0 votes
by (270 points)

Hello, when providing value for AllowedSuites you can choose one of the few presets or define specific one. .NET implementation of TLS by default uses ciphers defined in an OS. Is the same possible with Rebex? Or at least can you define your own preset of ciphers somehow?

Applies to: Rebex TLS

1 Answer

+2 votes
by (143k points)
selected by
 
Best answer

The ciphers defined in the OS are part of the configuration of Windows Schannel, Microsoft's TLS implementation. Rebex components don't use Schannel at all, so trying to apply Schannel settings sounds somewhat counterintuitive. It would also be very problematic due to the mismatch of ciphers and features in Rebex TLS and Schannel.

For example, we support TLS 1.3 on Windows 7 and Windows 8.1, while Schannel does not, and therefore does not have any settings for TLS 1.3 on those operating systems. We support TLS with Ed25519 certificates, while Schannel does not. We support ChaCha20/Poly1305 cihpers on all operating systems, while Schannel only supports them on Windows 11 or Windows Server 2022. Schannel also supports some ciphes we don't. Additionally, Schannel keep evolving, so there are slightly different settings and defaults in various versions of Windows 10, which would further complicate the seemingly simple task of retrieving Schannel ciphers (or other settings) - we would have to accommodate for dozens of different Schannel features sets on different versions of Windows.

Due to these pitfalls, we currently have no plans to add this feature. If you need it, you can retrieve the values from Schannel registry settings and configure Rebex TLS accordingly.

...