Perfect Forward Secrecy and how to choose PFS based Cipher suites
What are Cipher suites.
A cipher suite is a set of cryptographic algorithms.
a) Protect information required to create shared keys (key exchange)
b) Encrypt messages exchanged between clients and servers (bulk encryption)
c) Generate message hashes and signatures to ensure the integrity of a message (message authentication)
Perfect Forward Secrecy for TLS
Perfect Forward Secrecy (PFS) is a concept in Transport Layer Security (TLS) that makes sure that even if attackers manage to gain access to the private key of a certificate, they are not able to decrypt communication from the past (or communication in the future, without using active man in the middle attacks). Or in other words: An attacker can usually record encrypted communication of users with a website which is protected by TLS. Let’s assume that after some months of recording the encrypted data, the adversary then also manages to steal the private key from the server without PFS, it is possible to decrypt all TLS connections that was previously recorded, and also all future communication (until the certificate and its private key are renewed).
Common CryptoLib from 8.4.38 or higher now supports Perfect Forward Secrecy cipher suites using ephemeral key agreement with elliptic curve Diffie-Hellman key exchange. The following new cipher suites are available:
|Cipher suite||Minimum TLS Version|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Stands for
- Protocol : TLS
- Perfect forward secrecy: ECDHE
- It uses a key signed with an RSA certificate authority which is supported by most internal certificate authorities
- Uses strong encryption: AES_256_GCM
- Uses a strong hashing algorithm: SHA384
The PFS cipher suites are not enabled by default, and they do not apply to previously supported TLS cipher suite configurations.
Please check SAP Note 510007 for the TLS configuration, and use the new below command to test your TLS configuration strings.
“ sapgenpse tlsinfo <options> <cipher suites>”.
To enable PFS, the new cipher suite keyword “PFS” is to be added, like in this example:
ssl/ciphersuites = PFS:HIGH:MEDIUM
It will give the PFS based cipher suites followed by the high and medium security cipher suites.
There are some preferred ordered elliptic curves which are enabled by default if PFS is turned on:
Profile parameter values which provides TLSv1.2 and allows TLSv1.0 as last-resort fallback to prevent interoperability problems with a huge amount of installed base that is limited to TLSv1.0:
ssl/ciphersuite = 135:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
Profile parameter values for limiting protocol versions to strict TLSv1.1 & TLSv1.2, also creating plenty of interoperability problems with the installed base:
(TLSv1.2+TLSv1.1+STRICT_PROTOCOL_VERSIONS+BC) = (512 + 256 + 32 + 1 ) = 801 (TLSv1.2+TLSv1.1+STRICT_PROTOCOL_VERSIONS+BLIND_CLIENT_CERTS) = (512 + 256 + 32 + 16) = 816
Once you are done with checking the cipher suites which you want to enable/disable in the system according to your requirement final value can be set in the ssl/ciphersuites and ssl/client_ciphersuites. Parameter in the default profile of the sap system and restart the system.
Selecting the cipher suite can be a challenge. Several considerations play a role in making the correct choice. Server, capabilities, client and certificate authority (required compatibility).Cipher suite should be flexible enough with other servers otherwise compatibility issue can happen .Configuration of PFS cipher suites on TLS client side can cause interoperability issues with older third party servers. If Cipher suites are not configured properly, it will give SSL handshake issues