ELBSecurityPolicy-TLS13-1-2-2021-06
Once this policy is updated the server has listed below Ciphers which are supported.
Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253
Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve 25519 DHE 253
Are these Ciphers strong or safe? As per my understanding from web, the GCM ones are strong Ciphers. However when I checked for others, say "ECDHE-RSA-AES128-SHA256" the search results only show "ECDHE_RSA_WITH_AES_128_CBC_SHA256". Looks like this one has vulnerabilities (Beast attack). Are these both same? Is it ok to allow "ECDHE-RSA-AES128-SHA256" and "ECDHE-RSA-AES256-SHA384"
Please advise.
The ciphers you've listed are considered strong and safe for modern applications. Let's break down your concerns:
GCM vs. CBC:
GCM (Galois/Counter Mode) is an authenticated encryption mode of operation that provides both data authenticity (integrity) and confidentiality. It's considered secure and efficient.
CBC (Cipher Block Chaining) is an older mode of operation. While it's still widely used, it has some vulnerabilities, most notably the BEAST attack, as you mentioned. However, BEAST primarily affects TLS 1.0 with CBC-mode ciphers. With the mitigations in place in modern browsers and the fact that you've disabled TLS 1.0, the risk is minimized.
Cipher Naming:
The names "ECDHE-RSA-AES128-SHA256" and "ECDHE_RSA_WITH_AES_128_CBC_SHA256" refer to the same cipher suite. The difference in naming is just a matter of notation between different tools and documentation.
"ECDHE-RSA-AES128-SHA256" uses CBC mode (as indicated by the absence of "GCM" in the name) and SHA-256 for message authentication.
Safety of the Ciphers:
All the ciphers you've listed are currently considered strong. The ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) ensures forward secrecy, meaning that even if an attacker gets hold of a server's private key, they won't be able to decrypt past communications.
The AES (Advanced Encryption Standard) ciphers, whether 128-bit or 256-bit, are robust and widely accepted as secure.
The SHA-256 and SHA-384 are cryptographic hash functions from the SHA-2 family and are considered secure.
Recommendation:
While the ciphers you've listed are strong, if you want to further harden your security posture, you might consider disabling the CBC-mode ciphers ("ECDHE-RSA-AES128-SHA256" and "ECDHE-RSA-AES256-SHA384"). This would leave you with only the GCM-mode ciphers for TLS 1.2 and the TLS 1.3 ciphers, which are all strong.
However, be cautious when disabling ciphers, as it might affect compatibility with older clients. Always test changes in a staging environment before applying them to production.
In summary, your current cipher suite selection is strong, but you can further restrict it by removing CBC-mode ciphers if you're aiming for a stricter security profile and are not concerned about compatibility with some older clients.
#security
#encryption
#tls1.2