Tag Archives: Elliptic Curves

TLS Version and Cipher Suites Order Matter: Here’s Why.


As with a great many things, when it comes to internet security, the only constant is change. While the framework for secure web communication has been around since the development of SSL in 1994, the specific protocols and ciphers continue to evolve. In order to keep up with the changes, the InfoSec community must continually evaluate new potential threats in the context of security and ongoing usability of older systems. Just as system patches and OS upgrades are regularly released to fix known issues, new and improved protocols and cipher suites are developed that correct inherent flaws and mitigate new threats. However, no matter how well designed they are, vulnerabilities and weaknesses will emerge during the lifespan of any protocol or cipher suite, so PayPal pays close attention to those threats as they could affect both our customers and us.

PayPal recently reevaluated the TLS cipher suites for its www.paypal.com web site after assessing the numerous clients visiting the site (from legacy ones to the most modern configurations). We currently support TLS versions 1.2 to 1.0, prioritized in that order, and our cipher suites selection and prioritization is based on factors such as availability, business needs, security, and compliance requirements. Efficiency is also a factor, as some ciphers can slow down transactions because their algorithms are more demanding. In some cases, a company may opt for increased speed over a more secure connection. Since we are entrusted with your financial transactions and personal information, however, we lean toward security over speed.

In order to set up a secure connection between a server and a client via TLS, both parties must be capable of running the same version of the TLS protocol and have common cipher suites installed. To initiate the process, the client (e.g. a web browser) advertises, to the server, the TLS versions and cipher suites it supports. The server, when deciding on the cipher suite that will be used for the TLS connection, may give the priority to the client’s cipher suites list (picking the first one it also supports) OR it may choose to prioritize its own list (picking the first one in its list that the client supports). At PayPal we prefer the latter process as it allows us to ensure we set up the most secure communication channel possible.

More specifically, PayPal now prioritizes ciphers that leverage Elliptic Curves and the Diffie–Hellman key exchange mechanism over RSA (namely ECDHE based cipher suites). In addition, we prioritized ECDHE because it leverages the concept of forward secrecy. The last E in ECDHE stands for ephemeral. It means that the generated key pair is temporary and a new set will be generated during each handshake. This is an important property that prevents the decryption of previous TLS conversations even in the case of a stolen private (server) key. This makes it the most secure mode of key exchange to date. As more clients are supporting ECDHE, we prioritize it so that we connect at the most secure level possible.

Despite these advances, we do continue allowing older cipher suites to be used when a client can’t negotiate a more secure connection. We do so in order to support users running legacy platforms like Windows XP and IE6. Fortunately, the number of outdated client is dwindling and we’ll soon cut them off entirely. We’re currently ending support for outdated cipher suites such as RC4 that are only connecting at a rate of roughly one in one million; it’s just a matter of time before we make the next cut.

During our routine investigation of our TLS version and cipher suites order we learned a great deal about how many of our customers are currently able to support higher security TLS connections, helping us plan for future upgrades. This research not only helps increase security, but also minimizes disruption in the customer experience.

In the coming weeks we will publish more of our research on how we determined the optimal TLS version and cipher suites ordering. We hope to help others learn from our experience and improve security for everyone in the online ecosystem. Until then, remember to pay with PayPal to stay safe and secure!