Skip to main content

How do I know which cipher suites can be disabled? [Resolved]

I have just performed a test on my personal webiste via SSLlabs.com and I'm apparently supporting some weaker ciphers. I've managed to improve several settings (like CAA), but I'm getting stuck at the ciphers.
I've been looking around a bit, but can't really find a method to determine which can be disabled, and which should remain allowed.

Is there a method I can apply, or some check, or a list of current smart config? I'm assuming I can't just turn of all ciphers marked 'weak' if I want at least a mayority support (It's a private server for some small projects, you may assume modern hard-/software accesses it).


If it helps, this is the list:

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)    ECDH x25519 (eq. 3072 bits RSA)   FS            256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)          ECDH x25519 (eq. 3072 bits RSA)   FS            128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)          ECDH x25519 (eq. 3072 bits RSA)   FS            256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)              DH 2048 bits   FS                               128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)              DH 2048 bits   FS                               256

// All below are weak
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)          ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK     256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)              DH 2048 bits   FS   WEAK                        128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)                 DH 2048 bits   FS   WEAK                        128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)              DH 2048 bits   FS   WEAK                        256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)                 DH 2048 bits   FS   WEAK                        256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK                                                           128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK                                                           256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK                                                           128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK                                                           256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK                                                              128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK                                                              256

Question Credit: Martijn
Question Reference
Asked May 16, 2019
Posted Under: Security
71 views
1 Answers

The required cipher suites depends entirely on the clients that are expected to use the service. As SSL Server Test from Qualys SSL Labs is designed for testing publicly accessible web servers, we can assume this is a web application. All current versions of major browsers are able to handle TLS 1.2+ with the recommended cipher suites from RFC 7525, 4.2, making it a good starting point for a highly secure configuration:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)

Then, from the SSL Labs report, the Handshake Simulation section is handy tool for detecting the common clients you can't serve with these cipher suites alone:

Handshake Simulation

If you e.g. wish to server older Apple devices with Safari, the best cipher suite available for them is:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  ECDH secp256r1 (eq. 3072 bits RSA)   FS  WEAK

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 added

From the list that leaves... who is using a Windows 8.1 Phone anyway. ;)

Likewise, if you need additional browsers or devices supported, you could use the browser test for figuring out a suitable cipher suite. Also notice that the variants using (Cipher Block Chaining) CBC mode aren't weak in themselves, but SSL Labs considers them weak because of the many vulnerable implementations.


credit: Esa Jokinen
Answered May 16, 2019
Your Answer