From @ChrML on Thursday, September 5, 2019 7:09:29 AM

Description

From ASP Core 3.0 preview6 and newer it is now possible to get a grade B, instead of a previous grade F, on the SSL test (https://www.ssllabs.com/ssltest/). Because from 3.0 the insecure cipher suits are now disabled by default.

But still in 3.0-preview8, the Kestrel server does not have any cipher suit preference. This caps the SSL test grade to B instead of A. Grade A servers are regarded the most secure servers.

Describe the solution you'd like

The server should prefer the "Perfect Forward Secrecy" compliant cipher suits (ECDHE) over the weaker cipher suits.

Additional context

Here is the SSL report from the cipher suit chapter (on a 3.0-preview8 application):

Cipher Suites

TLS 1.2 (server has no preference)

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp521r1 (eq. 15360 bits RSA) FS 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp521r1 (eq. 15360 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp521r1 (eq. 15360 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH secp521r1 (eq. 15360 bits RSA) FS 256

Here is the description from SSL labs why the Kestrel server is capped to grade B:

Penalty for not using forward secrecy (B)

Forward secrecy (FS) also known as perfect forward secrecy (PFS), is a property of secure communication protocols in which compromises of long-term keys does not compromise past session keys. Forward secrecy protects past sessions against future compromises of private key. The very popular RSA key exchange doesn’t provide forward secrecy. You need to support and prefer ECDHE suites in order to enable forward secrecy with modern web browsers.

SSL Labs will start penalizing servers that don’t support forward secrecy; Grade will be capped to B. We will not penalize sites that use suites without forward secrecy provided they are never negotiated with clients that can do better.

Simply making the server prefer the existing ECDHE cipher suits over the weak cipher suits will suffice for getting a grade A.

Copied from original issue: dotnet/aspnetcore#13700