SSLTLS Improvements

SSL/TLS Improvements

There are two major improvements to SSL/TLS in Windows Vista. The first is newer cipher suites, including support for the Suite B algorithms: ellipticcurve encryption, SHA-2, and AES. Windows Vista supports the cipher suites shown in Table 7-3.

Table 7-3: New SSL/TLS Cipher Suites in Windows Vista
Open table as spreadsheet

TLS_RSA_WITH_AES_128_CBC_SHA	TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA	TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA	TLS_RSA_WITH_RC4_128_MD5
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256	SSL_CK_RC4_128_WITH_MD5
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384	SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521	TLS_RSA_WITH_NULL_MD5
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256	TLS_RSA_WITH_NULL_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384	TLS_RSA_WITH_DES_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521	TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256	TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384	SSL_CK_DES_64_CBC_WITH_MD5
T LS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521	SSL_CK_RC4_128_EXPORT40_WITH_MD

SSL/TLS in Windows Vista also supports the following cipher suites, but they can only be used from code by calling the SSL/TLS Security Support Provider (such as TLS1SP_NAME) directly.

• TLS_RSA_WITH_NULL_MD5

• TLS_RSA_WITH_NULL_SHA

As mentioned earlier in this chapter, you can also add a custom cipher suite by a writing an SSL/TLS provider plug-in.

Second, Windows Vista makes it easier to configure the cipher suites you are willing to support for SSL/TLS; it’s simply a policy setting. You can set the policy by performing the following steps:

1. Open mmc.exe.

2. Click File and then Add/Remove Snap-in.

3. Scroll down to and select the Group Policy Object Editor.

4. Click Add.

5. Select remote computer by clicking Browse, or Finish, to access the local computer.

6. Click OK and then OK again.

7. Open the following nodes: Local Computer Policy, Computer Configuration, Administrative Templates, and then Network.

8. Click the SSL Configuration Settings node.

9. Double-click the SSL Cipher Suite Order setting.

10. Click Explain to learn how to modify this setting.

SSL/TLS Revocation Checking and OCSP

Certificate Revocation List (CRL) checks are available in all currently supported versions of Windows. When an application wants to verify a certificate is not revoked, the application reads the Certificate Revocation List Distribution Point (CDP) from the certificate. A CRL lookup could use HTTP, LDAP, or simple remote file access to fetch the CRL. The CRL is a digitally signed blob that includes revoked certificate serial numbers. If the serial number of the certificate being validated is in the CRL, then the certificate is revoked, and the application should take appropriate action.

Windows Vista also supports Online Certificate Status Protocol (OCSP), as defined in RFC 2560 (RFC 2560). OCSP has advantages and disadvantages over using CRLs because they can get large, but an OCSP lookup is small. The major disadvantage is that for OCSP to work, the application must be online, but CRLs can be cached, which means a CRL lookup may not necessarily be remote.

The really good news is OCSP support is transparent in Windows Vista if the certificate being checked includes an appropriate Authority Information Access (AIA) URL. Like a CDP, an AIA can include a URL or URLs to access to determine if the certificate has been revoked or not. Figure 7-2 shows a valid AIA in a Web server certificate.

Figure 7-2: A Verisign certificate that includes an AIA for OCSP use.

If your application calls CertGetCertificateChain to verify a certificate, and the certificate includes an appropriate AIA, then Windows Vista will use OCSP to verify the certificate before checking the CRL if a CDP is present in the certificate. You can change this policy by performing the following steps:

1. Open mmc.exe

2. Add the Group Policy Object Editor Snap-in.

3. Expand the Local Computer Policy node.

4. Expand the Computer Configuration node.

5. Expand the Windows Settings node.

6. Expand the Security Settings node.

7. Click the Public Key Policies node.

8. Double-click the Certificate Path Validation Settings Properties object type.

9. Click the Revocation tab.

Figure 7-3 shows the revocation policy dialog box.

Figure 7-3: Certificate revocation policy settings in Windows Vista.

An application may fail to access a CDP or the OCSP URL, in which case functions like Cert-GetCertificateChain will fail and return a CRYPT_E_REVOCATION_OFFLINE error. If your application is in a bind, what should it do if it cannot verify that a certificate is revoked or not? We can’t give a 100 percent applicable answer because it depends on the nature of your application. If it is a sensitive application, or an application running in a sensitive environment, then you should fail operations related to the certificate use.

The certutil -url command-line tool can be used to interactively verify a certificate using a CRL or OCSP.