Challenges with Disabling 3Des

With the discovery of the sweet32 vulnerability (more at sweet32.info) in 3Des and 64-bit block ciphers in general, we had to see if it was possible to disable 3Des on our devices. You could be thinking, why have it enabled in the first place? Well, on Windows systems it’s enabled by default if you don’t take necessary steps and 3Des/168 is still a valid cipher in FIPS 140-2, which we must be compliant with. Disabling 3Des however is easy enough, handling the troubles afterwards is not. To disable 3Des add the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168\Enabled (DWORD) = 0

This disabled the following cipher suites:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Source: https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protocols-in-schannel.dll

During our tests on Windows Server 2008 R2 and Windows Server 2012 R2, the outcome was very different. Since we also disabled TLS 1.0 at the same time we ran into a few issues on 2008 R2. Just mind the following:

  • Make sure that you install KB308079, to add support for TLS 1.1 and 1.2 for RDP. HTTP already supports TLS 1.1 & 1.2
    https://support.microsoft.com/en-us/kb/3080079
  • Explicitly enable TLS 1.1 and TLS 1.2 in the registry of Windows Server 2008 R2 otherwise stuff will break. In our case, we couldn’t bind a certificate to a web site.
  • If you disable 3Des and have FIPS 140-2 enabled this will break RDP on Windows 2008 R2. We currently have a support case with Microsoft to see if this can be fixed (more info when it becomes available *).

* June 2017 – A hotfix for Windows Server 2008 R2 will be made available that fixes this specific issue.

*July 2017 – After intensive testing of a private hotfix no negative side effects could be found. A hotfix is scheduled to be released at the end of September 2017.

These are the major challenges we ran into. On Server 2012 R2, these issues didn’t occur. Just because I wanted to know what was going on under the hood I spend a day creating different scenario’s and monitoring results to see which ciphers would be used. I’ve listed the results below. Hopefully someone can make use of this information.

Scenarios

The following scenarios consists out of testing a Windows 7 client making a RDP or HTTP connection to a Windows 2008 R2 or Windows 2012 R2 server. Unless otherwise stated, the Windows client and server are patched with all security updates available. No additional updates have been installed. I would recommend against this setup in production, yet I know many organizations are reluctant to install additional updates in their environment. The conclusion of these tests shows that changes to the OS would have been covered if you install recommended updates as well. Security features, such as TLS, FIPS and 3DES are disabled on the server, not on the client.

Windows 7 & Windows Server 2008 R2

Protocol: Remote Desktop Protocol

  • Default (No changes to the Operating System): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • FIPS 140-2 Enabled: TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Enabled): TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Disabled): No connection
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on Windows 7: TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on Windows 7: No connection
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on Windows 2008 R2: TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on Windows 2008 R2: No connection
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on both: TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on both: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on both: No connection
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on both: TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.2

Observation: As you can clearly see in the results above, Windows 2008 R2 with FIPS 140-2 always connects with TLS_RSA_WITH_3DES_EDE_CBC_SHA/TLS1.0 even if you have disabled TLS 1.0. Disabling 3DES kills the RDP connection entirely.

Protocol: HTTP

  • Default (No changes to the Operating System): LS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • FIPS 140-2 Enabled: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Enabled): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on Windows 2008 R2: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on Windows 2008 R2: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on both: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on both: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on both: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on both: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2

Observation: HTTP does a far better job in selecting the correct ciphers, with or without FIPS140-2 enabled it selects the highest suite available. However, without any adjustments it prefers TLS 1.0 over 1.2 even when kb3080079 is installed. Please be aware that on Server 2008 R2 TLS1.1 & 1.2 are explicitly enabled in the registry.

Windows 7 & Windows Server 2012 R2

Protocol: Remote Desktop Protocol

  • Default (No changes to the Operating System): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • FIPS 140-2 Enabled: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Enabled): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Disabled): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/TLS1.0
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Enabled) & kb3080079 on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Disabled) & kb3080079 on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2

Observation: When connecting to Windows Server 2012 R2 over RDP, the protocol still seems to have mind of it’s own. Disabling TLS1.0 on the server side seems to be ignored until you have installed kb3080079 on the Windows 7 box. After installing that update TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2 is the preferred cipher regardless of FIPS140-2 compliancy.

Protocol: HTTP

  • Default (No changes to the Operating System):
    FIPS 140-2 Enabled: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Enabled): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Enabled) & kb3080079 Installed on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 Disabled (FIPS 140-2 Disabled) & kb3080079 Installed on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Enabled) & kb3080079 on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2
  • TLS 1.0 / 3DES Both Disabled (FIPS 140-2 Disabled) & kb3080079 on Windows 7: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/TLS1.2

Observation: HTTP again is very consistent in selecting it’s cipher suite. Selecting FIPS140-2 compliancy has no negative or positive effect on the selection.

 

2 thoughts on “Challenges with Disabling 3Des”

    1. Hi Rob,

      Yeah we have incident report filed at Microsoft regarding this case. After months of mailing back and forth Microsoft agreed to honor a design change request and provided a private fix last Friday for testing purposes. We have this week scheduled to setup a lab and test the fix. If you want I can keep you up to date with the progress? Just pm me with your email or something.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s