Why is Android / IE using 3DES when AES is available?

security web-server ssl tls

Solution 1:

Typically each client has their own preference in which ciphers they support.

To stick with your example: Android 5.0.0 supports a reasonable number but has some odd preferences, with some objectively weaker ciphers preferred over some stronger ones.

According to the SSL Labs scan (the "Cipher Suites (sorted by strength; the server has no preference)" section) your server will only support a limited number of ciphers and does not display a preference, leaving the cipher negotiation primarily to the client, which results in TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

Solution 2:

This behavior is determined by the cipher list passed from the client to the server, where the client tells the server what ciphers it supports, and which priority each of those ciphers has. Android, in particular, has made some insecure choices about the preference order of its cipher suites, preferring very insecure ciphers over secure ones that it supports, without giving any explanation as to why.

My suspicion is that it's a design choice. By choosing a less computationally intensive cipher, you use less power and therefore get more battery life, which is something consumers notice and care about in a smartphone, and in contrast, when it comes to security, as long as the end user sees that lock icon, "it's secure," and that's all they care about (if they even care that much).

So, they're using 3DES because they have a higher preference for that weaker cipher, and you allow it to be used. The only way to stop it from being picked by a client with dubious preferences is to remove it.

Solution 3:

To fix the issue already explained by @HBrujin and @HopelessN00b, you can set a preferred list cipher for the webserver, who can also have preferences, not only the client. I recommend to use the settings elaborated by the Bettercrypto.org project Applied Crypto Hardening.

E.g. for Apache, you can use 

SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'

in your settings for SSL/TLS. To support 3DES, remove 3DES from the string, but only if it is really necessary and you need to support software from the last century. This cipherstring can be used in business environments with old software (which is not recommended either, but business, you know...).

Related

Extremely slow qemu storage performance with qcow2 images
ZFS cksum errors on LSI 9207-9i (SAS2308) with Samsung 850 Pro SSDs
Amazon EC2 - need to change IP address without downtime
Compile for iOS 5.1 in macOS Mojave
Issue trying to run macOS Mojave off a bootable external USB
Why do my internet browsers stop working?
Use mnemonics/menu-shortcut keys with Windows apps running on Mac
Fresh install of macOS takes up too much space
I have override a file in bin folder and this affect other programs
Set Today View as default on Lock screen in iPhone
How to tell if my old Mac supports Sidecar feature in macOS Catalina?
Apple Pages insert equation greyed out after 8.1 update