How to configure cipher suites for STARTTLS?

Copper Contributor

I configured the available cipher suites for an Exchange 2013 server as described here in the best practice document  by putting them into the appropriate registry key:

HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

But when looking at a packet capture of an outgoing SMTP session of that server which used STARTTLS, I observed that it was offering a completely different set of ciphers. Is that registry key not being used for STARTTLS by Exchange Server and if so, where do the ciphers for that have to be configured instead?

6 Replies

Hi @SAMFS 

I guess that these depended from what the OS is configured. Have a look here

https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-pra... 

Kind Regards

Andres

Thanks for you quick reply! That is the document I referred to in my post. So, what's in there either does not answer my question or I got it wrong 😅
How to you check the Ciphers offered after STARTTLS?

By capturing the traffic to and from the server using Wireshark. The Exchange server contacted another SMTP host and after sending the STARTTLS command it sent the following cipher suites as part of the handshake:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5

While the ciphers in the above registry key are as follows:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256

Which matches the list from the best practice document.

Hi @SAMFS 

I've captured the Traffic from an openssl STARTTLS Test

openssl s_client -starttls smtp -connect mail.icewolf.ch:25


After STARTTLS and the Server Responding 220
The client sends a List of Cipher Suites it supports

 

AndresBohren_0-1714121687598.png

Then the Server picks one

AndresBohren_1-1714121839081.png

Similar to HTTPS

 

AndresBohren_4-1714121905438.png

Kind Regards
Andres

 

 

 

Hi @Andres-Bohren!

 

Yes, that's what I did, too. The problem is that our Exchange server, after sending the STARTTLS command, does not offer the cipher suites that are listed in the above mentioned registry key, but a different set. And I don't know why it behaves like that.