Up until the Snowden revelations SSL/TLS standards were something that had very little attention paid to them: if it was there, it was doing it’s job – but it turns out that isn’t so. In order to provide clients the greatest level of transport security possible, so to protect against threats like monitoring and protocol/cipher downgrade attacks, a little work is required. In a recent post, Zero Trust, I alluded to a suite of scripts used to harden Microsoft web server configurations, and by using these the level of transport security provided out of a Microsoft web server is considered more than ample by industry standards. When applied a server should score an A on the Qualys SSL Labs test.
The script applies a variety of changes, first beginning with the application of secure HTTP response headers:
X-XSS-Protection: 1; mode=block
The above should be considered a minimum, base configuration for a web server. Others (such as Content-Security-Policy) may also be added, and headers such as X-Frame-Options and cache-control may be adjusted according to individual application requirements.
As well as this, and the main function of the scripts, optimised cryptography standards are set:
Weak Ciphers Disabled: NULL, DES, RC2 and RC4.
Insecure Protocols Disabled: PCT, MPUH, SSL2.0 and SSL3.0
Strong Ciphers Enabled: TDES, AES128 and AES256.
Strong Key Exchanges Enabled: PKCS and DH (enabling perfect forward secrecy).
Secure Protocols Enabled: TLS1.0, TLS1.1 and TLS1.2.
WDigest Algorithm: 3DES
SSL Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
A batch file is used to detect the OS and apply the changes suitable for the particular one in use. Although it’s not in common use any more, Server 2003 is supported, however unlike Server 2008 and 2012 it does not support AES out of the box (requires the application of KB948963), does not have support for PFS key exchanges and does not allow you to define the cipher suite list.
You can find the scripts on GitHub.
An update of this post is available here.