From f8b9cc668b608edf7eba8d76fd93ee155b36a9b4 Mon Sep 17 00:00:00 2001 From: Neil Horlock Date: Mon, 15 Feb 2021 12:41:25 +0000 Subject: [PATCH 1/2] Create CipherList.md Initial version of CipherList as extracted from V1.0 specification --- v1-1-RC1/CipherList.md | 64 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 v1-1-RC1/CipherList.md diff --git a/v1-1-RC1/CipherList.md b/v1-1-RC1/CipherList.md new file mode 100644 index 0000000..8adfbf8 --- /dev/null +++ b/v1-1-RC1/CipherList.md @@ -0,0 +1,64 @@ +# FIXS Recomended Cipher List +## Purpose +This list is the reference list of approved ciphers for use with FIXS + +Ciphers are listed in groups under sub-headings, first by TLS Version and then by use-case + +- [FIXS Recomended Cipher List](#fixs-recomended-cipher-list) + - [Purpose](#purpose) + - [Overview](#overview) + - [TLS1.2](#tls12) + - [Authentication](#authentication) + - [TLS Certificate Authentication](#tls-certificate-authentication) + - [TLS PSK Authentication](#tls-psk-authentication) + +## Overview +The acronyms used in this appendix match those in the TLS Cipher Suite Registry which is authoritative and held at IANA for IETF. We have chosen to use these acronyms as opposed to, for example, using the ones from the OpenSSL cipher suite names. See +http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml or https://www.ietf.org/assignments/tls-parameters/tls-parameters.txt + +## TLS1.2 + +### Authentication +#### TLS Certificate Authentication +The following cipher suite list when using certificates for authentication. This includes using certificates in Simple TLS in conjunction with FIXA. The list ensures Forward Secrecy, avoids deprecated ciphers and should achieve good performance. The cipher suites are specified in our order of preference, starting with the most preferred cipher suite. + +``` +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_DHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_DHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 +``` +This list matches what is recommended as best practice from SSL Labs currently (November 2016), except we have given preference to performance of the TLS Record Protocol rather than the TLS Handshake Protocol's performance. The list should be used in conjunction with Session Caching. + +The list details ECDSA certificate cipher suites followed by RSA certificate ones. It is possible to support both an ECDSA certificate and a RSA certificate at an end point, but only one certificate can be used at a time. In practice, only one kind of certificate is needed. Thus, if you are using an RSA certificate, the ECDSA cipher suites will be ignored so they can be omitted. Likewise, the RSA cipher suites will be ignored and can be omitted for an ECDSA certificate. + +#### TLS PSK Authentication + +It is recommended to use the following cipher suite list when using PSKs for authentication. This is because the list ensures Forward Secrecy, avoids deprecated ciphers and should achieve good performance. The cipher suites are specified in our order of preference, starting with the most preferred cipher suite. +``` +TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 +TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 +TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA +TLS_DHE_PSK_WITH_AES_128_CBC_SHA +TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA +TLS_DHE_PSK_WITH_AES_256_CBC_SHA +TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 +TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 +TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 +TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 +``` +This list follows the same logic as in the list above for [certificate authentication](#tls-certificate-authentication), except it uses the cipher suites available for PSK authentication. From 3a8079220ddd8f02b3c90b80f6394c2390eb1744 Mon Sep 17 00:00:00 2001 From: Neil Horlock Date: Mon, 15 Feb 2021 13:19:01 +0000 Subject: [PATCH 2/2] remove deprecated ciphers CBC and SHA1 are deprecated for TLS1.2 and above. Also added revision table to log key updates --- v1-1-RC1/CipherList.md | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/v1-1-RC1/CipherList.md b/v1-1-RC1/CipherList.md index 8adfbf8..f92e94b 100644 --- a/v1-1-RC1/CipherList.md +++ b/v1-1-RC1/CipherList.md @@ -7,6 +7,7 @@ Ciphers are listed in groups under sub-headings, first by TLS Version and then b - [FIXS Recomended Cipher List](#fixs-recomended-cipher-list) - [Purpose](#purpose) - [Overview](#overview) + - [Revision notes](#revision-notes) - [TLS1.2](#tls12) - [Authentication](#authentication) - [TLS Certificate Authentication](#tls-certificate-authentication) @@ -16,6 +17,13 @@ Ciphers are listed in groups under sub-headings, first by TLS Version and then b The acronyms used in this appendix match those in the TLS Cipher Suite Registry which is authoritative and held at IANA for IETF. We have chosen to use these acronyms as opposed to, for example, using the ones from the OpenSSL cipher suite names. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml or https://www.ietf.org/assignments/tls-parameters/tls-parameters.txt +## Revision notes +For a full list of revisions refer to the git commit history +| Version | Note +|---------|------ +| Initial | First commit, replicates FIXS V1.0 text +| 2021.1 | Updated to remove CBC and SHA1 as these deprecated for use with TLS1.2 and above. + ## TLS1.2 ### Authentication @@ -25,22 +33,10 @@ The following cipher suite list when using certificates for authentication. This ``` TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 -TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -TLS_DHE_RSA_WITH_AES_128_CBC_SHA -TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -TLS_DHE_RSA_WITH_AES_256_CBC_SHA -TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 -TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ``` This list matches what is recommended as best practice from SSL Labs currently (November 2016), except we have given preference to performance of the TLS Record Protocol rather than the TLS Handshake Protocol's performance. The list should be used in conjunction with Session Caching. @@ -52,13 +48,5 @@ It is recommended to use the following cipher suite list when using PSKs for aut ``` TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 -TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA -TLS_DHE_PSK_WITH_AES_128_CBC_SHA -TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA -TLS_DHE_PSK_WITH_AES_256_CBC_SHA -TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 -TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 -TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 -TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 ``` This list follows the same logic as in the list above for [certificate authentication](#tls-certificate-authentication), except it uses the cipher suites available for PSK authentication.