, especially "export-level" 40- and 56-bit suites from the 1990s
  • Truncated HMAC extensions

Other standards that appear to be equally outdated, such as 3DES for encryption or RSA for key exchange, didn't quite make it to the hit list – at least not yet. While Sheffer et al. flatly advise against using them, it remains to be seen whether their "should not" verdict is a strong enough motivation for both software vendors and security specialists to follow suit. The same goes for the numerous positive recommendations found in RFC 7525. For example, the authors endorse the use of cipher suites that allow for implementing strict forward secrecy and even suggest a selection of suites every endpoint in a TLS connection should understand – namely TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).

For more details, please refer to the original document. Information about the upcoming TLS 1.3 standard is available directly from the IETF website; the latest draft, edited by the TLS Working Group and submitted on May 24, can be found at GitHub.


Comments on this article

No comments yet.

Please Login to leave a comment.