cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5051
Views
10
Helpful
18
Replies

IronPort Message Gateway - TLS Outbound Ciphers

compton18
Level 1
Level 1

Bare with me here, im learning as I go...

We are currently running our outgoing cipher as :  AES256-SHA due to a requirement with a receiving party. We occasionally have an issue sending mail to a few other domains in which we have found disabling TLS fixes the issue. I have been unable to get in touch with the right people or people on the receiving end when this problem occurs to see if they have this cipher available. It appears that if they don't have it that TLS would fail based on this article http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117855-technote-esa-00.html as we have to have a matching cipher in order to send mail over TLS

Is there a way to remotely find out what Ciphers are available on a remote server? I have tired www.checktls.com  but I would assume this negotiates and reports what it can use or negotiate not what is available for me to compare to.

It also looks like I can run multiple ciphers in a specified order but I cant follow the CLI guide it basically says pick one of the following which does not line up with the AES256-SHA setting that is in use..... how would I use AES256-SHA as the primary for my requirement and what other ones should I run that most platforms have and can negotiate with?

In SSLCONFIG I only see the following options when configuring the outgoing cipher, I don't see the one I am currently using or what I can potentially use?

1. SSL v2.

2. SSL v3

3. TLS v1

4. SSL v2 and v3

5. SSL v3 and TLS v1

6. SSL v2, v3 and TLS v1

 

I also don't understand why if TLS  can not agree on a cipher why it would not revert to no TLS. My Default destination control for TLS Support is "Prefered" not required and would have applied to the few domains that I had to disable it for.

18 Replies 18

In the latest build (8.5.6-092).they put the ciphers in the gui, not really much better, but its there.

The syntax is from here: https://www.openssl.org/docs/apps/ciphers.html

My string is MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH

Which means, add the medium ciphers (eg 128 bit), add the high strength ciphers (256), turn of all ssl2 ciphers, turn off null ciphers, sort by strength

 

If you want AES256-SHA first, you could try something like this

AES256-SHA:HIGH:MEDIUM:-SSLv2:-aNULL

 

Are you using a self-signed cert or the demo cert?  some sites won't take a self-signed cert, or a cert that doesn't match the domain of the sending box

 

 

Thanks for the feedback, your example is great and somewhat what I thought was needed. I'm curious how one would pick which ciphers to use and which ones to avoid obviously there are vulnerabilities in many. Looking at the inbound settings - RC4-SHA:RC4-MD5:ALL which I believe is default, I am thinking along the lines of AES256-SHA:HIGH:MEDIUM and maybe using :ALL which would be better than nothing to negotiate with older systems. Do you know the default value?

We have a VeriSign Cert.

Any thought on how to query a receiving mail server for available ciphers?

BTW build 8.5.6-074 has it in the GUI too.

You don't want to use ALL as there are some that are so weak as to be as if you were using nothing.  There's a decent discussion of cipher selection here: http://security.stackexchange.com/questions/7440/what-ciphers-should-i-use-in-my-web-server-after-i-configure-my-ssl-certificate.

 

Not completely applicable but its a start. 

 

I have to do some digging on querying a server on cipher suite support...

Here's how to tell what ciphers the other side supports...

http://security.stackexchange.com/questions/58857/test-starttls-configuration-of-smtp-server

 

You should check out the cli command "tlsverify" also...

Thanks for pointing that out, I had played with that command a bit already and is a good tool to use to test TLS after I change the Ciphers.

Hi, can u help me with ciphers.

I have 9.7.0 AsyncOS, TLS v1/TLS v1.2 (SSL is disabled) and default ciphers RC4-SHA:RC4-MD5:ALL:-aNULL:-EXPORT.

I made scan for vulnerabilities, and report recommendation is to disable RC4.

How correctly disable RC4 and what is better to enable in ciphers now? 

Something like this MEDIUM:HIGH:-aNULL:-EXPORT@STRENGTH ???

I know little about ciphers).

That's a good cipher list.

If you want to make sure RC4 is off, you can do something like this:

MEDIUM:HIGH:!RC4:!aNULL:!EXPORT@STRENGTH

(the ! makes it so later additions to the string can't add that cipher back in... )

 

OK,thanks.

Alter the Methods and Ciphers Used with SSL/TLS

  

Note: The SSL/TLS methods and ciphers should be set based on the specific security policies and preferences of your company. For third-party information in regards to ciphers, refer to the Security/Server Side TLS Mozilla document for recommended server configurations and detailed information.

 

With Cisco AsyncOS for Email Security, an administrator can use the sslconfig command in order to configure the SSL or TLS protocols for the methods and ciphers that are used for GUI communication, advertised for inbound connections, and requested for outbound connections:

 

esa.local> sslconfig

sslconfig settings:
GUI HTTPS method: tlsv1/tlsv1.2
GUI HTTPS ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Inbound SMTP method: tlsv1/tlsv1.2
Inbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Outbound SMTP method: tlsv1/tlsv1.2
Outbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT

Choose the operation you want to perform:
- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]> inbound

Enter the inbound SMTP ssl method you want to use.
1. SSL v2
2. SSL v3
3. TLS v1/TLS v1.2
4. SSL v2 and v3
5. SSL v3 and TLS v1/TLS v1.2
6. SSL v2, v3 and TLS v1/TLS v1.2
[3]>

Enter the inbound SMTP ssl cipher you want to use.
[MEDIUM:HIGH:-SSLv2:-aNULL:!RC4:@STRENGTH:-EXPORT]>

sslconfig settings:
GUI HTTPS method: tlsv1/tlsv1.2
GUI HTTPS ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Inbound SMTP method: tlsv1/tlsv1.2
Inbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Outbound SMTP method: tlsv1/tlsv1.2
Outbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT

Choose the operation you want to perform:
- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]>

 

If changes are made to the SSL configuration, ensure that you commit any and all changes.

 

SSL Methods

 

In AsyncOS for Email Security Versions 9.6 and later, the ESA is set to use the TLS v1/TLS v1.2 method by default. In this case, TLSv1.2 takes precedent for communication, if in use by both the sending and receiving parties. In order to establish a TLS connection, both sides must have at least one enabled method that matches, and at least one enabled cipher that matches.

 

Note: In AsyncOS for Email Security versions prior to Version 9.6, the default has two methods: SSL v3 and TLS v1. Some administrators might want to disable SSL v3 due to recent vulnerabilities (if SSL v3 is enabled).

 

SSL Ciphers

 

When you view the default cipher that is listed in the previous example, it is important to understand the reason that it shows two ciphers followed by the word ALL. Although ALL includes the two ciphers that precede it, the order of the ciphers in the cipher list determines the preference. Thus, when a TLS connection is made, the client picks the first cipher that both sides support based on the order of appearance in the list.

 

Note: The RC4 ciphers are enabled by default on the ESA. In the previous example, the MEDIUM:HIGH is based on the Prevent Negotiations for Null or Anonymous Ciphers on the ESA and SMA Cisco document. For further information in regards to RC4 specifically, refer to the Security/Server Side TLS Mozilla document, and also the On the Security of RC4 in TLS and WPA document that is presented from the USENIX Security Symposium 2013. In order to remove the RC4 ciphers from use, refer to the examples that follow.

  

Through manipulation of the cipher list, you can influence the cipher that is chosen. You can list specific ciphers or cipher ranges, and also reorder them by strength with the inclusion of the @STRENGTH option in the cipher string, as shown here:

 

Enter the inbound SMTP ssl cipher you want to use.
[RC4-SHA:RC4-MD5:ALL]> MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH 

 

Ensure that you review all of the ciphers and ranges that are available on the ESA. In order to view these, enter the sslconfig command, followed by the verify sub-command. The options for the SSL cipher categories are LOW, MEDIUM, HIGH, and ALL:

 

[]> verify

Enter the ssl cipher you want to verify.
[]> MEDIUM

ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5

 

You can also combine these in order to include ranges:

 

[]> verify

Enter the ssl cipher you want to verify.
[]> MEDIUM:HIGH

ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5

 

Any of the SSL ciphers that you do not want configured and available should be removed with the "-" option that precedes the specific ciphers. Here is an example:

 

[]> MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH:-EDH-RSA-DES-CBC3-SHA:
-EDH-DSS-DES-CBC3-SHA:-DES-CBC3-SHA

 

The information in this example would negate the NULLEDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA, and DES-CBC3-SHAciphers from advertisement and prevent their use in the SSL communication.

 

You can also accomplish similar with the inclusion of the "!" character in front of the cipher group or string that you desire to become unavailable:

 

[]> MEDIUM:HIGH:-SSLv2:-aNULL:!RC4:@STRENGTH

 

The information in this example would remove all of the RC4 ciphers from use. Thus, the RC4-SHA and RC4-MD5 ciphers would be negated and not advertised in the SSL communication.

 

If changes are made to the SSL configuration, ensure that you commit any and all changes.

Can also view these articles for assistance:

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117864-configure-esa-00.html

Hi Robert,

I'm looking for a little education here.  

Does the order of HIGH:MEDIUM or MEDIUM:HIGH matter if @STRENGTH is included in the string?  Cisco seems to recommending using the following:

 

MEDIUM:HIGH:!RC4:!MD5:!SSLv2:!aNULL:!EXPORT:@STRENGTH

 

Can you run through what that actually does?  Does it address vulnerabilities with 3DES, DES, CBC3 etc?

No order doesn't matter if you use @Strength.
Yes just uncheck the 1.0 box if you are PCI.
No it doesn deal with the 3DES/DES issues. Add "!DES: !CBC" to remove them.

How cipher strings work is documented here:
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html

If you want to see the end result of your cipher string, in the cli enter "certconfig", then "verify"

It will show you the resulting list of ciphers of the config

Thanks Ken.  Cisco support was telling me that MEDIUM:HIGH would "catch the weak ciphers" but I wasn't sure how that could work.

 

Do you mean SSLconfig?  I don't think certconfig has that option. 

Yes. Sorry. SSLconfig.

In the end it's all about being flexible where you can be... inevitably you'll have a business partner somewhere who you can't convince to change their cipher set... so do you send with a weaker cipher? Or with envelope encryption? Or in the clear? Or not at all?



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: