In our digital day and age, quite a few organizations are still having issues with the correct implementation of SSL certificates and strong encryption protocols. These misconfigurations can carry severe adverse impacts - so why are they being largely ignored?
First, let’s cover the basics: what an SSL certificate is, and why does every business with a web presence need one. Believe it or not, some still don’t have it in place for their websites. You're not one of them, are you?
SSL (Secure Socket Layer) encrypts information being exchanged between the server and the client. It provides authentication, ensuring clients that they are indeed communicating with the intended server; it provides trust that your organization needs in order to successfully operate in the digital world, and it is required for various compliance standards, such as PCI DSS and HIPAA.
However, simply purchasing and implementing the SSL certificate is not enough: a number of encryption protocols and configurations go hand-in-hand with the certificate to protect the data. It is important to periodically review the encryption protocols implemented years ago, as cybersecurity standards and the reliability of cipher suites change over time. Unfortunately, we come across situations where organizations still use encryption protocols such as TLS (Transport Layer Security) 1.0 and 1.1, even though PCI DSS no longer deems TLS 1.0 secure as of June 2018 and major browsers disabled the support of TLS 1.1 as of March 20, 2020.
But let’s say an organization does acquire a proper SSL certificate, disables the use of TLS 1.0 and 1.1 protocols and implements TLS 1.2 and 1.3 - would that be enough? Almost. It is still possible (and again, seen very often) to misconfigure the TLS protocols by implementing weak cipher suites. NIST recommends using cipher suites that offer at least 128-bit encryption or stronger, as well as move away from cipher suites that use DES cipher towards those using AES.
Let’s address the “why” of this problem: why should businesses care to keep their certificates and encryption protocols up to date? After all, the SSL/TLS issues are typically flagged as low priority items during penetration tests and vulnerability assessments and are often moved to the backlog for a long time; they aren't perceived as an immediate concern.
The answer to this "why" is simple: trust. By implementing best cryptographic practices organizations protect their clients, demonstrating proper care and professionalism, which ultimately translates into a strong reputation and a competitive advantage.
Protecting the clients is just as important as protecting the organization’s corporate assets, which means addressing SSL/TLS issues in a timely manner, even if they were assigned a low priority status after a security assessment. We encourage you to check your web server configuration and verify the status of your current SSL Certificate, as well as the strength of the cipher suites. Your customers, regulators and business partners will be grateful.
Bonus: list of strong cipher suites as recommended by NIST Special Publication 800-52 Revision 2.
For TLS 1.2 with ECDSA certificates:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC0, 0x2B)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC0, 0x2C)
TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xC0, 0xAC)
TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xC0, 0xAD)
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xC0, 0xAE)
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xC0, 0xAF)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC0, 0x23)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC0, 0x24)
For TLS 1.2 with RSA certificates:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC0, 0x2F)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC0, 0x30)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x00, 0x9E)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x00, 0x9F)
TLS_DHE_RSA_WITH_AES_128_CCM (0xC0, 0x9E)
TLS_DHE_RSA_WITH_AES_256_CCM (0xC0, 0x9F)
TLS_DHE_RSA_WITH_AES_128_CCM_8 (0xC0, 0xA2)
TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xC0, 0xA3)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC0, 0x27)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC0, 0x28)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x00, 0x67)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x00, 0x6B)
For TLS 1.2 with DSA certificates:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00, 0xA2)
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00, 0xA3)
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x00, 0x40)
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x00, 0x6A)