Strong vs. Weak TLS Ciphers

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey everybody john wagon here with dev central and we are bringing you another light board lesson video today we're going to talk about TLS cipher suites and which ones are strong and which ones are maybe a little bit weaker we did a previous light board lesson video on TLS cipher suites in general so if you haven't checked that out maybe watch that first and then you can get into today so when you're configuring your web server web applications and or maybe specifically with the f5 the big IP you got a lot to choose from so the question is which ones do you stay away from which ones should you choose so just to give you an example on big IP version 11.6 there's like 73 different cipher suites that come pre-loaded on that you know on that version of big-ip there's 69 cipher suites on version 12 version 13 there's 68 so the point is there's a whole lot of these to choose from which ones are good which ones are bad by the way I would note as well specifically on the f5 big IP depending on what hardware platform you use some of the cipher suites are hardware hardware accelerated as you well know or probably know a lot of these cryptography computations get really expensive from like a CPU perspective you know it's hard to chunk through all these different numbers and formulas and all that so some of the hardware on the big IP will accelerate the the crypto you know computations that have to take place here so it's kind of cool that you've got that hardware support on some of these I can link to some of the specifics on which ones are hardware accelerated which ones are not but as far as TLS cipher suites go from the perspective of strong versus weak I'm just going to kind of go down the list here and we'll start with first of all the protocol which is involved so the protocol of the TLS version I would say TLS 1.2 which is the the most common current up-to-date one right is the best one to use now TLS 1.3 maybe I'll put a little parentheses around TLS 1.3 that one is coming it has been codified with an RFC and it's becoming more and more or it's gonna be more and more pervasive but as of today this is early 2019 as of today TLS 1.2 is like the established out there everybody's using it kind of a thing so I would say that is by far the preferred protocol so I'll put a little check next to that I'll put a check next to TLS 1.3 as well because when that one becomes more pervasive that's the one that you're going to want to go to TLS 1.1 is I'm gonna put ok right here it's not bad but but if you're gonna use of a protocol TLS 1.2 is the preferred protocol to use TLS 1.2 I'm gonna put an X next to that don't use that it's it's susceptible to a couple things the beasts attack it could be downgraded to like the poodle attack also PCI DSS credit card payments say that if you do any kind of credit card transaction and you use TLS 1.0 they're not they don't accept that so PCI PCI DSS would say don't use TLS 1.2 and then also SL V I'm just going to put X which would be V 3 or V 2 I'm gonna put a big X next to that so that's a do not use that next to any SSL version SSL v3 or b2 so from a protocol perspective the bottom line is go for TLS 1.2 1.3 when it becomes more pervasive alrighty so as we kind of step down the stack a little bit here you've got the key exchange some put key exchange and the diffie-hellman so I'm going to put DHI out there diffie-hellman is the preferred key exchange and more specifically diffie-hellman ephemeral and more specifically than that the elliptic curve diffie-hellman ephemeral sometimes you'll see this e in front of this EC sometimes you'll see it e CDH sometimes you see a TC dheva as long as it has all of those letters the elliptic curve diffie-hellman ephemeral is the way to go that provides what's known as perfect forward secrecy which that's the diffie-hellman ephemeral part the elliptic curve part means that you can use much smaller key sizes and achieve the same level of security compared to like RSA which would be the other key exchange so I'm going to put a check next to that one RSA basically you should you should try to stay away from from a key exchange perspective one because it's more computationally expensive you're gonna have to have larger key sizes also it does not achieve perfect forward secrecy and perfect forward secret key exchange is a requirement as TLS 1.3 comes on board so key exchange you're going you're going to want to use the diffie-hellman key exchange mechanism and preferably the ephemeral version and preferably the elliptic curve version of that as well alrighty so for authentication this is the server authentication so I'll just put off right there RSA is still good to use here so I'll put a check mark next to that the other the other real option that you have here is the elliptic curve digital signature algorithm ECDSA I'm gonna put ok next to that and then I'm gonna put slow next to that which is interesting but for for signature verification as it turns out the ECDSA is a little slower or in some cases a lot slower than RSA and so for the authentication portion specifically RSA is a little more preferred mainly because it's a little quicker than DSA the nice thing about EC the ECDSA is that again with the elliptic curve just in general you can use smaller key sizes and achieve the same level of security so actually if you choose the ECDSA you can have smaller key sizes than RSA but you're gonna you're gonna pay the price in terms of speed so it kind of depends on which one you want to go with their speed versus you know key size kind of thing so anyway so that's authentication RSA probably the you know what I would say is the preferred method there as far as cypher this is the block cipher so the symmetric encryption cipher by far the preferred one is AES the advanced encryption standard and I would say that the Galois counter mode is good compared to the cipher block chaining mode which I would say is okay to possibly not good not good in this in the sense that there's a thing called a EAD ciphers the a EAD is authenticated encryption with Associated data and Galois counter mode AES achieves that while cipher block chaining mode does not achieve that again going back up here to TLS 1.3 a EAD ciphers are required for TLS 1.3 so perfect for word secret key exchange and a Eid ciphers are required for tails for nuther so again as that comes on board you're going to need to be using this frankly a lot of the other types of symmetric encryption algorithms like Triple DES or RC 4 or RC 2 or others I'm going to say no next to those those have been proven to either be very slow or susceptible to attack and you don't really want to use those so so stay away from those so basically the cipher is pretty easy you want to use AES and more specifically AES with the Galois counter mode the final one that I'll put maybe I'll put it right over here is the mac message authentication code is the thing that you're going to use there is sha the secure hash algorithm and more specifically sha-256 or you can bump it up a little bit and do sha 384 the other options there are sha-1 so sha-1 but I'm gonna say no on that one as well as md5 and MD 2 this is the message digest version fibers are too kind of thing but those are have been proven to be not effective not secure so sha-256 or sha 384 this 256-bit or 384-bit you know message hashing the the secure hash algorithm so that's the that's the thing that you're gonna want to look at for the Mac so to kind of lay this all out in one sort of a representative cipher Suites what you're going to want to look for or what you're going to want to have included is ideally TLS 1.2 all right for the protocol and then for the key exchange you're gonna want elliptic curve diffie-hellman ephemeral all right and then for the authentication ideally you have AR s a alright and then and again you could use ECDSA here it's that's kind of more of a preference from a security perspective neither one I'm gonna say are completely insecure it's more of a speed you know decision to make there and then next for the block cipher you want a EES I'm gonna say 128-bit + so you could do the you know 128 256 if you're looking at like the koalas SSL server you know tests that you can run on your on your web server they look for 256 to get the hundred percent for the block cipher portion of that grade 128 I think gives you a 90 percent for that portion of the grade so 128 to go 256 is I guess best and then like I said before you're gonna want the Galois counter mode on that and then the last thing I'll put I'm going to kind of wrap around here just a little bit as Shah and I'll just say 256 plus all right so either 256 or 384 for the for the hashing algorithm alright so that's it's like a representative description of a very secure cipher suite if you start getting into anything that's got mixes and matches of any of these others certainly you know going back to the protocol if it's got us two selves ev3 or certainly be - that's not good that's very insecure TLS 1.0 also I would stay away from and then I know we already talked about you know all the different details of all these other ones one of the issues here is that you have to make a decision from a web server configuration or maybe in the f5 perspective and a big IP configuration decision on who are your clients that are connecting to your web application and if you've got some crazy outdated legacy clients you may have a business decision to make where you're forced to respond to those clients and say hey I need to let them connect therefore I'm gonna have to offer up some very weak cipher suites so that they can come in if you don't have to do that then you know here's the here's kind of an outline of what you could do to keep things really really secure so so hopefully this has been helpful to show you what to look for and what to stay away from and why as you configure your cipher suites so so thanks for hanging in there with us on this edition of lightboard lesson hey man if you like this video you can click right up here on our DC ball and subscribe to our YouTube channel and we'll see you guys out there in the community you
Info
Channel: F5 DevCentral
Views: 19,246
Rating: undefined out of 5
Keywords: f5, devcentral, tls, cipher, suite, ssl, aes, rsa, diffie hellman, authentication, encryption, https, security, web, application, server, google, microsoft, big-ip
Id: k_C2HcJbgMc
Channel Id: undefined
Length: 12min 24sec (744 seconds)
Published: Tue Jan 15 2019
Related Videos
What is a TLS Cipher Suite?
F5 DevCentral
101K
TLS Handshake Deep Dive and decryption with Wireshark
David Bombal
215K
Perfect Forward Secrecy
F5 DevCentral
63K
Explaining the GitHub DDoS Attack
F5 DevCentral
31K
What is BIG-IP?
F5 DevCentral
99K
What Are AEAD Ciphers?
F5 DevCentral
19K
Disable Weak Algorithms in OpenSSH (Alma Redhat Rocky)
RandomTech
954
Cryptography Explained: The Science of Code
SciShow
1M
IPS vs WAF
F5 DevCentral
73K
How RSA Works
F5 DevCentral
39K
Explaining TLS 1.3
F5 DevCentral
61K
TLS Handshake Explained - Computerphile
Computerphile
447K
What is a Proxy?
F5 DevCentral
290K
HSTS - HTTP Strict Transport Security - Protect against SSL Stripping attack - Practical TLS
Practical Networking
11K
Breaking Down the TLS Handshake
F5 DevCentral
230K
How to Analyze Code for Vulnerabilities
OWASP DevSlop
29K
Transport Layer Security (TLS) - Computerphile
Computerphile
387K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.