Detections
Analytics

7.12 Ensure TLS Cipher Suite ordering is Configured

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Cipher suites are a named combination of authentication, encryption, message authentication code, and key exchange algorithms used for the security settings of a network connection using TLS protocol. Clients send a cipher list and a list of ciphers that it supports in order of preference to a server. The server then replies with the cipher suite that it selects from the client cipher suite list.

Rationale:
Cipher suites should be ordered from strongest to weakest in order to ensure that the more secure configuration is used for encryption between the server and client.
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Avoid cipher suits that do not provide Perfect Forward Secrecy or use weak hashing function, use them only if you need to support backwards compatibility and in the bottom of the list and you will have to create exceptions for the items that cause this to become out of compliance:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (uses SHA-1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (uses SHA-1)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (uses SHA-1)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (uses SHA-1)
TLS_RSA_WITH_AES_256_GCM_SHA384 (lack of Perfect Forward Secrecy)
TLS_RSA_WITH_AES_128_GCM_SHA256 (lack of Perfect Forward Secrecy)
TLS_RSA_WITH_AES_256_CBC_SHA256 (lack of Perfect Forward Secrecy)
TLS_RSA_WITH_AES_128_CBC_SHA256 (lack of Perfect Forward Secrecy)
TLS_RSA_WITH_AES_256_CBC_SHA (uses SHA-1, lack of Perfect Forward Secrecy)
TLS_RSA_WITH_AES_128_CBC_SHA (uses SHA-1, lack of Perfect Forward Secrecy)

Note: HTTP/2 compatibility: first 4 ciphers (in bold) in the top part list are compatible with HTTP/2

Solution

Perform the following to configure TLS cipher suite order:
Set the following key to
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256.
HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002:Functions

To configure TLS cipher suite order using PowerShell enter the following command:

New-Item 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -name 'Functions' -value 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' -PropertyType 'MultiString' -Force | Out-Null

Impact:
Cipher ordering is important to ensure that the most secure ciphers are listed first and will be applied over weaker ciphers when possible.

See Also

https://workbench.cisecurity.org/files/2297

Item Details

References: CSCv7|14.4

Plugin: Windows

Control ID: ad242fdde3957df0a06a38ce603127dad79ae5c26b0107bdd0689a28476ed91b