Below is a brief cheat sheet on what SSL/TLS Ciphers and Protocols you can and shouldn't use. It's an ever changing situation, so we will keep this updated with the latest advice.
Ciphers and Protocols
There are six SSL/TLS protocols: SSLv2, SSLv3, TLS v1.0, TLS v1.1,TLS v1.2, and TLS v1.3:
- SSLv2 and SSLv3 have both been proven to be insecure and shouldn't be used (See RFC 6716 and RFC 7568 for more info).
- TLS v1.0 is also a legacy protocol that shouldn't be used, but it's typically still necessary in practice. Its major weakness (BEAST) has been mitigated in modern browsers, but other problems remain.
- TLS v1.1 and TLS v1.2 are both without known security issues, but only v1.2 provides modern cryptographic algorithms with authenticated encryption (AEAD). TLS v1.2 should be your main protocol because it's the only version that offers modern authenticated encryption.
- TLS 1.3 is a working draft as of July 2016 and not in widespread use yet. It is based on the earlier TLS 1.2 specification, however details are incomplete.
Weak and obsolete cryptographic mechanisms that must be avoided:
- Anonymous Diffie-Hellman (ADH) suites
- NULL cipher suites
- Export cipher suites
- Suites with weak ciphers (typically of 40 and 56 bits)
- RC4 ciphers
- Suites with RSA key exchange (some vendor implementations)
Certificates & Private Keys
It is important to have a strong private key, as well as a valid and strong certificate to ensure a well-implemented SSL/TLS. A number of steps can be taken to secure your SSL/TLS implementation:
- Use 2048-bit private keys.
- Restrict access to your private keys.
- Ensure that your certificates cover all the names you wish to use with a site.
- Use a reliable Certificate Authority.
- Use Strong Certificate Signature Algorithms.
- Use complete certificate chains.
This information as well as other recommendations are all located within SSL and TLS Deployment Best Practices.
For more help in securing your TLS implementation see: Hardening your web server.
In order to test your server's rating, you can use the below SSL labs tool to help identify any inconsistencies or misconfigurations within your SSL implementation (please note that this is for externally exposed services only). For internal services or a command line version, Corsaire recommends testssl.sh
In order to help identify which protocols and ciphers are needed based on your target audience: the SSL support history of browsers wiki article describes the browsers and supported protocols/ciphers in a more intuitive table format.
The commonly-used browsers e.g. Chrome, FireFox, Edge, Safari, now warn users if there are issues with a sites SSL/TLS configuration.
One area they have been targeting is the use of SHA-1 certificates. Weaknesses have been shown with this hashing algorithm for years and many browsers have removed support for them and will display a warning when accessing an offending site.
Browsers will also display a warning if the site has no encryption at all which may have a negative impact on a site’s reputation. Sensitive user data should always be protected by strong encryption.