AsiaTech: Microsoft APGC Internet Developer Support Team

We focus on various troubleshooting plan and solution on IIS web platform and distributed applications

How to determine Cipher Suite between IE and IIS

How to determine Cipher Suite between IE and IIS

  • Comments 2

 

Assume you already looked at Xin’s article about How to use 256 bit SSL in IIS 6.0.

 

It is quite common to ask whether old version IE client will be affected after applying kb948963 which adds support for AES cipher suites in the Schannel.dll module for Windows Server 2003.

 

The answer is No, the old version IE client will not be affected and they still use the same cipher suite as before.

 

Let’s use netmon to demo how SSL works.

 

Assume client is IE7 on Windows Vista.

 

a.    Client send HandShake: Client Hello to IIS server. It will use TLS 1.0 as the ClientHello header.

 

- SSLHandshake: SSL HandShake ClientHello(0x01)

      HandShakeType: ClientHello(0x01)

      Length: 120 (0x78)

    - ClientHello: TLS 1.0

     - Version: TLS 1.0

        Major: 3 (0x3)

        Minor: 1 (0x1)

     - RandomBytes:

        TimeStamp: 10/22/2010, 08:01:26 .0000 UTC

        RandomBytes: Binary Large Object (28 Bytes)

       SessionIDLength: 0 (0x0)

       CipherSuitesLength: 24

     - TLSCipherSuites: TLS_RSA_WITH_AES_128_CBC_SHA            { 0x00, 0x2F }

        Cipher: 47 (0x2F)

     - TLSCipherSuites: TLS_RSA_WITH_AES_256_CBC_SHA            { 0x00, 0x35 }

        Cipher: 53 (0x35)

     - TLSCipherSuites: TLS_RSA_WITH_RC4_128_SHA                { 0x00,0x05 }

        Cipher: 5 (0x5)

     - TLSCipherSuites: TLS_RSA_WITH_3DES_EDE_CBC_SHA           { 0x00,0x0A }

        Cipher: 10 (0xA)

     - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    { 0xC0,0x09 }

        Cipher: 49161 (0xC009)

     - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    { 0xC0,0x0A }

        Cipher: 49162 (0xC00A)

     - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      { 0xC0,0x13 }

        Cipher: 49171 (0xC013)

     - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      { 0xC0,0x14 }

        Cipher: 49172 (0xC014)

     - TLSCipherSuites: TLS_DHE_DSS_WITH_AES_128_CBC_SHA        { 0x00, 0x32 }

        Cipher: 50 (0x32)

     - TLSCipherSuites: TLS_DHE_DSS_WITH_AES_256_CBC_SHA        { 0x00, 0x38 }

        Cipher: 56 (0x38)

     - TLSCipherSuites: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA        { 0x00,0x13 }

        Cipher: 19 (0x13)

     - TLSCipherSuites: TLS_RSA_WITH_RC4_128_MD5                { 0x00,0x04 }

        Cipher: 4 (0x4)

       CompressionMethodsLength: 1 (0x1)

       CompressionMethods: 0 (0x0)

 

b.    IIS server then selects the first one from the TLSCipherSuites list that it can match.

You can check the list on IIS registry

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

 

- TLS: TLS Rec Layer-1 HandShake: Server Hello. Certificate. Server Hello Done.

  - TlsRecordLayer: TLS Rec Layer-1 HandShake:

     ContentType: HandShake:

   - Version: TLS 1.0

      Major: 3 (0x3)

      Minor: 1 (0x1)

     Length: 781 (0x30D)

   - SSLHandshake: SSL HandShake Server Hello Done(0x0E)

      HandShakeType: ServerHello(0x02)

      Length: 77 (0x4D)

    - ServerHello: 0x1

     - Version: TLS 1.0

        Major: 3 (0x3)

        Minor: 1 (0x1)

     - RandomBytes:

        TimeStamp: 10/22/2010, 08:01:24 .0000 UTC

        RandomBytes: Binary Large Object (28 Bytes)

       SessionIDLength: 32 (0x20)

       SessionID: Binary Large Object (32 Bytes)

       TLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA            { 0x00, 0x2F }

       CompressionMethods: 0 (0x0)

       ExtensionsLength: 5 (0x5)

 

Following Xin’s article, IIS 6 starts to support AES 256 and will choose TLS_RSA_WITH_AES_256_CBC_SHA.

 

You can browse the same web site from IE 6 on Windows XP, you will find the cipher suite list in SSL HandShake ClientHello sending to IIS server different from above. Then, IIS selects TLS_RSA_WITH_RC4_128_SHA instead of AES usually.

 

Here, I would like to give one more scenario about Internet Explorer security setting that you may concern when use AES.

 

IE won’t send TLS 1.0 initial ciphers in ClientHello header if disable TLS in IE Internet Options\Advanced\Security.

 

IE with SSL 3.0 enabled and TLS 1.0 disabled which sends cipher suits list as below. There is no AES in the SSLCipherSuites list. All initial with SSL.

 

- ClientHello: SSL 3.0

     + Version: SSL 3.0

     + RandomBytes:

       SessionIDLength: 32 (0x20)

       SessionID: Binary Large Object (32 Bytes)

       CipherSuitesLength: 10

     + SSLCipherSuites: SSL_RSA_WITH_RC4_128_SHA              { 0x00,0x05 }

     + SSLCipherSuites: SSL_RSA_WITH_3DES_EDE_CBC_SHA         { 0x00,0x0A }

     + SSLCipherSuites: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA     { 0x00,0x13 }

     + SSLCipherSuites: SSL_RSA_WITH_RC4_128_MD5              { 0x00,0x04 }

     + SSLCipherSuites: Unknown Cipher

       CompressionMethodsLength: 1 (0x1)

       CompressionMethods: 0 (0x0)

 

Then IIS server will select the first match one based on its cipher list order.

 

By default, SSL 3.0 and TLS 1.0 are enabled in Internet Explorer 7.

 

Firefox has different behavior with SSL 3.0 enabled and TLS 1.0 disabled. Here is sample after disabling TLS 1.0 in Firefox. It still gives AES items in the SSLCipherSuites list:

 

 

- ClientHello: SSL 3.0

     + Version: SSL 3.0

     + RandomBytes:

       SessionIDLength: 0 (0x0)

       CipherSuitesLength: 40

     + SSLCipherSuites: Unknown Cipher

     + SSLCipherSuites: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   { 0x00, 0x88 }

     + SSLCipherSuites: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   { 0x00, 0x87 }

     + SSLCipherSuites: TLS_DHE_DSS_WITH_AES_256_CBC_SHA        { 0x00, 0x38 }

     + SSLCipherSuites: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       { 0x00, 0x84 }

     + SSLCipherSuites: TLS_RSA_WITH_AES_256_CBC_SHA            { 0x00, 0x35 }

     + SSLCipherSuites: TLS_DHE_RSA_WITH_AES_256_CBC_SHA        { 0x00, 0x39 }

     + SSLCipherSuites: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   { 0x00, 0x45 }

     + SSLCipherSuites: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   { 0x00, 0x44 }

     + SSLCipherSuites: TLS_DHE_RSA_WITH_AES_128_CBC_SHA        { 0x00, 0x33 }

     + SSLCipherSuites: TLS_DHE_DSS_WITH_AES_128_CBC_SHA        { 0x00, 0x32 }

     + SSLCipherSuites: TLS_RSA_WITH_SEED_CBC_SHA                                                              { 0x00, 0x96 }

     + SSLCipherSuites: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       { 0x00, 0x41 }

     + SSLCipherSuites: SSL_RSA_WITH_RC4_128_MD5              { 0x00,0x04 }

     + SSLCipherSuites: SSL_RSA_WITH_RC4_128_SHA              { 0x00,0x05 }

     + SSLCipherSuites: TLS_RSA_WITH_AES_128_CBC_SHA            { 0x00, 0x2F }

     + SSLCipherSuites: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA     { 0x00,0x16 }

     + SSLCipherSuites: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA     { 0x00,0x13 }

     + SSLCipherSuites: Reserved to avoid conflicts with widely deployed implementations

     + SSLCipherSuites: SSL_RSA_WITH_3DES_EDE_CBC_SHA         { 0x00,0x0A }

       CompressionMethodsLength: 1 (0x1)

       CompressionMethods: 0 (0x0)

 

 

Based on test, if the server side is IIS, it will select SSL_* initial cipher suites from its SSLCipherSuites list since the ClientHello only gives SSL. It is possible for other web servers actually still picks up AES because the AES is in the SSLCipherSuites list. It depends on Server behavior.

 

Enjoy!

 

Anik

 

 

Leave a Comment
  • Please add 6 and 1 and type the answer here:
  • Post
  • Hi Anik,

    The web server need to be configured to use the TLS protocol because this protocol is FIPS 140-2 complaint.

    The cipher

    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

    TLS_RSA_EXPORT_WITH_RC4_40_MD5

    TLS_RSA_WITH_DES_CBC_SHA

    TLS_RSA_WITH_RC4_128_MD5

    TLS_RSA_WITH_RC4_128_SHA

    are Non-compliant  to FIPS 140-2. Do you know that how to disable those Non-complaint?

    Regards,

    Don

  • Hi Don,

    To disable FIPS non-compliant ciphers, you may use group policy (under More Information section),

    support.microsoft.com/.../811833

    Pay attention to the possible side effects.

    Lex

Page 1 of 1 (2 items)