Is it possible to not send the TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher?

Question

Hello,

I create the TSLStream and authentificate as a client, but need to not to cipher TLS_EMPTY_RENEGOTIATION_INFO_SCSV.

I have the next code, but TLSEMPTYRENEGOTIATIONINFOSCSV is still send.

            var stream = new TlsStream(_tcpClient.Client);

            stream.Parameters.SetSymmetricCipherSuites(new TlsSymmetricCipherSuite[] { 
                TlsSymmetricCipherSuite.TLS_CHACHA20_POLY1305_SHA256, 
                TlsSymmetricCipherSuite.TLS_AES_128_GCM_SHA256, 
                TlsSymmetricCipherSuite.TLS_AES_256_GCM_SHA384 });


            stream.Parameters.AllowedSuites = 
                TlsCipherSuite.ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
                | TlsCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256
                | TlsCipherSuite.ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
                | TlsCipherSuite.ECDHE_RSA_WITH_AES_256_GCM_SHA384
                | TlsCipherSuite.ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
                | TlsCipherSuite.ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
                | TlsCipherSuite.ECDHE_RSA_WITH_AES_128_CBC_SHA
                | TlsCipherSuite.ECDHE_RSA_WITH_AES_256_CBC_SHA
                | TlsCipherSuite.RSA_WITH_AES_128_GCM_SHA256
                | TlsCipherSuite.RSA_WITH_AES_256_GCM_SHA384
                | TlsCipherSuite.RSA_WITH_AES_128_CBC_SHA
                | TlsCipherSuite.RSA_WITH_AES_256_CBC_SHA;

            stream.Parameters.AllowedCurves = TlsEllipticCurve.Curve25519 
                | TlsEllipticCurve.BrainpoolP256R1 
                | TlsEllipticCurve.BrainpoolP384R1;

            stream.AuthenticateAsClient(Address.Host);

Any advice?

Answer 1

At the moment, it's only possible to disable this pseudo-cipher by turning off support for secure renegotiation extension altogether:

stream.Parameters.Options |= TlsOptions.DisableRenegotiationExtension;

The forthcoming Rebex TLS R7.0 will come with an updated TLS core tha incorporates current best prractices and no longer includes TLSEMPTYRENEGOTIATIONINFOSCSV in the cipher list - it will instead announce support for secure renegotiation by sending the renegotiation info extension. A preview build is already available - if you would like to give it a try, please contact us at support@rebex.net.

Comments

Thank you for the answer.

How I can control the list of included extensions in TLS connection?

---

renegotiation_info - controlled by TlsOptions.DisableRenegotiationExtension flag in Parameters.Options
extended_master_secret - controlled by TlsOptions.DisableExtendedMasterSecret flag in Parameters.Options
application_layer_protocol_negotiation - specified by Parameteres.SetApplicationLayerProtocols(...)
server_name - controlled by TlsOptions.DisableServerNameIndication flag in Parameters.Options and Parameters.CommonName
signature_algorithms extension - determined by Parameters.AllowedSignatureSchemes
ec_curves extension - determined by Parameters.AllowedCurves
ec_point_formats extension - determined by Parameters.AllowedCurves
supported_versions - controlled by Parameters.Version
supported_groups - not currently configurable (might change in R7.0)
psk_key_exchange_modes - not currently configurable (might change in R7.0)
key_share - not currently configurable (might change in R7.0)
post_handshake_auth - not currently configurable (might change in R7.0)