Use GPO Editor for TLS 1.3 and TLS 1.2 in Cipher Suite Order

Vulnerability in channel Could Allow Security Feature Bypass

It is on your linux, pc, laptop or server.

Prevention steps: Server, PC, Laptop

To disable the weak key exchange ciphers you have to specify the ciphers that Windows should use by performing the following steps.

Use Secure Cipher Suites

To communicate securely, you must first ascertain that you are communicating directly with the desired party (and not through someone else who will eavesdrop) and exchanging data securely. In SSL and TLS, cipher suites define how secure communication takes place. They are composed from varying building blocks with the idea of achieving security through diversity. If one of the building blocks is found to be weak or insecure, you should be able to switch to another.

You should rely chiefly on the AEAD suites that provide strong authentication and key exchange, forward secrecy, and encryption of at least 128 bits or beyond. Some other, weaker suites may still be supported, provided they are negotiated only with older clients that don't support anything better.

There are several obsolete cryptographic primitives that must be avoided:

  • Anonymous Diffie-Hellman (ADH) suites do not provide authentication.

  • NULL cipher suites provide no encryption.

  • Export cipher suites are insecure when negotiated in a connection, but they can also be used against a server that prefers stronger suites (the FREAK attack).

  • Suites with weak ciphers (typically of 40 and 56 bits) use encryption that can easily be broken.

  • RC4 is insecure.

  • 3DES is slow and weak.

  • CBC is vulnerable for padding attacks, it has no integrity, can be altered with arbitration.

******************************

Use the following suite configuration, designed for both RSA and ECDSA keys, as your starting point, here I prefer to use ECDSA over RSA hence ECDSA is now mostly used hence it lesser than RSA and stronger but performance wise slower, but no longer an issue due to technologies used today offers to compensate for that:

  • RSA keys are the most widely used, and so seem to be the best supported.

  • ECDSA, (introduced in OpenSSH v5.7), is computationally lighter than DSA, but the difference isn't noticeable unless you have a machine with very low processing power. As of OpenSSH 7.0, SSH no longer supports DSA keys (ssh-dss) by default. A DSA key used to work everywhere, as per the SSH standard (RFC 4251 and subsequent).


Before you can use GPO - Group Policy, there is a minor discrepancy for Windows 10, especially when it comes to Windows 10 Home.

Windows 10 Home does not have gpedit.msc as standard, which makes it the most annoying OS, if you have known GPO from Windows Vista, Windows 7.

Do not worry, for this to fix, you need internet connection, but here is an Windows 10 Home GPeditor batch with option to use command prompt script as an administrator (cmd.exe as an administrator) or PowerShell script as administrator:

@echo off

pushd "%~dp0"


dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt

dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt


for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"

pause

Once you are ready to use Group policy, start ' gpedit.msc ' from startmenu.

At startmenu (Windows logo), search by typing gpedit.msc and press Enter to start the Group Policy Object Editor.

Expand Computer Configuration (1), Administrative Templates (2), Network (3),

and then click SSL Configuration Settings (4).

Under SSL Configuration Settings, double-click SSL Cipher Suite Order.

In the SSL Cipher Suite Order window, click Enabled.

In the Options: pane, double-click to highlight the entire contents of the SSL Cipher Suites field and then replace its contents with the following cipher list:

Option 1

With 20 strong TLS 1.3 and TLS 1.2:

Copy and pasty for:

TLS 1.3 and TLS 1.2 with PSK,RSA,AES,CHACHA20,ECDHE,ECDSA,AES -> POLY1305,GCM,CCM -> AES128, AES256, SHA256,SHA384 and SHA512 cipher suites:

TLS_AES_128_CCM_8_SHA512,TLS_AES_128_CCM_8_SHA384,TLS_AES_128_CCM_SHA384,TLS_AES_128_CCM_SHA512,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA512,TLS_AES_128_GCM_SHA512,TLS_AES_128_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA512,TLS_CHACHA20_POLY1305_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA512,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA512,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384,TLS_PSK_WITH_AES_256_GCM_SHA512,TLS_PSK_WITH_AES_256_GCM_SHA384

To the Commentary field, copy and paste:

20 TLS 1.3 and 1.2 considered strong cipher suite:


TLS_AES_128_CCM_8_SHA512

TLS_AES_128_CCM_8_SHA384


TLS_AES_128_CCM_SHA384

TLS_AES_128_CCM_SHA512


TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512


TLS_AES_128_GCM_SHA512

TLS_AES_128_GCM_SHA384


TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384


TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384


TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384


TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384


TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA512

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384


TLS_PSK_WITH_AES_256_GCM_SHA512

TLS_PSK_WITH_AES_256_GCM_SHA384


Click OK

Close the Group Policy Object Editor and then restart your system.


Order list:

TLS_AES_128_CCM_8_SHA512

TLS_AES_128_CCM_8_SHA384

TLS_AES_128_CCM_SHA384

TLS_AES_128_CCM_SHA512

TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512

TLS_AES_128_GCM_SHA512

TLS_AES_128_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA512

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384

TLS_PSK_WITH_AES_256_GCM_SHA512

TLS_PSK_WITH_AES_256_GCM_SHA384

The above example configuration uses standard TLS suite names. Some platforms use nonstandard names; please refer to the documentation for your platform for more details. For example, the following suite names would be used with OpenSSL Option 1:

TLS-AES-128-CCM-8-SHA512

TLS-AES-128-CCM-8-SHA384

TLS-AES-128-CCM-SHA384

TLS-AES-128-CCM-SHA512

TLS-AES-256-GCM-SHA384

TLS-AES-256-GCM-SHA512

TLS-AES-128-GCM-SHA512

TLS-AES-128-GCM-SHA384

TLS-CHACHA20-POLY1305-SHA512

TLS-CHACHA20-POLY1305-SHA384

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA512

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA512

TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA384

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA512

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA512

TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA384

TLS-PSK-WITH-AES-256-GCM-SHA512

TLS-PSK-WITH-AES-256-GCM-SHA384


Option 2

With 14 strong TLS 1.3 and TLS 1.2:

Copy and pasty for:

TLS 1.3 and TLS 1.2 with PSK,RSA,CHACHA20,ECDHE,ECDSA,AES -> POLY1305,GCM,CCM -> AES128,AES256,SHA256,SHA384 AND SHA512 cipher suites:

TLTLS_AES_128_CCM_8_SHA512,TLS_AES_128_CCM_8_SHA384,TLS_AES_128_CCM_SHA384,TLS_AES_128_CCM_SHA512,TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA512,TLS_CHACHA20_POLY1305_SHA512,TLS_CHACHA20_POLY1305_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_256_GCM_SHA512,TLS_PSK_WITH_AES_256_GCM_SHA384

To the Commentary field, copy and paste:

14 TLS 1.3 and 1.2 considered strong cipher suite:


TLS_AES_128_CCM_8_SHA512

TLS_AES_128_CCM_8_SHA384


TLS_AES_128_CCM_SHA384

TLS_AES_128_CCM_SHA512


TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512


TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384


TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384


TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384


TLS_PSK_WITH_AES_256_GCM_SHA512

TLS_PSK_WITH_AES_256_GCM_SHA384


Click OK

Close the Group Policy Object Editor and then restart your system.


Order list:

TLS_AES_128_CCM_8_SHA512

TLS_AES_128_CCM_8_SHA384

TLS_AES_128_CCM_SHA384

TLS_AES_128_CCM_SHA512

TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512

TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_PSK_WITH_AES_256_GCM_SHA512

TLS_PSK_WITH_AES_256_GCM_SHA384

The above example configuration uses standard TLS suite names. Some platforms use nonstandard names; please refer to the documentation for your platform for more details. For example, the following suite names would be used with OpenSSL Option 1:

TLS-AES-128-CCM-8-SHA512

TLS-AES-128-CCM-8-SHA384

TLS-AES-128-CCM-SHA384

TLS-AES-128-CCM-SHA512

TLS-AES-256-GCM-SHA384

TLS-AES-256-GCM-SHA512

TLS-CHACHA20-POLY1305-SHA512

TLS-CHACHA20-POLY1305-SHA384

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA512

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA512

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

TLS-PSK-WITH-AES-256-GCM-SHA512

TLS-PSK-WITH-AES-256-GCM-SHA384


Option 3

With 10 strong TLS 1.3 and TLS 1.2:

Copy and pasty for:

TLS 1.3 and TLS 1.2 with CHACHA20,ECDHE,ECDSA,AES -> POLY1305,GCM,CCM-> AES128,AES256,SHA256,SHA384 and SHA512 cipher suites:

TLS_AES_128_CCM_8_SHA512,TLS_AES_128_CCM_8_SHA384,TLS_AES_128_CCM_SHA512,TLS_AES_128_CCM_SHA384,TLS_AES_256_GCM_SHA512,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA512,TLS_CHACHA20_POLY1305_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

To the Commentary field, copy and paste:

10 TLS 1.3 and 1.2 considered strong cipher suite:


TLS_AES_128_CCM_8_SHA512

TLS_AES_128_CCM_8_SHA384


TLS_AES_128_CCM_SHA512

TLS_AES_128_CCM_SHA384


TLS_AES_256_GCM_SHA512

TLS_AES_256_GCM_SHA384


TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384


TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384


Click OK

Close the Group Policy Object Editor and then restart your system.


Order list:

TLS_AES_128_CCM_8_SHA512

TLS_AES_128_CCM_8_SHA384

TLS_AES_128_CCM_8_SHA256

TLS_AES_128_CCM_SHA384

TLS_AES_128_CCM_SHA512

TLS_AES_128_CCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512

TLS_AES_256_GCM_SHA256

TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256

The above example configuration uses standard TLS suite names. Some platforms use nonstandard names; please refer to the documentation for your platform for more details. For example, the following suite names would be used with OpenSSL Option 1:

TLS-AES-128-CCM-8-SHA512

TLS-AES-128-CCM-8-SHA384

TLS-AES-128-CCM-8-SHA256

TLS-AES-128-CCM-SHA384

TLS-AES-128-CCM-SHA512

TLS-AES-128-CCM-SHA256

TLS-AES-256-GCM-SHA384

TLS-AES-256-GCM-SHA512

TLS-AES-256-GCM-SHA256

TLS-CHACHA20-POLY1305-SHA512

TLS-CHACHA20-POLY1305-SHA384

TLS-CHACHA20-POLY1305-SHA256

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA512

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA256


Option 4

With 6 strong TLS 1.3 and TLS 1.2:

Copy and pasty for:

TLS 1.2 with ECDHE, ECDSA -> POLY1305,GCM -> AES256,SHA256,SHA384 and SHA512 cipher suites:

TLS_AES_256_GCM_SHA384,TLS_AES_256_GCM_SHA512,TLS_CHACHA20_POLY1305_SHA512,TLS_CHACHA20_POLY1305_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

To the Commentary field, copy and paste:

6 TLS 1.3 and TLS 1.2 considered strong cipher suite:


TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512


TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384


TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Click OK

Close the Group Policy Object Editor and then restart your system.


Order list:

TLS_AES_256_GCM_SHA384

TLS_AES_256_GCM_SHA512

TLS_CHACHA20_POLY1305_SHA512

TLS_CHACHA20_POLY1305_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA512

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384


The above example configuration uses standard TLS suite names. Some platforms use nonstandard names; please refer to the documentation for your platform for more details. For example, the following suite names would be used with OpenSSL Option 2:

TLS-AES-256-GCM_SHA384

TLS-AES-256-GCM_SHA512

TLS-CHACHA20-POLY1305-SHA512

TLS-CHACHA20-POLY1305-SHA384

TLS-ECDHE-ECDSA-WITH-AES_256-GCM-SHA512

TLS-ECDHE-ECDSA-WITH-AES_256-GCM-SHA384