Configuring the Cipher Choice Mechanism

When enabling HTTPS on a local license server, license server administrators have to be careful about the choice of protocols and TLS ciphers. Failure to do this will leave the license server vulnerable to attacks.

Older TLS protocol versions (SSLv3, TLSv1.1) should not be active, not even for protocol re-negotiation.

Older ciphers (RC4, RSA for key exchange) and export-grade ciphers should not be enabled. AES should use GCM mode rather than CBC in order to avoid padding attacks, and AEAD (Authenticated Encryption with Associated Data) should be used for integrity checking wherever possible.

The enabled protocols in the local license server are TLSv1.2 and TLSv1.3. The latter requires Java 11, or versions of Java 8 greater than 8u261 (this version may differ slightly for OpenJDK releases). The local license server will automatically enable TLSv1.3 if it's available.

All known vulnerable ciphers are disabled in the default configuration. The enabled cipher list can be controlled through the configuration property tlsCipherSuites in the https-in section of local-configuration.yaml:

# Choice of TLS cipher suites. One of MODERN, COMPATIBLE or WEAK.

tlsCipherSuites: COMPATIBLE

The following table describes the cipher suites that are available:

Cipher Suites

Cipher Suite

Available Ciphers

Notes

MODERN TLS 1.3

"TLS_AES_128_GCM_SHA256",

"TLS_AES_256_GCM_SHA384",

"TLS_CHACHA20_POLY1305_SHA256"

ChaCha20 requires a LTS release of Java 11 (tested with OpenJDK Runtime Environment Microsoft-27990 (build 11.0.13+8-LTS)).

There is a high chance of TLS handshake failures with MODERN unless all clients served by the local license server support TLS 1.3.

COMPATIBLE

"TLS_AES_128_GCM_SHA256",

"TLS_AES_256_GCM_SHA384",

"TLS_CHACHA20_POLY1305_SHA256",

"ECDHE-ECDSA-AES128-GCM-SHA256",

"ECDHE-RSA-AES128-GCM-SHA256",

"ECDHE-ECDSA-AES256-GCM-SHA384",

"ECDHE-RSA-AES256-GCM-SHA384",

"ECDHE-ECDSA-CHACHA20-POLY1305",

"ECDHE-RSA-CHACHA20-POLY1305",

"DHE-RSA-AES128-GCM-SHA256",

"DHE-RSA-AES256-GCM-SHA384"

Always use AES in GCM mode rather than CBC (to avoid padding attacks).

Avoid deprecated and unsafe ciphers.

This is the default setting.

WEAK

N/A

No constraints. Vulnerable ciphers are disabled at the JSSE level if at all. This choice would only be used when there is a need to communicate with old clients that get TLS handshake failures with COMPATIBLE.