Currently, there are various flavours of SSL/TLS in use across Kent, with differing cipher strengths.
At the moment, we have some systems on TLSv1.2 only, others still accepting SSLv2 (!) and everything in between. The underlying cipher strengths are also inconsistent, with many weak or obsolete ones still accepted. This gives malicious threat actors opportunities that really should not exist in a modern network.
In order to improve both defence and consistency, there is now a drive to bring all systems up to date with TLSv1.2, using only strong ciphers. This is not just for IS managed systems – we are going global and will get everyone on-board.
This will also lead us on towards two other targets –
1. Serving all web traffic over HTTPS and TLS only. (Yes, we do still have the odd page that is HTTP only, and some HTTP that redirects insecurely)
2. Having all website certificate chains complete, signed with SHA-256 or better, and chained to a trusted root cert.
The National Cyber Security Centre (NCSC) have provided guidance on how to secure TLS, and this is the basis for these changes.
The NCSC guidance is summarised below:
• Remove support for SSL – Kent has at least 1 server still accepting SSLv2/v3 out there
• Add support for TLS_FALLBACK_SCSV to prevent renegotiation attacks
• Remove support for TLS compression
• Add support for ephemeral key exchange and authenticated encryption
• A list of strong cipher suites:
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Weak ciphers to be removed:
• Cipher suites using RC4 (such as TLS_RSA_WITH_RC4_128_SHA) should be removed, particularly for TLS version 1.1 and above.
• Cipher suites using MD5 (Such as TLS_RSA_WITH_RC4_128_MD5) should be removed.
• Cipher suites using anonymous key exchange (such as TLS_DH_anon_WITH_AES_128_CBC_SHA) should be removed.
• NULL cipher suites (such as TLS_RSA_WITH_NULL_SHA) should be removed.
• Cipher suites using DES (such as TLS_RSA_WITH_DES_CBC_SHA) should be removed.
• Export cipher suites (such as TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) should be removed.
(Anything starting TLS_RSA or containing _DES/ _3DES is considered weak)
It is accepted that there may be some legacy items that require an older cipher or lower version of TLS, and they can be considered for an exception on a case by case basis, with the risk accepted accordingly.