Mike Lim

Google's minimum standards for TLS clients

Discussion created by Mike Lim on Sep 19, 2015
Latest reply on Nov 5, 2015 by Rob Moss

From Google Online Security Blog: Disabling SSLv3 and RC4

 

Minimum standards for TLS clients


In order to reduce the amount of work that the deprecation of outdated cryptography causes, we are also announcing suggested minimum standards for TLS clients today. This applies to TLS clients in general: certainly those that are using TLS as part of HTTPS, but also, for example, SMTP servers using STARTTLS.


Devices that don’t meet these standards aren’t going to stop working anytime soon, but they might be affected by further TLS changes in the coming years.


 

  1. TLS 1.2 must be supported.
  2. A Server Name Indication (SNI) extension must be included in the handshake and must contain the domain that's being connected to.
  3. The cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 must be supported with P-256 and uncompressed points.
  4. At least the certificates in https://pki.google.com/roots.pem must be trusted.
  5. Certificate handling must be able to support DNS Subject Alternative Names and those SANs may include a single wildcard as the left-most label in the name.

 

In order to make testing as easy as possible we have set up https://cert-test.sandbox.google.com, which requires points 1–3 to be met in order to make a successful connection. Thus, if your TLS client can’t connect to that host then you need to update your libraries or configuration

 

Point 3 is a concern. As per SSL Server Test: cert-test.sandbox.google.com (Powered by Qualys SSL Labs) , IE on Windows 7/8, Safari on iOS and OSX just do not support AES-GCM.

And Windows 7 only EOL in 2020.


Outcomes