Introduction to TLS and Cipher Suites
A cipher suite is a set of algorithms that computers agree to use to protect data passing between them. It is akin to a spoken language between humans. With humans we have an idea, and that idea is transformed from its raw thought into words and is is passed passed back and forth to other humans using verbal and written encoding in the form of talking and writing letters. Both humans involved in the conversation have to understand the same language. It is the same with computers. With computers, the raw data can undergo several such transformations such as binary encoding, encryption, message validation checks and authentication. These sets of transformations we will call algorithms. Each of those named categories have several competing algorithms. Because there are more than one algorithm, the computers have to choose which algorithm from each category to use.
Key exchange/agreement | Authentication | Block/stream ciphers | Message authentication |
---|---|---|---|
RSA | RSA | RC4 | Hash-based MD5 |
Diffie–Hellman | DSA | Triple DES | SHA hash function |
ECDH | ECDSA | AES | |
SRP | IDEA | ||
PSK | DES | ||
Camellia | |||
ChaCha20 |
To understand more, go to Cipher Suite on Wikipedia
If the connected computers don't both support a full set of the same algorithms then they cannot have a meaningful exchange. In this case, the computers will disconnect and show the user a message like "TLS session failed". The different algorithms are called ciphers in the security world. A set of these ciphers used in tandem to create a secure connection is called a "Cipher Suite".
TLS is the protocol used to help computers decide which cipher suite to use. It defines how to authenticate the computers to each other, and how they will let each other know which cipher suites they support. Simply put, it is the "S" in HTTPS. TLS is the protocol used to secure the internet and most other secure softwares.
The TLS Handshake
The client offers the cipher suites it supports to the server and the server picks one. If there is a compatible cipher suite offered by the client, the server will continue the conversation using the chosen suite. However, if there is no overlap between the suites the client offers, and the ones the server is willing to use, the server will terminate the conversation with the client. This exchange is called the TLS handshake.
Lets learn how to troubleshoot the handshake.
Troubleshooting the Cipher Suite in TLS
Tools
We are going to use a browser to do the easy investigation. We will use Powershell 5.1 or greater to get a list of supported Cipher Suites in .NET. Then we are going to dig deeper into the conversation between the computers using Wireshark which includes NpCap.
Using Chrome to See the Negotiated Cipher Suite
If you go to a secure website or service using Chrome you can see which cipher suite was negotiated. Any HTTPS site will give you this information.
- Go to https://www.venafi.com/
- Press F12 on your keyboard to open the Developer Tools in Chrome
- At the top of the developer tools window, you will see a tab called security. Click it.
- You should see something like the image below
You can see above that in the secure connection settings section that
- The security protocol used is TLS1.2
- The Key Exchange and Authentication is ECDHE_RSA with X25519
- The last part is the encryption algorithm, AES 128 bit with GCM
It is important to note that if you can often connect to services with Chrome when other applications fail. This is because Chrome implements its own version of the Cipher suites, so it is not dependent on what the OS is capable of. You can use this to validate that the server is functioning and that it can in fact create a TLS1.2 session using strong ciphers.
Windows and .NET Do Not Support all Cipher Suites
By default, Windows and .NET have less secure cipher suites disabled. This means that they are not offered to servers as an option. Earlier versions of Windows Server do not support some of the more modern cipher suites. For a complete list of what suites are available to a version of Windows check out
https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel
That web page also shows you how to format the cipher suites configured in Windows. It is important to note from that article which cipher suites are available by default in each version of Windows. If the suite you are looking for is enabled by default, you shouldn't need to change registry settings in order to explicitly enable it.
Discover Which Cipher Suites Are Enabled
PowerShell
PS C:\> Get-TlsCipherSuite | Format-Table -Property CipherSuite, Name
CipherSuite Name
----------- ----
4866 TLS_AES_256_GCM_SHA384
4865 TLS_AES_128_GCM_SHA256
0 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
49195 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
49200 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
49199 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
159 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
158 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
0 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
49187 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
49192 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
49191 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
49162 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
49161 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
49172 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
49171 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
157 TLS_RSA_WITH_AES_256_GCM_SHA384
156 TLS_RSA_WITH_AES_128_GCM_SHA256
61 TLS_RSA_WITH_AES_256_CBC_SHA256
60 TLS_RSA_WITH_AES_128_CBC_SHA256
53 TLS_RSA_WITH_AES_256_CBC_SHA
47 TLS_RSA_WITH_AES_128_CBC_SHA
10 TLS_RSA_WITH_3DES_EDE_CBC_SHA
59 TLS_RSA_WITH_NULL_SHA256
2 TLS_RSA_WITH_NULL_SHA
0 TLS_PSK_WITH_AES_256_GCM_SHA384
168 TLS_PSK_WITH_AES_128_GCM_SHA256
175 TLS_PSK_WITH_AES_256_CBC_SHA384
174 TLS_PSK_WITH_AES_128_CBC_SHA256
177 TLS_PSK_WITH_NULL_SHA384
176 TLS_PSK_WITH_NULL_SHA256
PowerShell will show you which cipher suites are available to .NET. This list shows the CipherSuite number (universal) and the name that Windows machines use to describe the suite. Linux machines will use a different format on the name, although it will be similar, however the suite number will be the same.
Wireshark Gives You the Whole Conversation
Wireshark is an awesome tool for digging deep into what the network is actually sending. It can listen to anything sent over the network card and log every packet so you can see the whole conversation. Go to their docs page to learn how to use Wireshark to its fullest. However, for this exercise, we will do a simple capture of the browser's conversation with the Venafi.com web server.
- Open wireshark
- Click on the Configure Capture button at the top
- Select the interface that will be used for internet traffic
- Add a filter to the capture filter text box
port 443 && host 23.185.0.2 - Click Start
- Open a new private browser and go to https://venafi.com
- Stop the capture
You should have seen a bunch of packets get captured. The ones we are interested in will be at the beginning of the capture. Find the one that says Client Hello in the info field.
If you expand all the nodes after the Transport Layer Security node, you can see all the cipher suites that were offered to the server.
Now look at the Server Hello packet. In this screen capture it was two packets down. This shows which of the offered cipher suites was chosen.
An astute person would have noticed that the ciphers offered in the Client Hello above were not the same cipher suites that PowerShell said we have available. That is because Chrome uses their own list of usable ciphers, and .NET honors the OS settings for which ciphers are ok.
Lets do the same exercise in PowerShell to show the differences.
- First open a PowerShell window.
- Reset the capture in Wireshark using the blue fin icon.
- Run the following command in PowerShell
Invoke-WebRequest -Uri https://venafi.com
- Stop the capture.
Now if you look at the Client Hello in this capture, you will see that instead of 16 entries offered, 21 were offered
In the end, however, the server still picked the same cipher suite.
When The Server Says NO
When the server doesn't find a cipher suite in the Client Hello that it likes, it will send a session termination packet instead of a Server Hello. When this happens, double check with the server's administrator to see if any of the offered cipher suites should have been acceptable. If they are not, then you will have to add them to the Windows registry manually activating those ciphers.
A good place to learn how to do that is here
https://support.microsoft.com/en-us/help/4032720/how-to-deploy-custom-cipher-suite-ordering-in-windows-server-2016
Keep in mind that some cipher suites are not available on older Windows Servers, so even if they are enabled in the registry, they will not be offered to the server in the Client Hello.
Comments