There are two fundamental changes we would like to move towards to enhance our security posture, the use of the SHA-2 signed certificates and to disable SSL v.3.0 server-side support. To accommodate a wide range of client/server combinations, the following information should be used as the minimum standard to ensure that you are achieving the best possible protection without compromising compatibility with most major client operating systems:
Cipher Suites: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Versions: TLSv1, TLSv1.1, TLSv1.2
RSA Key Size: 2048
Certificate Signature: SHA-256
The order of the cipher suites here is important, as it determines which algorithms will be selected in priority; The standard above prioritizes algorithms that provide perfect forward secrecy. The minimum key length is 2048-bit, moving beyond this is computationally intensive with little immediate security gain. NIST speculates that a 2048-bit key won’t be compromised until approx. 2030.
For the Windows environment, Nartac Software offers a free tool known as IIS Crypto that gives administrators the ability to customize the operating systems SSL/TLS protocols, ciphers, hashes, key exchanges, and specify the cipher suite order. Typically, I find that FIPS 140-2 present template will configure your server to meet the above standards. Depending upon the application and operating system, the procedure and tools may vary. This particular tool is targeted towards web applications that are delivered via IIS. Apache on Windows utilizes OpenSSL and requires an application-specific configuration change to adhere to these standards.
To insure the proper functionality of services utilizing InCommon certificates, the intermediate certificate (provided by InCommon via the Certificate Manager) should be included in the certificate chain. InCommon is an Intermediate CA (signing certificate on behalf of Comodo), so the InCommon intermediate certificate is required to provide proper validation of the service’s certificate. You can also download the SHA-2 intermediate certificate from the following link: incommon_sha2_interm.crt
For additional reference, please refer to following URL: Security/Sever Side TLS. If you have any questions and/or concerns, please do not hesitate to contact Mike Lang, Dylan Marquis, or Jonathan Gill. You may contact any of the above for general advice or configuration verification. More specifically, Dylan can help configure Linux systems and Jonathan can help with any Windows configuration questions. Mike can also help configure Linux systems and run verification scans to ensure the configuration is correct.
Furthermore, for public facing websites, we found that Qualys SSL Labs provides a great online SSL Server Test tool. It performs analysis of the configuration of any SSL/TLS web server and runs handshake simulations with most popular operating systems and web browsers to ensure that your configuration will meet the needs of your users. It’s recommended to leverage this tool to validate your configuration before/after changes to your server configuration.