Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
May 16, 2023

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

Good morning, there is a recommendation from German federal security office to still allow CBC-mode ciphers as long as TLS extention "Encrypt-then-MAC" (RFC7366) is in use. But I can't find any info...
  • MegaZone's avatar
    MegaZone
    May 17, 2023

    To my knowledge BIG-IP does not support/use the 'Encrypt-then-MAC' RFC7366 TLS extension.  In fact, I can't find any mention of this RFC in our internal systems, so it is probably safe to say it is not supported.  I think that, in general, the industry moved to AEAD ciphers instead.

    As for AES-GCM - while it might be possible to configure a modern client NOT to use it, that'd very much be the exception and not the rule.  Any browser old enough to lack AES-GCM support would be old enough to have many other issues (and probably wouldn't support TLSv1.2 anyway), so you're better off not allowing those to connect in the first place.

    Especially has TLSv1.3 only has five supported cipher suites - and two of those are AES-GCM:

    • TLS_AES_256_GCM_SHA384
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_128_CCM_8_SHA256
    • TLS_AES_128_CCM_SHA256
    • TLS_CHACHA20_POLY1305_SHA256

    So AES-GCM support is basic table stakes for TLS these days.