Sunday, July 12, 2015

Checking Browser Cipher Suites

My previous blog showed you an easy way to check the cipher suites offered by a server. Now I will show you an easy way to check your browser's cipher suites.

The team at the  "Distributed Computing & Security (DCSec) Research Group" of the Leibniz Universität Hannover have created a web page that pulls all of the cipher suites out of your browser - Cipher Suites Supported by Your Browser (ordered by preference). A big thank you to the team that created this site! 

NOTE: the German site is no longer up. Please use Qualys.com instead

Qualys Client Test


I wanted to see how bad IE6 on Windows XP really was so I fired up my XP SP3 Virtual Machine and went to the site. Yikes it's bad! My favorite cipher in the list is RC2 with 40 bit key size!

I highlighted the connection that my browser made in red, it's SSL3.0 with RC4 and SHA1. Well, at least it isn't vulnerable to BEAST!

For all of the corporate IT folks that have to run IE6 because of legacy applications here are the results:

SpecCipher_Suite_NameKey_SizDescription
(00,04)RSA-RC4128-MD5128 BitKey exchange: RSA, encryption: RC4, MAC: MD5.
(00,05)RSA-RC4128-SHA128 BitKey exchange: RSA, encryption: RC4, MAC: SHA1
(00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
(01,0080)RC4128-MD5128 BitKey exchange: RC4, encryption algorithm is unknown, MAC: MD5.
(07,00c0)DES192-EDE3-MD5168 BitKey exchange: Data Encryption Standard (DES), encryption algorithm is unknown, MAC: MD5.
(03,0080)RC2128-MD5128 BitKey exchange: RC2, encryption algorithm is unknown, MAC: MD5.
(00,09)RSA-DES-SHA56 BitKey exchange: RSA, encryption: DES, MAC: SHA1.
(06,0040)DES64-MD556 BitKey exchange: Data Encryption Standard (DES), encryption algorithm is unknown, MAC: MD5.
(00,64)RSA-EXPORT1024-RC456-SHA56 BitKey exchange: RSA, encryption: RC4, MAC: SHA1.
(00,62)RSA-EXPORT1024-DES-SHA56 BitKey exchange: RSA, encryption: DES, MAC: SHA1.
(00,03)RSA-EXPORT-RC440-MD540 BitKey exchange: RSA, encryption: RC4, MAC: MD5.
(00,06)RSA-EXPORT-RC2-CBC40-MD540 BitKey exchange: RSA, encryption: RC2, MAC: MD5.
(02,0080)RC4128-EXPORT40-MD540 BitKey exchange: RC4, encryption algorithm is unknown, MAC: MD5.
(04,0080)RC2128-EXPORT40-MD540 BitKey exchange: RC2, encryption algorithm is unknown, MAC: MD5.
(00,13)DHE-DSS-3DES-EDE-SHA168 BitKey exchange: DH, encryption: 3DES, MAC: SHA1.
(00,12)DHE-DSS-DES-SHA56 BitKey exchange: DH, encryption: DES, MAC: SHA1.
(00,63)DHE-DSS-EXPORT1024-DES-SHA56 BitKey exchange: DH, encryption: DES, MAC: SHA1.

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E)Preferred SSL/TLS version: SSLv3SNI information: Your
browser did not send SNI information.SSL stack current time: The TLS stack of your browser did not send a time value.

This connection uses SSLv3 with RC4-SHA and a 128 Bit key for encryption.
Raw: Version: 3.0 Ciphers:04,05,0a,010080,0700c0,030080,09,060040,64,62,03,06,020080,040080,13,12,63 Extensions: The TLS stack of your browser did not send
extensions.Remote Time: The TLS stack of your browser did not send a time value.

This service is provided by the DCSEC research group at Leibniz University Hannover. Imprint
If you have any comments or questions please contact Sascha Fahl
***************************************

Next I went to the site with Firefox 39 on XP SP3 and the results were much different! Even running on XP SP3 Firefox provided modern cipher suites and didn't offer the "Export Grade" suites used by Logjam.

The connection negotiated was the latest TLSv1.2 with Elliptic Curve DH Ephemeral to give Perfect Forward Secrecy and SHA 256 for the MAC! Again, I highlighted the connection in red.
***************************************
SpecCipher Suite NameKey SizeDescription
(c0,2b)ECDHE-ECDSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(c0,2f)ECDHE-RSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(c0,0a)ECDHE-ECDSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,09)ECDHE-ECDSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,13)ECDHE-RSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,14)ECDHE-RSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(00,33)DHE-RSA-AES128-SHA128 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(00,39)DHE-RSA-AES256-SHA256 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(00,2f)RSA-AES128-SHA128 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,35)RSA-AES256-SHA256 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
Further information:
User-Agent:
Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101 Firefox/39.0
Preferred SSL/TLS version:
TLSv1
SNI information:
cc.dcsec.uni-hannover.de
SSL stack current time:
The TLS stack of your browser did not send a time value.

This connection uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256 and a 128 Bit key for encryption.

Raw:
Version:
3.1
Ciphers:
c02b,c02f,c00a,c009,c013,c014,33,39,2f,35,0a
Extensions:
0000,ff01,000a,000b,0023,3374,0010,0005,000d
Remote Time:
The TLS stack of your browser did not send a time value.

This service is provided by the DCSEC research group at Leibniz University Hannover. Imprint
If you have any comments or questions please contact Sascha Fahl
***************************************

Next I tried my Samsung s5 running Google Chorme. To my surprise it supported the latest cipher suites and no "Export Grade" ciphers.

***************************************
SpecCipher Suite NameKey SizeDescription
(cc,14)ECDHE-ECDSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256.
(cc,13)ECDHE-RSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256.
(cc,15)DHE-RSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: DH, encryption: ChaCha20 Poly1305, MAC: SHA256.
(c0,2b)ECDHE-ECDSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(c0,2f)ECDHE-RSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(00,9e)DHE-RSA-AES128-GCM-SHA256128 BitKey exchange: DH, encryption: AES, MAC: SHA256.
(c0,0a)ECDHE-ECDSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,14)ECDHE-RSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(00,39)DHE-RSA-AES256-SHA256 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(c0,09)ECDHE-ECDSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,13)ECDHE-RSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(00,33)DHE-RSA-AES128-SHA128 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(00,9c)RSA-AES128-GCM-SHA256128 BitKey exchange: RSA, encryption: AES, MAC: SHA256.
(00,35)RSA-AES256-SHA256 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,2f)RSA-AES128-SHA128 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
(00,ff)EMPTY-RENEGOTIATION-INFO-SCSV0 BitUsed for secure renegotation.
Further information:

User-Agent:Mozilla/5.0 (Linux; Android 5.0; SM-G900V Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile

Safari/537.36
Preferred SSL/TLS version: TLSv1
SNI information: cc.dcsec.uni-hannover.de
SSL stack current time: The TLS stack of your browser did not send a time value.

This connection uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256 and a 128 Bit key for encryption.

***************************************

Conclusions

  • Don't use IE6 for anything you don't have too!  
  • Keep your browser updated. Firefox and Chrome especially are rapidly upgrading their cipher suites.
  • If you use Firefox install the Calomel Addon to quickly see what ciphers a connection is using.
  • If you are responsible for maintaining a web server read the Mozilla Wiki on Server Side Security and make sure you have the best cipher suites that your clients can use.
  • If you are responsible for a Windows IIS web server use Steve Gibson's Ordered and Curated cipher suite list
  • Read the ars Technica blog on Massive leak reveals Hacking Team’s most private moments in messy detail to see how dangerous the Internet really is.



2 comments:

  1. As of March 2017 the "SSL Cipher Suite Details" site no longer loads in IE 6, 7, or 8.

    This site provides similar functionality and still works as far back as IE 6: https://www.ssllabs.com/ssltest/viewMyClient.html

    ReplyDelete