(updated 11/18 for re-issue, see below)
Microsoft released one of the most important patches in many years on Tuesday, and while I would advise you install it right away I also want to make you aware of some odd behavior I found that could lead to problems. First, a primer:
Here are the release notes and here is more information. This is the worst kind of exploit there can be; a remote code execution with no workarounds. If one knew the details, they could easily exploit any Microsoft based internet facing server supporting TLS and then turn around and use it to infect unpatched Windows based clients. Obviously you should patch immediately.
That said, you will notice that they mention the addition of four new cipher suites but there is one other change that may impact you that is not mentioned. I've found that this patch also re-orders the cipher suites. Historically Microsoft has notified customers when re-ordering cipher suites; see KB2919355 for example.
This is important to understand for two reasons, one theoretical and one practical.
- Theoretical is that changing cipher suites impacts your security posture, and one should always know these things going into a patch. Fortunately most of the re-order does seem in line with a tighter security policy.
- Practical is that this can break connectivity with some applications. Specifically, one of my peers found that Java 6 based applications attempting purposely or otherwise to use the ECDH key agreement protocol will fail to connect. This happens when Windows based services present ECDH before the older RSA. Side note: Oddly the Microsoft JDBC driver tries to negotiate SSL even if it isn't being used for a connection to SQL.
Here are the cipher suite details, first 2008 R2:
2008 R2 Default Before KB299261 | 2008 R2 Default After KB299261 |
---|---|
TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 |
TLS_RSA_WITH_RC4_128_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | TLS_RSA_WITH_NULL_MD5 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
SSL_CK_RC4_128_WITH_MD5 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 | TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_NULL_SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_NULL_SHA | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | |
TLS_RSA_WITH_RC4_128_SHA | |
TLS_RSA_WITH_RC4_128_MD5 | |
TLS_RSA_WITH_NULL_SHA256 | |
TLS_RSA_WITH_NULL_SHA | |
SSL_CK_RC4_128_WITH_MD5 | |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
And 2012 (not R2):
2012 Default Before KB299261 | 2012 Default After KB299261 |
---|---|
TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_RSA_WITH_RC4_128_SHA | TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
TLS_RSA_WITH_RC4_128_MD5 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
SSL_CK_RC4_128_WITH_MD5 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_RSA_WITH_NULL_SHA256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_NULL_SHA | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | |
TLS_RSA_WITH_RC4_128_SHA | |
TLS_RSA_WITH_RC4_128_MD5 | |
TLS_RSA_WITH_NULL_SHA256 | |
TLS_RSA_WITH_NULL_SHA | |
SSL_CK_RC4_128_WITH_MD5 | |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
2012 R2 is unchanged since the aforementioned April patch.
The point is that you should ensure your applications & clients don't have an issue with the cipher suite re-order. It's unlikely that your apps will have a problem but worthwhile to do a quick connectivity check in a test environment to be sure. If you do have issues you can re-order your suites after the patch by manipulating the registry keys listed here (not necessarily deleting the keys they list); use the before/after information above for reference. For more information about prioritizing cipher suites, see this.
It's unfortunate that they didn't communicate this change as it may have unanticipated impacts. Here's hoping they return to their generally good communication in the next cycle.
Update 11/18/2014:
As I'm sure you've heard, Microsoft has released three patches today, one of which is a re-issue of the patch mentioned in this post. The re-issue removes the four newly added cipher suites as there have been multiple problems reported with them. Microsoft also updated their article to include the following statement:
"Customers who customized their cipher suite priority list should review their list after they apply this update to make sure that the sequence meets their expectations.
Removing these cipher suites does not affect the security updates that are part of this release. On November 18, 2014, a new secondary package was added to the release for Windows Server 2008 R2 and Windows Server 2012 to achieve this. This new package is update 3018238, and it will install automatically and transparently together with security update 2992611. It will appear separately in the list of installed updates. If you already have security update 2992611 installed, you will notice that security update 2992611 will be reoffered (for Windows Server 2008 R2 or Windows Server 2012 only) by Windows Update or by Windows Server Update Services (WSUS) to make sure that update 3018238 is also installed.
The cipher suites may be re-added to the default priority list in a future release after the community has had an opportunity to make sure of correct execution in all customer scenarios."
I've just re-applied the newly released patches using WSUS to evaluate them. Note that you must re-appy using the same method you originally applied with, meaning that if you downloaded manually you would need to repeat that, and if you applied via WSUS you would need to use that methodology. Upon reviewing the "new" cipher suite order I was both surprised and happy with what I found:
Server 2008 R2 2992611 Patch 1 (11/14) | Server 2008 R2 2992611 Patch 2 (11/18) |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 | TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 | TLS_RSA_WITH_RC4_128_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_RSA_WITH_AES_256_GCM_SHA384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
TLS_RSA_WITH_NULL_MD5 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_RSA_WITH_RC4_128_MD5 |
TLS_RSA_WITH_AES_128_CBC_SHA256 | SSL_CK_RC4_128_WITH_MD5 |
TLS_RSA_WITH_AES_256_CBC_SHA | SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_NULL_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 | TLS_RSA_WITH_NULL_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | |
TLS_RSA_WITH_RC4_128_SHA | |
TLS_RSA_WITH_RC4_128_MD5 | |
TLS_RSA_WITH_NULL_SHA256 | |
TLS_RSA_WITH_NULL_SHA | |
SSL_CK_RC4_128_WITH_MD5 | |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
And now 2012:
Server 2012 2992611 Patch 1 (11/14) | Server 2012 2992611 Patch 2 (11/18) |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_AES_256_GCM_SHA384 | TLS_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_AES_128_GCM_SHA256 | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | TLS_RSA_WITH_RC4_128_MD5 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | SSL_CK_RC4_128_WITH_MD5 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_NULL_SHA256 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_NULL_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | |
TLS_RSA_WITH_RC4_128_SHA | |
TLS_RSA_WITH_RC4_128_MD5 | |
TLS_RSA_WITH_NULL_SHA256 | |
TLS_RSA_WITH_NULL_SHA | |
SSL_CK_RC4_128_WITH_MD5 | |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
Again, no changes for 2012 R2. If the above looks familiar, good eye. They're the same as pre-patch:
Server 2008 "patch 2" vs. no patch:
Server 2008 R2 2992611 Patch 2 (11/18) | Server 2008 R2 Before Either 2992611 Patch |
TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_RC4_128_SHA | TLS_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_RC4_128_MD5 |
SSL_CK_RC4_128_WITH_MD5 | SSL_CK_RC4_128_WITH_MD5 |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 | SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
TLS_RSA_WITH_NULL_SHA256 | TLS_RSA_WITH_NULL_SHA256 |
TLS_RSA_WITH_NULL_SHA | TLS_RSA_WITH_NULL_SHA |
Server 2012 "patch 2" vs. no patch:
Server 2012 2992611 Patch 2 (11/18) | Server 2012 Before Either 2992611 Patch |
TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_RC4_128_SHA | TLS_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_RC4_128_MD5 | TLS_RSA_WITH_RC4_128_MD5 |
SSL_CK_RC4_128_WITH_MD5 | SSL_CK_RC4_128_WITH_MD5 |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 | SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
TLS_RSA_WITH_NULL_SHA256 | TLS_RSA_WITH_NULL_SHA256 |
TLS_RSA_WITH_NULL_SHA | TLS_RSA_WITH_NULL_SHA |
So as it pertains to the cipher suite order, we're right back where we started. I'm sure this will alleviate some of the issues some customers encountered. Keep in mind that there is more to this patch (binaries) than the cipher suite re-order, so to echo the previous assesment it should be installed.
3 comments:
With this patch, openssl 1.0.0a and 1.0.0b become incompatible with IIS and https
see
http://www.winimage.com/demo_report_openssl_windows/
error message
tls invalid ecpointformat list
is about
ECDHE cipher I believe
@Gilles
Nice find & thanks for the heads up!
This is also causing lsass.exe to spike CPU rates on some servers. Be careful patching.
Post a Comment