https with ECDHE-ECDSA-AES256-GCM-SHA384 in windows 2012

Question

I have been a long time reader but this is my first real post on a topic that I couldn't find a solution to.

I am currently hosting a website on Windows 2012 that I would like to get the latest TLS 1.2 ciphersuites running on.

I am aware of how to enable TLS 1.1 and TLS 1.2 in windows and have done so(via registry edits). I have also changed the cipher order to what I would like it to be.

My question is: How do i actually go through and set up my ECDHE / ECDSA portion of the cipher suite after this step?

When i view the site in the latest chrome beta (which supports ECDHE and ECDSA in TLS 1.2 provided you use the supported curves) it seems to skip all of the ECHDE ciphersuites.

Is there something else i need to do to get ECDHE/ECDSA properly enabled?

I have read around on the net trying to solve this myself and they mention making copies of your root cert and then modifying them to somehow support ECDHE. Am i barking up the wrong tree?

Thank you in advance for any and all support with this issue.

Edit: adding clarification/progress

After more research, I have found that in order to get ECDSA to work, you need an ECDSA certificate. The only way to get one at this time is to self-sign, as the cert-cartel has not yet come up with proper cross-licensing agreements and fee structures for Ellipic Curve Certificates yet.

Since self-signing is not an option for this site, I have removed all ECDSA suites from the cipher-order.

Unfortunately, because all of the AES Galois Counter Mode suites were also ECDSA, this rules those out for the time being.

This leaves me with a strongest cipher suite of ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 which I BELIEVE is supported by the latest version of Chrome beta correct? I can't seem to get Chrome to pick up anything beyond SHA-1. Is there no SHA-2 support? even in the latest beta?

Answer 1

AES-GCM is about how you encrypt the data in your connexion, EC-DSA or RSA about how the server identifies itself to the client. There is therefore no reason why you couldn't do AES-GCM encryption with a RSA authentication.

RFC 5289 does define the needed suite for that : https://www.rfc-editor.org/rfc/rfc5289#section-3.2

CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = {0xC0,0x2F};
CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = {0xC0,0x30};
CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = {0xC0,0x31};
CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = {0xC0,0x32};

It's not however necessarily easy to find both the client and the server that will support them.

Answer 2

I had similar experiences with Win2008 R2. Depending on the certificate, GCM cipher is offered by the server or not.

With self-signed ECDSA certificate i got GCM to work but older browsers or Windows XP can't connect to such a https-site.

Windows doesnt support any TLS_ECDHE_RSA...GCM... ciphers: http://msdn.microsoft.com/en-us/library/aa374757(v=vs.85).aspx Thus normal RSA-certificates don't work with GCM under Windows.

Browser compatibility: http://www.g-sec.lu/sslharden/SSL_comp_report2011.pdf