Let's Encrypt and SSL Labs weak Cipher Suites

Server
1

I’ve run our site through the SSL Server Test at ssllabs.com. The overall rating is A, which is great (huge thanks to Let’s Encrypt for this.) Everything is basically “green” on the page, except the Cipher Suites sections that shows a number of weak suites. Now, suites priority has been set on the server side, so I’m not worry because these are at the very bottom at the list. However, should I be concern at all? If so, is there a way to get them all in the “green” zone? Or should I remove them?

This is the weak suites in question:

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK |112|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 2048 bits   FS   WEAK |112|
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK |128|
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK |256|
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK |128|
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK |256|
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK |128|
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK |256|
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK |112|

And this is the Apache SSLCipherSuite entry:

SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

Thanks for your help.


Adriano

2

It’s using Mozilla’s “intermediate compatibility” cipher suite configuration.

https://wiki.mozilla.org/Security/Server_Side_TLS

https://mozilla.github.io/server-side-tls/ssl-config-generator/

In my opinion, it’s a reasonable choice. In my opinion, a different configuration – like Mozilla’s “modern compatibility” option – that reduces compatibility with old clients and increases security is also a reasonable choice.

As you said, the least good options are at the bottom of the list, so modern clients will always choose something better.

It’s your choice whether to stick with the default or change it to something else.

Editing the file should be safe. I think any changes will be preserved next time Certbot is upgraded, but I’m not 100% sure.

Future versions of Certbot may make these options more easily configurable.

1 Like
3

The consequence of that, by the way, is that if you remove the weak ones, some browsers may no longer be able to connect to your site. SSL Labs can also show you the compatibility situation by simulating the behavior of those browsers.

As @mnordhoff has alluded to, the reason for this configuration involves Mozilla’s thinking about browser compatibility. Many sites continue to optionally support some older cryptographic technology because that’s necessary in order to support connections from older web browsers. That does not mean that newer web browsers will use these technologies when they connect to those sites.

2 Likes
4

Thanks a lot, @mnordhoff and @schoen for the input. Much appreciated.

5

Triple-DES has been considered weak by SSL Labs for a while due to the potential vulnerability to the SWEET32 attack.
It appears recently SSL Labs is now tagging RSA-only suites as weak too, however it currently does not impact the grade, as I still earn an A+. RSA-only suites are tagged weak because they lack Forward Secrecy.
SSL Labs also considers to be preferable DHE_RSA, ECDHE_RSA, and ECDHE_ECDSA (last one requires an EC certificate) with AEAD ciphers like AES_GCM and CHACHA20_POLY1305.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.