 |
 |
Since crypto as a whole is under a lot of scrutiny with heartbleed and now the Poodle attack, here's what we've done to mitigate things. Disable SSL3 in IE, enable TLS 1.1/1.2 This one is easy. In the Advanced Settings tab of IE, scroll to the bottom and uncheck SSL 2/3 if either are enabled, and make sure TLS 1.0/1.1/1.2 are all enabled (1.1/1.2 typically are not). The IE Group Policy Object also allows you to configure and lock this down easily. This is the MS recommend mitigation until they patch out SSL3. Other Browsers I haven't found a way to disable SSL3 in Chrome, but considering their rapid update cycle they will probably patch it out for you. In Firefox, go to about:config and change the value on security.tls.version.min from 0 to 1. This will bump up the minimum protocol to TLS 1.0, disabling SSL3. This change will likely come in a patch in the next few days as well. No idea about Safari. Disable SSL3 in SCHANNEL, enable TLS 1.1/1.2 Unfortunately there isn't a built-in group policy object to do it, so the attached SSL-TLS Config.reg file will do it for you. It disables SSL3 (along with SSL2, and PCT1 if they were enabled somehow) as well as enabling TLS 1.1/1.2 if they are supported on the OS. XP/2003 only supports TLS1.0, but it will ignore the reg keys for the protocols it doesn't have and is safe to do across the board. Install Server 2003 AES Hotfix http://support.microsoft.com/kb/948963 If you still have any 2003 systems kicking around, install this hotfix to add support for some basic AES ciphers in addition to the RC4 (bad) and 3DES (okay) ones that it comes with. It won't apply to XP, but nobody is still using any of those systems at this point, right? ;) Define SCHANNEL SSL Cipher Suite Order Policies\Admin Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order This one needs to be done through GPO, might be possible to do through a registry merge but I'm not sure where they keys live. Use the attached schannel config.txt file to define which cipher suites should be used, in order of preference. The first ones use elliptic curve key exchange which is very good, but only supported on newer devices. The last three on the list (TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA) are your legacy suites to support old devices. Android 2.3 , Java 6, and Server 2003 clients with the mentioned hotfix will use the first two AES suites, XP systems or 2003 systems without the AES hotfix will use the 3DES suite which is still secure at this point. If you don't have any 2003/XP systems on your network, you can probably drop 3DES. With all that done, your HTTPS IIS websites should be validating like this: https://www.ssllabs.com/ssltest/analyze.html?d=ipf.msu.edu&hideResults=on Which is about as good as you can get it for now without cutting off Android 2.3 devices, which there are still a good number of floating around.