Cipher Suites for SSL Proxy

Supported Cipher Suites

SSL proxy acts as an intermediary, performing SSL encryption and decryption between the client and the server, but neither the server nor the client can detect its presence. SSL relies on digital certificates and private-public key exchange pairs for client and server authentication to ensure secure communication.

Lets get familiar with all the terms we are going to refer in this section.

• Digital Certificate or CA Certificate —A digital certificate is an electronic means for verifying your identity through a trusted third party, known as a certificate authority (CA). Alternatively, you can use a self-signed certificate to attest to your identity. Each certificate contains a cryptographic key to encrypt plaintext or decrypt cyphertext.

• Certificate Contents—A digital certificate associates a public key with the identity of an individual entity to whom it is issuing the digital certificate. A digital certificate includes the following identification attributes:

  • Identification and signature of the Certificate Authority that issued the certificate.

  • Validity period

  • Serial number

  • Certificate issuer details

  • Information about the subject includes identifying information (the distinguished name) and the public key.

• Cipher Suite—A cipher suite is a set of cryptographic algorithms. An SSL cipher comprises encryption ciphers, an authentication method, and compression. On SRX Series Firewall, SSL sessions use key exchange method by which cryptographic keys are exchanged between the client and the servers using cryptographic algorithm. The kind of key exchange algorithm and the cipher suites used must be supported by both sides.

  SSL sessions use the algorithms from a cipher suite to:

  • Securely establish a secret key between two communicating parties

  • Protect the confidentiality of data in transit

Table 1 provides the details of RSA keys supported on various SRX Series Firewalls.

Table 1: Maximum Key Sizes Supported on SRX Series Devices

SRX Series Devices	Supported RSA Key Size
SRX300, SRX320, SRX340, SRX345, SRX550, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800	512 bits, 1024 bits, 2048 bits, 4096 bits

• Starting with Junos OS Release 15.1X49-D30 and Junos OS Release 17.3R1, server certificates of key size 4096 bits are supported. Prior to Junos OS Release 15.1X49-D30, server certificates with key size greater than 2048 bits were not supported because of cryptography hardware limitations.

• Starting in Junos OS Release 18.1R1, SSL proxy support is available on SRX300 and SRX320 devices. On SRX300 and SRX320 devices, server certificates with key size 4096 bits are not supported.

ECDSA Cipher Suite Support for SSL Proxy

Starting in Junos OS Release 18.3R1, SRX Series Firewalls support ECDSA cipher suites for SSL proxy. ECDSA is a version of the Digital Signature Algorithm (DSA) and is based on Elliptic-curve cryptography (ECC).

To use ECDSA ciphers on your security device, you must ensure to:

• Include the certificates containing ECC-capable public keys on the device. Support is available for the Elliptic Curve Cryptography (ECC) certificate only with the Elliptic Prime Curve 256 bit (P-256).

• Include the ECDSA certificate option for the root CA. You can include one RSA certificate and one ECDSA certificate each. Having both ECC and RSA certificate allows you to perform ECC-based key exchange or RSA-based key exchange depending on the client and the server device’s compatibility.

• For reverse proxy, include the ECDSA certificate for the server certificate. No restriction on the number of ECDSA or RSA certificate inclusion.

• A trusted CA certificate can either be an RSA-based certificate and an ECDSA-based certificate. All features supported on an RSA-based certificate such as certificate cache, certificate revocation list (CRL), certificate chain are supported on an ECDSA certificate.

Elliptic Curve (EC) groups are used in SSL/TLS communication for key exchange during the handshake process. These groups are part of the Elliptic Curve Cryptography (ECC) which provides secure communication with smaller key size, resulting in reduced storage and faster transmission and secure communications.

Starting in Junos OS 23.4R1, SRX Series Firewalls support the following ECC curve types in SSL initiation, SSL termination, and SSL proxy profiles.

• P-256
• P-384
• P-512

Above EC groups are configured SSL initiation, SSL termination, and SSL proxy profiles by default and priority order of these EC groups is - priority order of P-256, P-384, and P-521.

Note that the server and client must both support the same EC group in order to successfully establish a secure connection.

Configuring these EC groups in SSL proxy client and server communication ensures compatibility and flexibility in establishing secure connections.

SSL Cipher List

Table 2 displays a list of supported ciphers. NULL ciphers are excluded.

Table 2: Supported SSL Cipher List

SSL Cipher	Key Exchange Algorithm	Data Encryption	Message Integrity	Preferred Ciphers Category	Earliest Supported Release
ECDHE-ECDSA-AES-256-GCM- SHA384	ECDHE/DSA key exchange	256-bit AES/GCM	SHA384 hash	Strong	Junos OS Release 18.3R1
ECDHE-ECDSA-AES-128-GCM-SHA256	ECDHE/DSA key exchange	128-bit AES/GCM	SHA256 hash	Strong	Junos OS Release 18.3R1
ECDHE-ECDSA-AES-256-CBC- SHA384	ECDHE/DSA key exchange	256-bit AES/CBC	SHA384 hash	Strong	Junos OS Release 18.3R1
ECDHE-ECDSA-AES-128-CBC-SHA256	ECDHE/DSA key exchange	128-bit AES/CBC	SHA256 hash	Strong	Junos OS Release 18.3R1
ECDHE-ECDSA-AES-256-CBC-SHA	ECDHE/DSA key exchange	256-bit AES/CBC	SHA hash	Strong	Junos OS Release 18.3R1
ECDHE-ECDSA-AES-128-CBC-SHA	ECDHE/DSA key exchange	128-bit AES/CBC	SHA hash	Strong	Junos OS Release 18.3R1
ECDHE-RSA-AES256-GCM-SHA384	ECDHE/RSA key exchange	256-bit AES/GCM	SHA384 hash	Strong	Junos OS Release 15.1X49-D10
ECDHE-RSA-AES256-CBC-SHA384	ECDHE/RSA key exchange	256-bit AES/CBC	SHA384 hash	Strong	Junos OS Release 15.1X49-D10
ECDHE-RSA-AES256-CBC-SHA	ECDHE/RSA key exchange	256-bit AES/CBC	SHA hash	Strong	Junos OS Release 15.1X49-D10
ECDHE-RSA-AES128-GCM-SHA256	ECDHE/RSA key exchange	128-bit AES/GCM	SHA256 hash	Strong	Junos OS Release 15.1X49-D10
ECDHE-RSA-AES128-CBC-SHA256	ECDHE/RSA key exchange	128-bit AES/CBC	SHA256 hash	Strong	Junos OS Release 15.1X49-D10
ECDHE-RSA-AES128-CBC-SHA	ECDHE/RSA key exchange	128-bit AES/CBC	SHA hash	Strong	Junos OS Release 15.1X49-D10
RSA-AES256-GCM-SHA384	ECDHE/RSA key exchange	256-bit AES/GCM	SHA384 hash	Strong	Junos OS Release 15.1X49-D10
RSA-AES256-CBC-SHA256	ECDHE/RSA key exchange	256-bit AES/CBC	SHA256 hash	Strong	Junos OS Release 15.1X49-D10
RSA-AES128-GCM-SHA256	ECDHE/RSA key exchange	128-bit AES/GCM	SHA256 hash	Strong	Junos OS Release 15.1X49-D10
RSA-AES128-CBC-SHA256	ECDHE/RSA key exchange	128-bit AES/CBC	SHA256 hash	Medium	Junos OS Release 15.1X49-D10
RSA-AES128-CBC-SHA	RSA key exchange	128-bit AES/CBC	SHA hash	Weak	Junos OS Release 12.1
RSA-AES256-CBC-SHA	RSA key exchange	256-bit AES/CBC	SHA hash	Weak	Junos OS Release 12.1

Starting in Junos OS Release 21.2R1, on SRX Series Firewalls, SSL proxy supports TLS version 1.3 and it provides improved security and better performance. Table 3 displays a list of TLS 1.3 supported ciphers.

Table 3: TLS 1.3 Supported Cipher List

TLS Cipher	Key Exchange Algorithm	Data Encryption	Message Integrity	Earliest Supported Release
TLS_AES_256_GCM_SHA384	Any	256-bit AES/GCM	SHA384 hash	Junos OS Release 21.2R1
TLS_AES_128_GCM_SHA256	Any	128-bit AES/GCM	SHA256 hash	Junos OS Release 21.2R1
TLS_CHACHA20_POLY1305_SHA256	Any	256-bit CHACHA20_POLY1305	SHA256 hash	Junos OS Release 21.2R1
TLS_AES_128_CCM_SHA256	Any	128-bit AES/CCM	SHA256 hash	Junos OS Release 21.2R1
TLS_AES_128_CCM_8_SHA256	Any	128-bit AES/CCM	SHA256 hash	Junos OS Release 21.2R1

Starting in Junos OS Release 18.4R1, support for some ciphers in custom ciphers are deprecated. Table 4 provides the list of the deprecated ciphers.

Table 4: List of Deprecated Ciphers

SSL Cipher	Key Exchange Algorithm	Data Encryption	Message Integrity	Preferred Ciphers Category	Earliest Supported Release
ECDHE-ECDSA-3DES-EDE-CBC-SHA	ECDHE/DSA key exchange	3DES EDE/CBC	SHA hash	Strong	Junos OS Release 18.3R1
ECDHE-RSA-DES-CBC3-SHA	ECDHE/RSA key exchange	DES CBC	SHA hash	Medium	Junos OS Release 15.1X49-D10
RSA-RC4-128-MD5	RSA key exchange	128-bit RC4	Message Digest 5 (MD5) hash	Medium	Junos OS Release 12.1
RSA-RC4-128-SHA	RSA key exchange	128-bit RC4	Secure Hash Algorithm (SHA) hash	Medium	Junos OS Release 12.1
RSA-EXPORT-1024-RC4-56-MD5	RSA 1024 bit export	56-bit RC4	MD5 hash	Weak	Junos OS Release 12.1
RSA-EXPORT-1024-RC4-56-SHA	RSA 1024 bit export	56-bit RC4	SHA hash	Weak	Junos OS Release 12.1
RSA-EXPORT-RC4-40-MD5	RSA-export	40-bit RC4	MD5 hash	Weak	Junos OS Release 12.1
RSA-EXPORT-DES40-CBC-SHA	RSA-export	40-bit DES/CBC	SHA hash	Weak	Junos OS Release 12.1
RSA-EXPORT-1024-DES-CBC-SHA	RSA 1024 bit export	DES/CBC	SHA hash	Weak	Junos OS Release 12.1
RSA-3DES-EDE-CBC-SHA	RSA key exchange	3DES EDE/CBC	SHA hash	Weak	Junos OS Release 12.1
RSA-DES-CBC-SHA	RSA key exchange	DES CBC	SHA hash	Weak	Junos OS Release 12.1

Note the following:

• Supported SSL ciphers for HTTPS firewall authentication are RSA-AES-128-CBC-SHA, and RSA-AES-256-CBC-SHA.

• Cipher suites that have “export” in the title are intended for use outside of the United States and might have encryption algorithms with limited key sizes. Export ciphers are not enabled by default. You need to either configure the export ciphers to enable or install a domestic package.

• ECDHE-based cipher suits support the perfect forward secrecy feature in SSL proxy.

  Perfect forward secrecy is a specific key agreement protocols which ensures that all transactions sent over the Internet are secure. Perfect forward secrecy generates a unique session key for every session initiated by user. This ensures that the compromise of a single session key has no impact on data other than that exchanged in the specific session protected by that particular key.

Configuring Cipher Suites for SSL Proxy

You can use following options in SSL proxy profile configuration to set cipher suites:

• Preferred Ciphers—Preferred ciphers allow you to define an SSL cipher with acceptable key strength: strong, medium, or weak.

  If you do not want to use one of the three categories, you can select ciphers from each of the categories to form a custom cipher set. Custom ciphers allow you to define your own cipher list. To configure custom ciphers, you must set preferred-ciphers to custom. Example:

• Custom Ciphers—Custom ciphers allow you to define your own cipher list. Example:

  Starting in Junos OS Release 21.2R1, you can also use the following custom ciphers:

Use the following steps to configure an SSL proxy with custom ciphers:

• Generate a root CA certificate or you can import your own trusted CA certificate and private and public keys into the device.

• Create an SSL proxy profile and associate root CA certificate (Root CA or the server certificate).

• Enable preferred-cipher in the SSL proxy as a custom-cipher and attach custom cipher

Example:

This example shows how to create a custom cipher. In this example, you set preferred-cipher to custom and add the cipher list (ecdhe-ecdsa-with-aes-256-cbc-sha384 and ecdhe-ecdsa-with-aes-128-cbc-sha256):

Or

Proceed with configuring the SSL proxy profile and applying the SSL proxy profile to a security policy

Configuring Server Certificates of Key Size 4096 Bits on SRX300 and SRX320

Starting in Junos OS Release 19.4R1, SRX300 and SRX320 devices support RSA certificates with key size 4096 bits. This support is available only when the SRX300 and SRX320 devices are operating in standalone mode.

You must explicitly configure the SSL proxy profile on SRX300 and SRX320 devices to use the server certificate with key size 4096 bits. Example:

SSL Forward Proxy Profile

SSL Reverse Proxy Profile