Review SSL Certificates for Compliance with Upcoming Rules

Management TiPS

Review SSL certificates for compliance with upcoming rules

Summary:

SSL certificates need to be reviewed for compliance with upcoming changes and hardening by browsers. Servers need to be reviewed to see if they are PCI DSS compliant as well as patched for BEAST, FREAK and POODLE vulnerabilities.

SSL cipher testing:

First review your Internet facing servers for compliance with PCI DSS as well as protection from BEAST vulnerabilities in SSL.

You can use the SSL test from Qualys to test your compliance.

For example – I ran the test on a blog server I personally run. https://www.ssllabs.com/ssltest/

Figure 1 - before adjustment the server flunks

As you can see this server flunked. It is not tweaked to disable SSL v2 and v3.

A free tool from https://www.nartac.com/Products/IISCrypto/ can be used to tweak your IIS settings on the server to specifically disable crypto ciphers that should no longer be allowed.

First download the version of the tool needed for your version of the server.

·  IIS Crypto GUI version 1.6 (.Net 2.0, 83 KB)

·  IIS Crypto GUI version 1.6 (.Net 4.0, 98 KB)

For server 2012 and 2012 r2, download IIS Crypto GUI 1.6 .NET 4.0 (Essentials 2012 and 2012 r2 needs this one as well)

For Server 2008 R2 and prior install IIS Crypto GUI 1.6, .NET 2.0

For SBS 2011 the tool will launch and show the following defaults:

Figure 2 - IIS crypto tool

Figure 3 - Default ciphers

Figure 4 - Part two - default ciphers

Figure 5 - Part three - default ciphers

From this screen you can use the templates noted on the right hand side.

Figure 6 - Choose best practices template

Figure 7 - Tool will disable out of date protocols

Choose the best practice template and apply. Now reboot the server and retest.

If you choose the best practice template it will set the cipher order as follows:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

The default cipher order is (in case you need to reset the server for any reason):

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_GCM_SHA384*
TLS_RSA_WITH_AES_128_GCM_SHA256*
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA

We have not found any side effects with the best practice template on SBS 2011/2008 or any Essentials servers.

After rebooting scan again with the Qualys SSL test

Figure 8 - Rescanned server

The server should now come back with a much better scan test.

SSL certificate:

Due to the increasing computing power available to decrypt SSL certificates, the Certificate Authority Browser (CAB) Forum (the entity that establishes SSL industry standards) requires that all SSL certificates issued after Jan. 1, 2014, use at least 2048-bit keys. SSL certificates that use 1024-bit keys are no longer secure. If you are still running the original home server platform there is a KB to install a patch to ensure that you can obtain a 2048 bit key for your SSL certificate. https://support.microsoft.com/en-us/kb/2892162 is the KB you need to follow.

To rekey the certificate or any other godaddy certificate the process is easy and documented here: https://support.godaddy.com/help/article/4976/rekey-certificate

Internal names on external certificates.

For many years the default domain name set by SBS and Essentials servers is a .local domain. While there is a way to adjust this to any domain name you like, a non .com internal domain name or a internal.domain.com as a domain name is actually a wise setup for a small business network. If you call your small server domain.com (inserting the real domain name) you may find that you are unable to provide your client with an external web site location. The default SSL cert wizard inside of SBS 2011 does not add the internal .local domain name to the SSL certificate. Thus no SBS or Essentials server will be affected by the November change to SAN certs.

“All Certificate Authorities (CAs) that are connected to the overall CA/Browser Forum have accepted worldwide renewed and improved guidelines for the issuance of a SAN SSL Certificate. Domain validated certificates may therefore no longer be issued on an invalid Fully-Qualified Domain Name (eg .local).

The reason that is given for the change is that the internal server names are not unique and therefore easy to falsify. With common names like server01 or webmail, the end user is never sure if it is actually dealing with the right party or with a malicious.

The changing legislation for SSL Certificates shall start on 1 November 2015. This means, from that date, the invalid Fully-Qualified Domain Names (hereafter called FQDN) will no longer be accepted at the standard of the CA/Browser Forum and after that date such certificates may no longer be issued. All certificates issued after 1 November 2015 and meet this qualification will be revoked upon discovery.

Users who are requesting a certificate on an invalid FQDN with an expiration date after 1 November 2015 should remember that their certificates will be revoked after 1 November 2015. After this date, no SAN SSL Certificate with a reserved IP address or internal server name will be issued either.”

This document is intended for customers of Third Tier. If you are not yet a customer please to go www.thirdtier.net and then https://helpdesk.thirdtier.net to create an account.

We exist to assist IT firms be better

7