Google Sets Minimum TLS Standards, Will Disable SSL3 And RC4 For Its Servers

Google announced on its security blog that it's going to soon disable the obsolete SSL3 protocol as well as the RC4 cipher for its front-end servers. The company also established new recommended minimum TLS standards that it hopes others will support over the next few years. The same standards will be required in any software where others have to get certification from Google (such as in Android).

RC4, a 28-year-old cipher, has been the target of many recent attacks in the past few years, and the IETF and Google, as well as Mozilla and Microsoft, all agree that it's time to retire it.

SSL3 was made obsolete 16 years ago when the TLS 1.0 protocol was announced to replace it, and the IETF has also said recently that it shouldn't be used anymore. Many browsers and servers still supported it until a year ago, when several of Google's researchers uncovered the POODLE attack, which could downgrade secure HTTPS connections to using the weaker SSL3.

There have been other similar attacks because the browsers simply didn't clean out old obsolete cipher suites that aren't secure anymore, believing that some websites out there might still be using them. That's why Google is also establishing some recommended minimum standards for the future, so websites and other TLS clients can proactively upgrade to safer protocols in a reasonable time, rather than doing it after an attack happens.

Because many embedded systems, as well as other client applications that connect to Google's services, can't be easily updated to support new crypto protocols, Google recommends that new devices and apps should adopt the following:

TLS 1.2 must be supported.A Server Name Indication (SNI) extension must be included in the handshake and must contain the domain that it's being connected to.The cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 must be supported with P-256 and uncompressed points.At least the certificates in https://pki.google.com/roots.pem must be trusted.Certificate handling must be able to support DNS Subject Alternative Names and those SANs may include a single wildcard as the left-most label in the name.

This should ensure that the clients will be compatible with Google's servers at least through 2020. If they don't meet these requirements, the connections might still work unless the clients only support SSL3 and RC4.

To make testing easier, Google has set up https://­cert-test.­sandbox.­google.­com, which requires that points 1-3 (above) are met for a connection to be established. Otherwise, the developers will need to update their crypto libraries and configurations.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.