New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use modern SSL config for Nginx #1127
Conversation
Based off of h5bp's config: https://github.com/h5bp/server-configs-nginx/blob/611ed7507bc200b81867423f6061fe79b2f606e8/h5bp/ssl/policy_modern.conf Drops TLSv1 and TLSv2.1 and updates the cipher suite. Cipher suite compatibility details: https://cryptcheck.fr/suite/ECDHE+AES:!SHA TLS 1.2 compatibility: https://caniuse.com/#feat=tls1-2 TLS 1.3 compatibility: https://caniuse.com/#feat=tls1-3
# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx | ||
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; | ||
ssl_prefer_server_ciphers on; | ||
ssl_protocols TLSv1.2 TLSv1.3; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; | ||
ssl_prefer_server_ciphers on; | ||
ssl_protocols TLSv1.2 TLSv1.3; | ||
ssl_ciphers EECDH+CHACHA20:EECDH+AES; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need slightly more time to research this.
I usually defer to https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
which is
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
vs
https://cryptcheck.fr/suite/EECDH+CHACHA20:EECDH+AES
I don't really fully understand what I'm looking at.
https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide#cipher-strength
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto, it's confusing. Here's more detail on it h5bp/server-configs-nginx#190 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well it's been 20 days and I haven't made time to research this. I am using mozilla's recommended ciphers in production:
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
Don't let me hold this PR up then.
@@ -1,9 +1,34 @@ | |||
# OCSP stapling... | |||
# ---------------------------------------------------------------------- | |||
# | Online Certificate Status Protocol stapling | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -25,7 +21,7 @@ ssl_session_timeout 24h; | |||
# | |||
# Note that you'll have to define and rotate the keys securely by yourself. In absence | |||
# of such infrastructure, consider turning off session tickets: | |||
#ssl_session_tickets off; | |||
ssl_session_tickets off; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-Authored-By: Austin Pray <austin@austinpray.com>
@swalkinshaw afaik the Mozilla ciphers have the same warnings. If you excluded those the browser support would be unacceptably modern. |
@TangRufus are you able to give this a try? |
Tested on a remote server. Looks good to me. Question: Are we going to bundle the whole https://github.com/h5bp/server-configs-nginx/tree/28cb47df4227f8b8ae562e3a35e0d663a6593279/h5bp in Trellis? |
It would be nice to update them all but that's a much bigger task so I'd rather get the important SSL updates in first. |
Should we tag a minor (maybe even major) release and put out a little FYI? This should impact browser support a fair bit. Don't wanna blindside people updating. |
Yes I planned to. Unless you mean like asap? I'll do one tonight/tomorrow |
Oh no ASAP implied: just meant at some point |
Fixes #1126
Based off of h5bp's config: https://github.com/h5bp/server-configs-nginx/blob/611ed7507bc200b81867423f6061fe79b2f606e8/h5bp/ssl/policy_modern.conf
Drops TLSv1 and TLSv2.1 and updates the cipher suite.
Cipher suite compatibility details: https://cryptcheck.fr/suite/ECDHE+AES:!SHA
TLS 1.2 compatibility: https://caniuse.com/#feat=tls1-2
TLS 1.3 compatibility: https://caniuse.com/#feat=tls1-3
@austinpray