SSL/TLS: Components
Resources for Security Engineers to understand & harden the SSL crypto stack. Written 2016-02. Updated 2017-04
What makes up SSL
SSL is a combination of components working together in a specified order to create an encrypted connection. When you look at Cryptography, a single component such as AES just provides the encryption. If we didnt have Diffie Helman to provide a secure key setup, then at the start of the connection we would need to provide the key in clear text so that the client could decrypt the AES data.
| TLS | DH | E | RSA | AES_128_CBC | SHA256 |
|---|---|---|---|---|---|
| Protocol Group | Key Exchange | Ephermeral Status | Authentication | Cipher | HashMAC |
| Used in TLS1 or newer | Diffie Hellman (key exchange) | Ephermeral (ie PFS) | RSA Authentication | AES 128 bit in CBC mode | SHA256 HMAC |
Protocol
A Protocol (eg SSLv3, TLSv1.2) is what defines how an SSL connection is constructed. Within each protocol is a set of minimum and maximum components which can be used (see protocol features matrix below). Each protocol represents the understanding of the day, so each new protocol is more secure than the last based on everything we know about breaking cryptography or fixing faulty components. The protocol also defines the order of events that must be completed before transmiting encrypted data eg the key exchange.
| Protocol | Status | Notes |
|---|---|---|
| SSLv2 | Insecure | Dont Use under any circumstances |
| SSLv3 | Weak | Only use for old legacy clients |
| TLSv1 | Some Issues | Safe to use, but should phase out |
| TLSv1.1 | Safe to use | Use for non 1.2 protocols like SHA1 |
| TLSv1.2 | Safe to use | Recommended to use |
| TLSv1.3 | not out yet |
Key Exchange
Keys exchange is the setup of the master secret which creates the key for encrypting and decrypting the data.
Procedure: In TLS1 with a clean RSA key, the actual RSA key is used for encrypting connections.
| Key Algorithims | Key Sizes | Notes |
|---|---|---|
| RSA | 2048-4096 Standard | |
| Diffie Hellman | 2048-4096 Standard | |
| Elliptic Curve DH | 284-521 Standard | |
| DSS | ||
| DSA |
Perfect Forward Secrecy (PFS)
PFS effectivly changes the master key several times during a session or over a given period of time. The key that generated the public certificate
Cipher
| Ciphers | Status | Notes |
|---|---|---|
| RC4 | Insecure | |
| 3DES | 112bits, Weak | |
| AES | 128-256 Strong | |
| Camellia | 128-256 Strong | |
| ChaCha20 | 256 Strong |
HMAC
| HMAC | Status | Notes |
|---|---|---|
| MD5 | Weak | |
| SHA1 | Weak-Collisions | |
| SHA256 | Strong | |
| SHA384 | Strong | |
| SHA512 | Strong |
Protocol Features Matrix
This table shows the relationship between SSL Protocols and available sub components.
| Protocol | Ciphers (bits) | Modes | Data Integrity (HMAC) | Key Exchange | Features | Strength/Status |
|---|---|---|---|---|---|---|
| SSLv2 | RC4 (40-128), DES (56), 3DES (112), IDEA (128) | Block (CBC), Stream (RC) | MD5 | RSA | Insecure, End Life | |
| SSLv3 | null (0), RC4 (40-128), DES (40, 56), 3DES (112), IDEA (128) | Block (CBC), Stream (RC) | MD5, SHA1 | RSA, DH-RSA, DHE-RSA, DH-DSS, DHE-DSS | PFS | Insecure, End Life |
| TLSv1.0 | null (0), RC4 (40, 128), AES / Camellia / ARIA (128,192,256), SEED (128), DES (40, 56), 3DES (112), GOST (256), IDEA (128) | Block (CBC), Stream (RC) | MD5, SHA1, GOST | RSA, DH-RSA, DHE-RSA, ECDH-RSA, ECDHE-RSA, DH-DSS, DHE-DSS, ECDH-ECDSA, ECDHE-ECDSA, PSK, PSK-RSA, DHE-PSK, ECDHE-PSK, SRP, SRP-DSS, SRP-RSA, Kerberos, DH-ANON, ECDH-ANON, GOST R 34.10-94 / 34.10-2001 | PFS | Moderate, Use TLS1.2 |
| TLSv1.1 | null (0), RC4 (128), AES / Camellia / ARIA (128,192,256), SEED (128), DES (56), 3DES (112), GOST (256), IDEA (128) | Block (CBC), Stream (RC) | MD5, SHA1, GOST | RSA, DH-RSA, DHE-RSA, ECDH-RSA, ECDHE-RSA, DH-DSS, DHE-DSS, ECDH-ECDSA, ECDHE-ECDSA, PSK, PSK-RSA, DHE-PSK, ECDHE-PSK, SRP, SRP-DSS, SRP-RSA, Kerberos, DH-ANON, ECDH-ANON, GOST R 34.10-94 / 34.10-2001 | PFS | Strong, Use TLS1.2 |
| TLSv1.2 | null (0), RC4 (128), AES / Camellia / ARIA (128,192,256), AES-GCM / Camellia-GCM / ARIA-GCM (128,192,256), AES-CCM (128,192,256), SEED (128), DES (56), 3DES (112), GOST (256), IDEA (128), Chacha20-Poly1305 (256) | Block (CBC, CCM, GCM), Stream (Chacha20) | MD5, SHA1, SHA256/384, GOST | RSA, DH-RSA, DHE-RSA, ECDH-RSA, ECDHE-RSA, DH-DSS, DHE-DSS, ECDH-ECDSA, ECDHE-ECDSA, PSK, PSK-RSA, DHE-PSK, ECDHE-PSK, SRP, SRP-DSS, SRP-RSA, Kerberos, DH-ANON, ECDH-ANON, GOST R 34.10-94 / 34.10-2001 | AEAD, PFS | Strong |
| TLSv1.3 | AES-GCM / AES-CCM / Camellia-GCM / ARIA-GCM (128, 192, 256), Chacha20-Poly1305 (256) | Block (CBC, CCM, GCM), Stream (Chacha20) | DHE-RSA, ECDHE-RSA, ECDHE-ECDSA | AEAD, PFS | Strong, not out yet |
TLS1.3 still in draft.. items may change.