The team at the "Distributed Computing & Security (DCSec) Research Group" of the Leibniz Universität Hannover have created a web page that pulls all of the cipher suites out of your browser - Cipher Suites Supported by Your Browser (ordered by preference). A big thank you to the team that created this site!
NOTE: the German site is no longer up. Please use Qualys.com instead
Qualys Client Test
I wanted to see how bad IE6 on Windows XP really was so I fired up my XP SP3 Virtual Machine and went to the site. Yikes it's bad! My favorite cipher in the list is RC2 with 40 bit key size!
I highlighted the connection that my browser made in red, it's SSL3.0 with RC4 and SHA1. Well, at least it isn't vulnerable to BEAST!
For all of the corporate IT folks that have to run IE6 because of legacy applications here are the results:
| Spec | Cipher_Suite_Name | Key_Siz | Description |
|---|---|---|---|
| (00,04) | RSA-RC4128-MD5 | 128 Bit | Key exchange: RSA, encryption: RC4, MAC: MD5. |
| (00,05) | RSA-RC4128-SHA | 128 Bit | Key exchange: RSA, encryption: RC4, MAC: SHA1 |
| (00,0a) | RSA-3DES-EDE-SHA | 168 Bit | Key exchange: RSA, encryption: 3DES, MAC: SHA1. |
| (01,0080) | RC4128-MD5 | 128 Bit | Key exchange: RC4, encryption algorithm is unknown, MAC: MD5. |
| (07,00c0) | DES192-EDE3-MD5 | 168 Bit | Key exchange: Data Encryption Standard (DES), encryption algorithm is unknown, MAC: MD5. |
| (03,0080) | RC2128-MD5 | 128 Bit | Key exchange: RC2, encryption algorithm is unknown, MAC: MD5. |
| (00,09) | RSA-DES-SHA | 56 Bit | Key exchange: RSA, encryption: DES, MAC: SHA1. |
| (06,0040) | DES64-MD5 | 56 Bit | Key exchange: Data Encryption Standard (DES), encryption algorithm is unknown, MAC: MD5. |
| (00,64) | RSA-EXPORT1024-RC456-SHA | 56 Bit | Key exchange: RSA, encryption: RC4, MAC: SHA1. |
| (00,62) | RSA-EXPORT1024-DES-SHA | 56 Bit | Key exchange: RSA, encryption: DES, MAC: SHA1. |
| (00,03) | RSA-EXPORT-RC440-MD5 | 40 Bit | Key exchange: RSA, encryption: RC4, MAC: MD5. |
| (00,06) | RSA-EXPORT-RC2-CBC40-MD5 | 40 Bit | Key exchange: RSA, encryption: RC2, MAC: MD5. |
| (02,0080) | RC4128-EXPORT40-MD5 | 40 Bit | Key exchange: RC4, encryption algorithm is unknown, MAC: MD5. |
| (04,0080) | RC2128-EXPORT40-MD5 | 40 Bit | Key exchange: RC2, encryption algorithm is unknown, MAC: MD5. |
| (00,13) | DHE-DSS-3DES-EDE-SHA | 168 Bit | Key exchange: DH, encryption: 3DES, MAC: SHA1. |
| (00,12) | DHE-DSS-DES-SHA | 56 Bit | Key exchange: DH, encryption: DES, MAC: SHA1. |
| (00,63) | DHE-DSS-EXPORT1024-DES-SHA | 56 Bit | Key exchange: DH, encryption: DES, MAC: SHA1. |
User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E)Preferred SSL/TLS version: SSLv3SNI information: Your
browser did not send SNI information.SSL stack current time: The TLS stack of your browser did not send a time value.
This connection uses SSLv3 with RC4-SHA and a 128 Bit key for encryption.
Raw: Version: 3.0 Ciphers:04,05,0a,010080,0700c0,030080,09,060040,64,62,03,06,020080,040080,13,12,63 Extensions: The TLS stack of your browser did not send
extensions.Remote Time: The TLS stack of your browser did not send a time value.
This service is provided by the DCSEC research group at Leibniz University Hannover. Imprint
If you have any comments or questions please contact Sascha Fahl
***************************************
Next I went to the site with Firefox 39 on XP SP3 and the results were much different! Even running on XP SP3 Firefox provided modern cipher suites and didn't offer the "Export Grade" suites used by Logjam.
The connection negotiated was the latest TLSv1.2 with Elliptic Curve DH Ephemeral to give Perfect Forward Secrecy and SHA 256 for the MAC! Again, I highlighted the connection in red.
***************************************
| Spec | Cipher Suite Name | Key Size | Description |
|---|---|---|---|
| (c0,2b) | ECDHE-ECDSA-AES128-GCM-SHA256 | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA256. |
| (c0,2f) | ECDHE-RSA-AES128-GCM-SHA256 | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA256. |
| (c0,0a) | ECDHE-ECDSA-AES256-SHA | 256 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (c0,09) | ECDHE-ECDSA-AES128-SHA | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (c0,13) | ECDHE-RSA-AES128-SHA | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (c0,14) | ECDHE-RSA-AES256-SHA | 256 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (00,33) | DHE-RSA-AES128-SHA | 128 Bit | Key exchange: DH, encryption: AES, MAC: SHA1. |
| (00,39) | DHE-RSA-AES256-SHA | 256 Bit | Key exchange: DH, encryption: AES, MAC: SHA1. |
| (00,2f) | RSA-AES128-SHA | 128 Bit | Key exchange: RSA, encryption: AES, MAC: SHA1. |
| (00,35) | RSA-AES256-SHA | 256 Bit | Key exchange: RSA, encryption: AES, MAC: SHA1. |
| (00,0a) | RSA-3DES-EDE-SHA | 168 Bit | Key exchange: RSA, encryption: 3DES, MAC: SHA1. |
User-Agent:
Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101 Firefox/39.0
Preferred SSL/TLS version:
TLSv1
SNI information:
cc.dcsec.uni-hannover.de
SSL stack current time:
The TLS stack of your browser did not send a time value.
This connection uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256 and a 128 Bit key for encryption.
Raw:
Version:
3.1
Ciphers:
c02b,c02f,c00a,c009,c013,c014,33,39,2f,35,0a
Extensions:
0000,ff01,000a,000b,0023,3374,0010,0005,000d
Remote Time:
The TLS stack of your browser did not send a time value.
This service is provided by the DCSEC research group at Leibniz University Hannover. Imprint
If you have any comments or questions please contact Sascha Fahl
***************************************
Next I tried my Samsung s5 running Google Chorme. To my surprise it supported the latest cipher suites and no "Export Grade" ciphers.
***************************************
| Spec | Cipher Suite Name | Key Size | Description |
|---|---|---|---|
| (cc,14) | ECDHE-ECDSA-CHACHA20-POLY1305-SHA256 | 128 Bit | Key exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256. |
| (cc,13) | ECDHE-RSA-CHACHA20-POLY1305-SHA256 | 128 Bit | Key exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256. |
| (cc,15) | DHE-RSA-CHACHA20-POLY1305-SHA256 | 128 Bit | Key exchange: DH, encryption: ChaCha20 Poly1305, MAC: SHA256. |
| (c0,2b) | ECDHE-ECDSA-AES128-GCM-SHA256 | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA256. |
| (c0,2f) | ECDHE-RSA-AES128-GCM-SHA256 | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA256. |
| (00,9e) | DHE-RSA-AES128-GCM-SHA256 | 128 Bit | Key exchange: DH, encryption: AES, MAC: SHA256. |
| (c0,0a) | ECDHE-ECDSA-AES256-SHA | 256 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (c0,14) | ECDHE-RSA-AES256-SHA | 256 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (00,39) | DHE-RSA-AES256-SHA | 256 Bit | Key exchange: DH, encryption: AES, MAC: SHA1. |
| (c0,09) | ECDHE-ECDSA-AES128-SHA | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (c0,13) | ECDHE-RSA-AES128-SHA | 128 Bit | Key exchange: ECDH, encryption: AES, MAC: SHA1. |
| (00,33) | DHE-RSA-AES128-SHA | 128 Bit | Key exchange: DH, encryption: AES, MAC: SHA1. |
| (00,9c) | RSA-AES128-GCM-SHA256 | 128 Bit | Key exchange: RSA, encryption: AES, MAC: SHA256. |
| (00,35) | RSA-AES256-SHA | 256 Bit | Key exchange: RSA, encryption: AES, MAC: SHA1. |
| (00,2f) | RSA-AES128-SHA | 128 Bit | Key exchange: RSA, encryption: AES, MAC: SHA1. |
| (00,0a) | RSA-3DES-EDE-SHA | 168 Bit | Key exchange: RSA, encryption: 3DES, MAC: SHA1. |
| (00,ff) | EMPTY-RENEGOTIATION-INFO-SCSV | 0 Bit | Used for secure renegotation. |
User-Agent:Mozilla/5.0 (Linux; Android 5.0; SM-G900V Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile
Safari/537.36
Preferred SSL/TLS version: TLSv1
SNI information: cc.dcsec.uni-hannover.de
SSL stack current time: The TLS stack of your browser did not send a time value.
This connection uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256 and a 128 Bit key for encryption.
***************************************
Conclusions
- Don't use IE6 for anything you don't have too!
- Keep your browser updated. Firefox and Chrome especially are rapidly upgrading their cipher suites.
- If you use Firefox install the Calomel Addon to quickly see what ciphers a connection is using.
- If you are responsible for maintaining a web server read the Mozilla Wiki on Server Side Security and make sure you have the best cipher suites that your clients can use.
- If you are responsible for a Windows IIS web server use Steve Gibson's Ordered and Curated cipher suite list
- Read the ars Technica blog on Massive leak reveals Hacking Team’s most private moments in messy detail to see how dangerous the Internet really is.
As of March 2017 the "SSL Cipher Suite Details" site no longer loads in IE 6, 7, or 8.
ReplyDeleteThis site provides similar functionality and still works as far back as IE 6: https://www.ssllabs.com/ssltest/viewMyClient.html
EDIT: as far back as IE 7 rather.
Delete