authors | state |
---|---|
Brian Bennett <brian.bennett@joyent.com> |
publish |
SSL and now TLS are the bedrock of on-the-wire security on the Internet. In the recent past, TLS has taken a beating. There have been demonstrated weaknesses in the protocol itself, and in several ciphers and modes. Encryption only gets weaker with time. We also know that attacks are growing more sophisticated, and attackers more determined.
It's time that Triton and Manta do everything they can to support and encourage a higher standard of secure connections.
Currently, Triton and Manta have four endpoints that need to be secured.
- cloudapi
- muppet (Manta loadbalancer)
- sdc-docker
- cmon
CloudapI and muppet currently use stud
to handle TLS termination. Cmon and
sdc-docker handle TLS termination directly in node.js
.
This document will not, itself, evaluate specific TLS implementations, protocol versions, ciphers, etc. However, it is recommended that we adhere to the best known security standards.
At the time of this writing, the following websites are considered to be good, trusted sources of recomended best practices.
- cipherli.st includes recomended settings for various common applications.
- SSL Labs SSL Test Rates HTTP servers A-F
- HT Bridge SSL Server Security Test Rates TLS servers on any port A-F
Therefore, the following enhancements are recomended.
- Remove RC4, it is considered insecure.
- Remove 3DES, it is considered weak.
The current cipher list in stud.conf
for both cloudapi and muppet is:
ciphers = "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:HIGH:RC4-SHA:!MD5:!aNULL:!PSK"
The recomended cipher list for hitch (the successor to stud), as per cipherli.st is:
ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
The minimum change to achieve the intended goal is to remove EECDH+3DES
,
RSA+3DES
, and RC4-SHA
:
ciphers = "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:HIGH:!MD5:!aNULL:!PSK"
Using SSL Labs' handshake simulation, the only client that cannot connect with the existing ciphers is IE6 / XP. The grade is B due to the use of RC4.
Removing only RC4, makes no difference in the handshake simulation. The grade is A.
Removing 3DES as well as RC4, handshake simulation reports that IE6 / XP and IE8 / XP cannot connect. The grade is A.
Using the recomended ciphers from cipherli.st, handshake simulation reports that IE6 / XP, IE8 / XP, Java6u45, and Java7u25 cannot connect. The grade is A.
For compatibility, we've chosen to test with a set of "ancient" and "modern" smartos images, as well as clients. Each base image will be tested with the oldest reasonable application and sdk version, as well as the newest reasonable application and sdk version.
For the application, "reasonable" means the oldest and newest versions available in the pkgsrc repository.
These tests were run against the proposed minimum change as above.
Base Image | Application Version | Library Version | Result |
---|---|---|---|
base64@1.9.1 | nodejs-0.8.26 | node-smartdc@7.0.0[1] | PASS |
base64@1.9.1 | nodejs-0.10.28*[2] | node-manta@1.1.0[3] | PASS |
base64@1.9.1 | nodejs-0.10.28*[4] | node-triton@2.0.0 | PASS |
base64@1.9.1 | python-2.7.3* | python-manta@2.1.1[5] | PASS |
base64@1.9.1 | python-2.7.3* | urllib[6] | PASS |
base64@1.9.1 | jdk-6u26 | java-manta@1.4.0 | PASS |
base64@1.9.1 | nodejs-0.10.28* | node-smartdc@8.1.0* | PASS |
base64@1.9.1 | nodejs-0.10.28* | node-manta@4.3.0* | PASS |
base64@1.9.1 | nodejs-0.10.28* | node-triton@5.2.0* | PASS |
base64@1.9.1 | python-2.7.3* | python-manta@2.6.0* | PASS |
base64@1.9.1 | jdk-8u131* | java-manta@3.0.0* | PASS |
base-64-lts@16.4.1 | nodejs-0.10.48 | node-smartdc@7.0.0 | PASS |
base-64-lts@16.4.1 | nodejs-0.10.48 | node-manta@1.1.0[3] | PASS |
base-64-lts@16.4.1 | nodejs-0.10.48 | node-triton@2.0.0 | PASS |
base-64-lts@16.4.1 | python-2.7.12* | python-manta@2.1.1[5] | PASS |
base-64-lts@16.4.1 | jdk-6u26 | java-manta@1.4.0 | N/A[7] |
base-64-lts@16.4.1 | nodejs-7.5.0* | node-smartdc@8.1.0* | PASS |
base-64-lts@16.4.1 | nodejs-7.5.0* | node-manta@4.3.0* | PASS |
base-64-lts@16.4.1 | nodejs-7.5.0* | node-triton@5.2.0* | PASS |
base-64-lts@16.4.1 | python-2.7.12* | python-manta@2.6.0* | PASS |
base-64-lts@16.4.1 | python-2.7.12* | urllib[6] | PASS |
base-64-lts@16.4.1 | jdk-8u131* | java-manta@3.0.0* | PASS |
* This is the latest available for this image at the time of testing.
- node-smartdc@7.0.0 requires node 0.8.14, therefore 0.6 was not tested
- node-manta does not install properly with node 0.8.26
- node-manta@1.1.0 is the oldest version command line tools
- node-triton@2.0.0 requires node 0.10.0, therefore 0.6 and 0.8 were not tested
- python-manta==2.1.0 is the oldest version with
MANTA_NO_AUTH
- urllib is a python core library so there are not alternate versions
- Older versions of java-manta are not supported, and are not expected to be in use on this image.