It would be great if we could remove the 3DES cipher suites (which have low security characteristics) from the supported cipher suites at the NodeBalancer.

I am happy to see that this is reviewed internally. Can you please provide some more information about why you feel this should be removed? Supporting documentation would be very helpful.

We're explicitly limiting the cipher suite to "!RC4:HIGH:!aNULL:!MD5". The resulting ciphers are solid and that choice was made consciously. If you have specific evidence to support 3DES being a harmful cipher, we'll definitely reevaluate that, but a more efficient use of your time might be convincing the powers that be to redefine "HIGH" in accordance with your findings.

- Les

Actually, that was my mistake. I thought the issue was the 3DES for FIPS complaince, but it's actually the fact that SSL 3.0 is enabled.

To clarify, you're suggesting SSL 3.0 should be disabled?

- Les

Correct. As I understand, that allows the linode nodebalancers as they are to become FIPS ready (compliance is a different matter entirely).

http://www.rapid7.com/db/vulnerabilities/sslv2-enabled

"Note that neither SSLv2 nor SSLv3 meet the U.S. FIPS 140-2 standard, which governs cryptographic modules for use in federal information systems. Only the newer TLS (Transport Layer Security) protocol meets FIPS 140-2 requirements."

I guess one thing to consider is it does break IE 6 compatibility. However, that's not something I care about a whole lot personally.

Thanks for at least looking into it, whatever y'all decide.

Removing SSLv3 support would prevent any NodeBalancer HTTPS users from communicating with IE on Windows XP. Despite its recent EOL, a significant part of people are in that spot, to the point that it's not feasible to disable SSLv3. To note, pretty much every browser newer than that uses TLS of some variety.

- Les

It's not just browser compatibility. Some language client libraries still need SSLv3, for example whichever Ruby library is being used by stripe.com for their callbacks. Thus disabling SSLv3 will prevent stripe callbacks from working. Of course those of us in that situation will just continue using our own SSL stacks instead of nodebalancer... or at least not have the callback destination linode behind nodebalancer.

akerl, IE on XP supports TLS 1.0, at least sometimes. SSL Labs says that IE 8 does, and I believe even IE 6 does sometimes. (I don't know how many times, though.)

I wonder if NodeBalancers should have a "higher security" checkbox, but it seems like a recipe for user confusion and checkboxitis.

-- mnordhoff, who doesn't use NodeBalancers, speaking from an armchair.

Edit: IE 6 has a TLS 1.0 checkbox. #linode says it's always off by default, though. I had hoped the situation was better, but I didn't know.

_________________
Matt Nordhoff (aka Peng on IRC)

IE6 does have the checkbox, but I imagine the overlap of "people who check the advanced settings for security enhancements" and "people running IE6 on XP" is small

For what it's worth, the reason NodeBalancers (like Linode's other HTTPS sites) have the cipher/protocol/header layout they do now is because we put a lot of thought into making them as strong as possible while ensuring backwards compatibility. Once we get to a place where we can safely remove SSLv3, it will be gone.

- Les

Yeah. I was hoping it had gotten turned on by default at some point.


That's good to know. I'm glad it's on your radar. With IE 6 and Stripe and goddess knows what else, I fear there will always be somebody who demands it, though.

BTW I ♥ ♥ ♥ you for disabling RC4. But I'm a dork.

_________________
Matt Nordhoff (aka Peng on IRC)