While there have been many threats in SSL/TLS encryption in the past two years, there have also been new standards and security principles. Unlike Linux which uses the OpenSSL library, Windows uses the Secure Schannel Library for SSL/TLS encryption. While this protected you from the so-called heartbleed bug, other bugs (such as Poodle) were later found in the outdated encryption standard SSL (the predecessor of the current TLS standard) that Windows server system administrators should pay attention to.
Unfortunately, the default settings of Schannel for Windows server versions 2008 R2 – 2012 R2 aren’t ideal and no longer state-of-the-art. For instance, SSL versions 2.0/3.0, dating back to 1995/1996, are still active by default on server 2008 R2. Both encryption standards are now considered security risks and should be replaced by TLS 1.0 – 1.2 as quickly as possible. The same goes for stream cipher RC4 (BEAST).
The status of SSL/TLS published HTTPS websites can be checked via IT security company Qualys’ SSLTest. If the test yields results similar to the one below, the Schannel library should be configured as described in order to get an A rating.
The test result for the Windows server 2008 R2 without updates and default setting looks like this:
The current version 2012 R2 looks better:
Even server 2008 R2 can yield an A rating if you follow the steps below. The Schannel configuration functions exclusively via the registration key below HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL and SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL in the Windows registry. Please note that changes will only become active after a restart.
- Installation of all available Windows security patches
- Back-up Registry Key Schannel (storage location of Schannel configuration)
- Back-up Registry Key SSL (storage location of cipher suite order)
- The precise documentation of registry settings for Schannel can be found in the Microsoft KB article KB187498 and on the TechnetBlog. Alternatively, you can manage settings via the IIS Crypto tool:
- Subsequently, the preferred cipher suite order needs to be modified to activate the security feature Perfect Forward Secrecy.
Rearranging can happen via a suitable group policy in Computer Configuration > Administrative Templates > Network > SSL Configuration Settings > SSL Cipher Suite Order.Alternatively, you could use the IIS Crypto tool to achieve this.This is a recommended order:’TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521′,’TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384′,’TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521′,’TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384′,
‘TLS_RSA_WITH_AES_256_GCM_SHA384’ and ‘TLS_RSA_WITH_AES_128_GCM_SHA256’ should only be active on server 2012 R2 since the relevant update KB2992611 for earlier server versions includes errors that can lead to connection termination (see KB article).
Windows Server 2016 includes new cipher suites based on GCM. Additionally, the key length has increased to 2048 Bit (Logjam). Thus, for server 2016 the following orders may be put at the very beginning (in addition to the previous order):
Please note that Cipher TLS_ECDHE_ECDSA_* are only active for ECC certificates (Eliptic Curve Cryptography) not for normal certificates based on a RSA Private Key.
This warning with Schannel can currently only be avoided can only be avoided with a ECC Certificate (using the ECDSA Cipher with GCM) or the future use of Windows Server 2016.
- The modified configuration is only active after a server restart and should trigger an A rating for the SSL test: