IT Security Procedural Guide: SSL/TLS Implementation CIO .
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86IT Security Procedural Guide:SSL/TLS ImplementationCIO-IT Security-14-69Revision 4May 26, 2020Office of the Chief Information Security Officer
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS ImplementationVERSION HISTORY/CHANGE n2Berlas /SalamonSalamon34Berlas /SalamonBerlas /SalamonKlemens/CozartRamos561Berlas /Salamon1Berlas /SalamonBerlas /SalamonBerlas /Salamon231Richards2RichardsChangeReason for ChangePageNumber ofChangeInitial Version – December 24, 2014New guide createdRevision 1 – March 15, 2016Administrative updates toalign/reference to the currentversion of the GSA IT Security Policyand to CIO-IT Security-09-43, ITSecurity Procedural Guide: KeyManagementUpdated recommendation forobtaining and using certificatesIntegrated with OMB M-15-13 andrelated TLS implementationguidanceUpdates to clarify TLS protocolrecommendationsUpdated based on stakeholderreview / inputFormatting, editing, review revisionsRevision 2 – October 11, 2016Allow use of TLS 1.0 for certainserver through June 2018Revision 3 – April 30, 2018Remove RSA ciphers from approvedcipher stackRequirement for valid SubjectAlternative Names (SAN)Remove 3DES from approved cipherstack and reinforced other BOD 1801 mandatesRevision 4 – May 26, 2020Updated references and minorlanguage clarificationsUpdated throughout for NIST SP800-52 revisionU.S. General Services AdministrationClarify relationship between thisguide and CIO-IT Security-09-432-4Clarification of requirements7New OMB Policy9Clarification of guidance11-12Stakeholder review / inputThroughoutUpdate to current format andstyleThroughoutClarification of guidanceThroughoutROBOT vulnerability affectedthese ciphersChrome 58 requirement4-6BOD 18-01 mandated removalThroughoutScheduled updateThroughoutScheduled updateThroughout7
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS ImplementationApprovalIT Security Procedural Guide: SSL/TLS Implementation Guide CIO-IT Security-14-69, Revision 4 ishereby approved for distribution.XBo BerlasChief Information Security OfficerContact: GSA Office of the Chief Information Security Officer (OCISO), Security Engineering Division(ISE) at SecEng@gsa.govU.S. General Services Administration
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS ImplementationTable of Contents1Introduction . 11.11.223Policy . 2Achieving FIPS 140-2 Compliant Encryption . 33.13.23.33.44Implement FIPS 140-2 Encryption Modules AND enable the FIPS 140-2 Object Module . 4Implement Secure Protocols . 4Implement FIPS-approved ciphers . 5Enable FIPS Mode . 6SSL/TLS Best Practices. 74.14.24.34.44.54.64.74.84.94.105Purpose . 2Scope . 2Disable Client-Initiated Renegotiation . 7Disable TLS Compression . 7Ensure that the Server Certificate Is Valid, Secure, and from a Trusted Source . 7Certificate Transparency . 8Ensure Sufficient Hostname Coverage. 9Protect Private Keys . 9Encrypt 100% of Site and Avoid Mixed Content . 10Disable Insecure HTTP Compression (if possible) . 10Implement TLS FALLBACK SCSV . 10Implement HTTP Strict Transport Security (HSTS) . 11Additional NIST SP 800-52 TLS Server Recommendations . 115.1All TLS Server Certificates Shall Be X.509 Version 3 Certificates . 115.2The TLS Server Should Not Support Client Certificate URL Extension . 115.3TLS Servers Supporting Client Authentication Shall Support Certificate-Based ClientAuthentication . 125.4NIST SP 800-52 Guidelines Shall Be Used to Identify an Appropriate Source for ServerCertificates. 125.5Support for TLS 1.3 . 135.6Only Support TLS 1.0/1.1 if Required for Non-Government Users . 136 Assessment Resources for Web Servers . 13Appendix A – Vendor References for TLS Settings . 14A.1A.2A.3A.4OpenSSL TLS Settings . 14Apache TLS Settings . 14Nginx TLS Settings . 14IIS TLS Settings . 14Appendix B – Checklist of NIST SP 800-52 Recommendations . 15B.1Recommendations for TLS Server Installation and Configuration . 15U.S. General Services Administrationi
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 41SSL/TLS ImplementationIntroductionThe Transport Layer Security (TLS) protocol is used to secure communications in a wide varietyof online transactions, including but not limited to financial (e.g., banking, trading stocks, ecommerce), healthcare (e.g., viewing medical records or scheduling medical appointments),and social (e.g., email or social media). All network services, whether or not they handlePersonally Identifiable Information (PII), financial data, and/or login information need toprotect the confidentiality and integrity of the transmitted information. TLS provides aprotected channel for sending data between a server and the client. The client is often, but notalways, a web browser. TLS is based on an older protocol called Secure Sockets Layer (SSL), andis considered to be an improvement over its predecessor. While SSL 3.0 is the most secure ofthe SSL protocol versions, it is not approved by the National Institute of Standards andTechnologies (NIST) for use in the protection of federal information because it relies in part onthe use of cryptographic algorithms that are not approved. TLS versions 1.1 and 1.2 areapproved for the protection of federal information, when properly configured. TLS version 1.0is approved only when it is required for interoperability with non-government systems and isconfigured according to these guidelines.TLS is a security protocol that runs on top of a reliable transport layer protocol – typically theTransmission Control Protocol (TCP). Application layer protocols such as the Hypertext TransferProtocol (HTTP) and the Internet Message Access Protocol (IMAP) can leverage TLS. TLS isapplication independent and is used to provide security for any two communicatingapplications that transmit data over a network via an application layer protocol. A virtualprivate network (VPN) can use TLS to securely connect an external system to an internalnetwork, allowing that system to access a multitude of internal services and resources as if itwere an internal system.NIST Special Publication (SP) 800-52, Rev. 2, provides guidance for the selection andconfiguration of TLS protocol implementations while making effective use of FederalInformation Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. Itrequires that TLS 1.2 configured with FIPS-based cipher suites be supported by all governmentTLS servers and clients. This Special Publication also provides guidance on certificates and TLSextensions that impact security. Support for TLS 1.31 is strongly recommended.1Agencies shall support TLS 1.3 by January 1, 2024. After this date, servers shall support TLS 1.3 for bothgovernment-only and citizen or business-facing applications.U.S. General Services Administration1
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS Implementation1.1 PurposeThe recommendations in this guide aim to facilitate more consistent and secureimplementations of SSL/TLS throughout GSA applications and systems, including use ofapproved protocols, FIPS 140-22 validated cryptographic modules, FIPS-approved ciphers, andrelated configuration best practices. This guide is not platform specific but instead provides aframework for testing web servers using SSL Labs to ensure secure SSL/TLS implementations.1.2 ScopeThis implementation guide addresses both NIST and commercial best practice methodologiesfor securely configuring TLS, including the SSL Labs SSL and TLS Deployment Best Practices.Another industry best practice resource is the Open Web Application Security Project (OWASP)Transport Layer Protection Cheat Sheet. Additional TLS best practices are identified at theCIO.gov HTTPS-Only Standard site. Specific configuration information with related commandline switches for varying platforms is not provided as it is beyond the scope of this document.Please refer to Appendix A for vendor guidance in securing TLS implementations.This document is a GSA procedural guide that should be followed. Deviations from the SSL/TLSconfiguration herein shall be coordinated with the GSA Office of the Chief Information SecurityOfficer (OCISO), Security Engineering Division.2PolicyThe following are applicable policy references from General Services Administration (GSA)Order CIO 2100.1, “GSA Information Technology (IT) Security Policy.”Chapter 4: Policy for Protect Function1. Identity management, authentication and access control.yy. Systems with a NIST SP 800-63-3 AAL of 2 or above used by Federal employees or contractorsmust accept Federal PIV cards and verify them IAW NIST SP 800-63-3 series requirements.2. Awareness and training.s. Users must avoid prohibited Internet usages including:(7) Sending email messages including sensitive information, such as PII, as deemed by the DataOwner, without GSA provided encryption. Certified encryption modules must be used IAWFIPS 140-2, Security requirements for Cryptographic Modules.2Please note that while FIPS 140-3 has been released, implementing guidance is still in progress and FIPS 140-2certificates will continue to be issued.U.S. General Services Administration2
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS Implementation3. Data security.f.Web sites (internal and public) with logon functions, must implement TLS encryption with a FIPS140-2 validated encryption module. SSL/TLS implementation must be IAW GSA CIO-IT Security14-69: SSL/TLS Implementation Guide.g. All sensitive information, such as PII, as deemed by the data owner, which is transmitted outsidethe GSA firewall, must be encrypted. Certified encryption modules must be used IAW FIPS 140-2,Security requirements for Cryptographic Modules.4. Information protection processes and procedures.b. GSA information systems, including vendor owned/operated systems on behalf of GSA, mustconfigure their systems in agreement with GSA technical guidelines, NIST guidelines, Center forInternet Security guidelines (Level 1), or industry best practice guidelines, as deemed appropriate.Where a GSA benchmark exists, it must be used. GSA benchmarks may be exceeded but notlowered.3Achieving FIPS 140-2 Compliant EncryptionFIPS 140-2 compliant encryption is achieved when the following conditions are met:1.2.3.4.Implement FIPS 140-2 Encryption Modules AND enable the FIPS 140-2 Object ModuleImplement Secure ProtocolsImplement FIPS-approved CiphersOne or both sides of the communication session (client and/or server) must be set up inFIPS modeThe related set of NIST SP 800-53, Revision 4, “Security and Privacy Controls for FederalInformation Systems and Organizations” controls include but are not limited to: IA-2(8) Identification and Authentication (Organizational Users) Network Access ToPrivileged Accounts – Replay ResistantIA-2(9) Identification and Authentication (Organizational Users) Network Access ToNon-Privileged Accounts – Replay ResistantIA-7 Cryptographic Module AuthenticationSC-8 Transmission Confidentiality and IntegritySC-8(1) Transmission Confidentiality and Integrity Cryptographic or Alternate PhysicalProtectionSC-13 Cryptographic ProtectionAdditional information related to implementation of FIPS 140-2 compliant encryption can befound in CIO-IT Security-09-43, “Key Management.”U.S. General Services Administration3
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS Implementation3.1 Implement FIPS 140-2 Encryption Modules AND enable the FIPS 140-2 ObjectModuleTLS implementation must use FIPS 140-2 validated cryptographic modules in order to achieveFIPS compliance. NIST maintains a list of FIPS 140-2 Cryptographic Modules. A cryptographicmodule may either be an embedded component of a product or application, or an individualproduct in-and-of-itself. If the validated cryptographic module is a component of a largerproduct or application, one should contact the product or application vendor to determine howthe product utilizes the embedded cryptographic module.It is not sufficient to simply have a FIPS 140-2 validated cryptographic module; it must also beenabled. Appendix A includes references to vendor guidance to enable FIPS modules for severalplatforms. Additional information related to implementation of FIPS 140-2 compliantencryption can be found in CIO-IT Security-09-43, “Key Management.”3.2 Implement Secure ProtocolsFIPS 140-2 compliant encryption requires the use of TLS 1.0 or higher. Government-onlyapplications should use TLS 1.2 or higher.There are six (6) protocols in the SSL/TLS family: SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 andTLS 1.3. Of these: SSL 2.0 is insecure, must not be used, and is prohibited per DHS Binding OperationalDirective (BOD) 18-01.SSL 3.0 is obsolete and is also prohibited per DHS Binding Operational Directive (BOD)18-01. The algorithms used by SSL 3.0 are not approved by NIST and therefore GSAimplementations must not support this protocol. According to analytics.usa.gov, olderversions of Internet Explorer (e.g., IE6) which do not support TLS are rarely being usedanymore. Additionally, SSL 3.0 is vulnerable to exploits (e.g., POODLE attack) which canbreak the cryptographic security of SSL 3.0 for clients and servers supporting theprotocol.TLS 1.0 and TLS 1.1 are more secure than their SSL predecessors but are still vulnerableto exploits (e.g., BEAST and Klima attacks). While the use of TLS 1.0/1.1 is notrecommended, support for these versions may be necessary to enable interaction withthe private sector. Government-only applications are generally accessed by devices thatsupport modern web browsers and therefore do not need to support TLS 1.0/1.1. Thedecision to support TLS 1.0/1.1 must be technically evaluated on a case-by-case basis.TLS 1.2 and TLS 1.3 are more secure protocols which include several cryptographicenhancements aimed to mitigate threats that have been discovered over time. TLS1.2/1.3 protocols are recommended for GSA implementations.U.S. General Services Administration4
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS Implementation3.3 Implement FIPS-approved ciphersTLS implementations should use FIPS-approved ciphers. Implemented ciphers should bestacked with the most secure ciphers presented first, and least secure ciphers presented last.See below for cipher stacks and order of preference for TLS 1.0/1.1, TLS 1.2, and TLS 1.3,respectively. Forward secrecy is a property of a secure communication protocol where thecompromise of long-term keys does not compromise past session keys. All FIPS-approvedciphers are from the ECDHE suites that provide forward secrecy. See SSL Labs SSL and TLSDeployment Best Practices and Appendix B for further details.For TLS 1.0/1.1 implementations, NIST SP 800-52 and SSL Labs jointly recommend the use of thefollowing FIPS-approved ciphers in this order of preference (from highest to lowest), with theexception of GSA’s removal of 3DES3 in accordance with DHS Binding Operational Directive(BOD) 18-01 and removal of the specific RSA ciphers (i.e., TLS RSA) exploited by the ROBOTattack:1.2.3.4.TLS ECDHE RSA WITH AES 256 CBC SHATLS ECDHE RSA WITH AES 128 CBC SHATLS ECDHE ECDSA WITH AES 256 CBC SHATLS ECDHE ECDSA WITH AES 128 CBC SHAFor TLS 1.2 implementations, NIST SP 800-52 and SSL Labs jointly recommend the use of thefollowing FIPS-approved ciphers in this order of preference (from highest to lowest), with theexception of GSA’s removal of 3DES in accordance with DHS Binding Operational Directive(BOD) 18-01 and removal of the specific RSA ciphers (i.e., TLS RSA) exploited by the ROBOTattack:1. TLS ECDHE RSA WITH AES 256 GCM SHA3842. TLS ECDHE RSA WITH AES 128 GCM SHA2563. TLS ECDHE ECDSA WITH AES 256 GCM SHA3844. TLS ECDHE ECDSA WITH AES 128 GCM SHA2565. TLS ECDHE ECDSA WITH AES 256 CCM6. TLS ECDHE ECDSA WITH AES 128 CCM7. TLS ECDHE ECDSA WITH AES 256 CCM 88. TLS ECDHE ECDSA WITH AES 128 CCM 89. TLS ECDHE RSA WITH AES 256 CBC SHA38410. TLS ECDHE RSA WITH AES 128 CBC SHA25611. TLS ECDHE RSA WITH AES 256 CBC SHA3While RC4 is also prohibited by BOD 18-01, it is not FIPS-approved and was never part of the NIST SP 800-52cipher stacks.U.S. General Services Administration5
DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86CIO-IT Security-14-69, Revision 4SSL/TLS Implementation12. TLS ECDHE RSA WITH AES 128 CBC SHA13. TLS ECDHE ECDSA WITH AES 256 CBC SHA38414. TLS ECDHE ECDSA WITH AES 128 CBC SHA25615. TLS ECDHE ECDSA WITH AES 256 CBC SHA16. TLS ECDHE ECDSA WITH AES 128 CBC SHAFor TLS 1.34 implementa
FIPS 140-2, Security requirements for Cryptographic Modules. 2 Please note that while FIPS 140-3 has been released, implementing guidance is still in progress and FIPS 140-2 certificates will continue to be issued. DocuSign Envelope ID: 3EFE8B4E-8F68-4061-9154-FEB003A77A86
l DecryptionServices DPI-SSL/TLSClient l ViewingDPI-SSLStatus l DeployingtheDPI-SSL/TLSClient DecryptionServices DPI-SSL/TLSClient TIP:ForinformationaboutDPI-SSL,seeAboutDPI-SSL. SonicOS7DPI-SSLAdministrationGuide ConfiguringtheDPI-SSL/TLSClient 2 8
administrators of Windows Server 2003 & 2008R2 to harden SSL/TLS support. Administrators can manually edit and backup the SSL configuration and set PCI-DSS compliant SSL rules with a click of a button. Link SSL Audit (alpha) - A remote SSL audit tool able scan for SSL/TLS support against remote servers.
Proposed SSL 2015 Salary Midpoints versus SSL 3 and Market Present (SSL 3) SSL 2015 Midpoint SSL 2015 Midpoint/Market Benchmark (%) 11,400 154 12,084 144 12,809 135 13,578 127 . SSL 2015 vs. Market for Nurses (Total Guaranteed Compensation PBB) 17 (254%) (281%) (209%) SSL 2015 vs. Market for Teachers (Total Guaranteed Compensation PBB) 18 .
Go to SETUP - VPN Settings - SSL VPN Server - SSL VPN Policies, create a policy that allow the SSL VPN users to access remote network. Add a SSL VPN policy and follow below parameters on SSL VPN Policy Configuration Page. Policy For: Global Apply Policy to: All Addresses Policy Name: Allow_all_address Begin: 0 End: 65535 Service: All .
The document focuses on SonicWall SuperMassive next-generation firewalls for DPI, and A10 Networks Thunder SSL Insight (SSLi ) for SSL decryption and FWLB. INTRODUCTION With the end-to-end security promised through SSL encryption, the threat of hidden attacks continues to increase, mandating organizations to decrypt and inspect SSL traffic.
The Juniper Networks SA2500, SA4500, and SA6500 SSL VPN Appliances meet the needs of companies of all sizes. SA Series SSL VPN Appliances use SSL, the security protocol found in all standard Web browsers. The use of SSL eliminates the need for pre-installed client software, changes to int
1 Navigate to the DPI-SSL Client SSL Certificates page. 2 Scroll to the Certification Re-signing Authority section. 3 Select the certificate to use from the Certificate drop-down menu. By default, DPI-SSL uses the Default SonicWall DPI-SSL CA certificate to re-sign traffic that has been inspected.
IPsec VPN Throughput (512 byte) 1 98 Gbps Gateway-to-Gateway IPsec VPN Tunnels 20,000 Client-to-Gateway IPsec VPN Tunnels 100,000 SSL-VPN Throughput 10 Gbps Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) 30,000 SSL Inspection Throughput (IPS, avg. HTTPS) 3 17 Gbps SSL Inspection CPS (IPS, avg. HTTPS) 3 9,500 SSL Inspection .
