locked
Cipher suite selection in SChannel RRS feed

  • Question

  • I have implemented (Windows 10.0.17763.0/VS2017/C++)a client/server which does secure communication using schannel. Now the requirement is to use only a set of cipher suites for the communication between certain clients and servers.

    Using BCryptAddContextFunction/BCryptRemoveContextFunction APIs i could change the supported ciphers in SChannel but that is a system wide setting and not just for my application.
    In order to control it programmatically, i tried using the ALG_IDs in AcquireCredentialsHandle. 
    Below are the only cipher suites my app is supposed to support.

    -    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    -    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    -    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    -    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    So i constructed the ALG_IDs like below.


        std::vector<ALG_ID> algos       = { CALG_AES_256 , CALG_AES_128 , CALG_SHA_384 , CALG_SHA_256,CALG_ECDH_EPHEM,CALG_DH_EPHEM };
        schannelCred.cSupportedAlgs     = static_cast<DWORD>(algos.size());
        schannelCred.palgSupportedAlgs  = algos.empty() ? nullptr : &algos[0];


    Using wireshark i figured that below are the cipher suites my app is proposing in the client hello using the above ALG_IDs,

    -    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    -    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    -    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    -    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    -    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    -    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    -    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    -    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    -    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    -    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    The problem is, 
    1. How do i allow **only** AES_*_GCM bulk encryption ? when i add CALG_AES_* to the list, both AES_*_GCM and AES_*_CBC are getting allowed. 
    2. How do i control the signature ? Adding CALG_ECDH_EPHEM enabled both TLS_ECDHE_ECDSA as well as TLS_ECDHE_RSA where i need only TLS_ECDHE_RSA.
    adding CALG_RSA_SIGN to the ALG_ID removed TLS_ECDHE_ECDSA but it stared allowing TLS_RSA_* cipher suites.
    Friday, July 24, 2020 6:08 PM

All replies

  • Hi,

     The granularity you are trying can’t be done. If you examine the 16 bit value for the algorithm flag, you’ll see that the bitness is the same and that there are a famility of algorithms which are grouped together.
    { CALG_AES_256 , CALG_AES_128 , CALG_SHA_384 , CALG_SHA_256,CALG_ECDH_EPHEM,CALG_DH_EPHEM };

    Or

    { CALG_AES_256 , CALG_AES_128 , CALG_SHA_384 , CALG_SHA_256,CALG_ECDH_EPHEM,CALG_DH_EPHEM, CALG_RSA_SIGN };

    Both have a value of: 0xEE1F or 1110 1110 0001 1111. However, as you state in the orignal post you can change it via system widely. However, if you want windows support this, you can try to submit this feedback via Feedback hub on Windows.


    Regards & Fei






    "Win32 API" forum will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "Win32 API" forum’s new home on Microsoft Q&A !
    For more information, please refer to the sticky post.


    Tuesday, August 4, 2020 12:20 AM