Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use modern SSL config for Nginx #1127

Merged
merged 4 commits into from Jan 19, 2020
Merged

Use modern SSL config for Nginx #1127

merged 4 commits into from Jan 19, 2020

Conversation

swalkinshaw
Copy link
Member

@swalkinshaw swalkinshaw commented Dec 12, 2019

Fixes #1126

Based off of h5bp's config: https://github.com/h5bp/server-configs-nginx/blob/611ed7507bc200b81867423f6061fe79b2f606e8/h5bp/ssl/policy_modern.conf

Drops TLSv1 and TLSv2.1 and updates the cipher suite.

Cipher suite compatibility details: https://cryptcheck.fr/suite/ECDHE+AES:!SHA
TLS 1.2 compatibility: https://caniuse.com/#feat=tls1-2
TLS 1.3 compatibility: https://caniuse.com/#feat=tls1-3

@austinpray

roles/nginx/templates/h5bp/directive-only/ssl.conf Outdated Show resolved Hide resolved
# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
Copy link
Member

@austinpray austinpray Dec 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES;
Copy link
Member

@austinpray austinpray Dec 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need slightly more time to research this.

I usually defer to https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29

which is

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

But comparing https://cryptcheck.fr/suite/ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

vs

https://cryptcheck.fr/suite/EECDH+CHACHA20:EECDH+AES

I don't really fully understand what I'm looking at.

https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide#cipher-strength

Copy link
Member Author

@swalkinshaw swalkinshaw Dec 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto, it's confusing. Here's more detail on it h5bp/server-configs-nginx#190 (comment)

Copy link
Member

@austinpray austinpray Jan 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well it's been 20 days and I haven't made time to research this. I am using mozilla's recommended ciphers in production:

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

Don't let me hold this PR up then.

@@ -1,9 +1,34 @@
# OCSP stapling...
# ----------------------------------------------------------------------
# | Online Certificate Status Protocol stapling |
Copy link
Member

@austinpray austinpray Dec 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@@ -25,7 +21,7 @@ ssl_session_timeout 24h;
#
# Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets:
#ssl_session_tickets off;
ssl_session_tickets off;
Copy link
Member

@austinpray austinpray Dec 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 this is a good default.

mozilla/server-side-tls#135

Co-Authored-By: Austin Pray <austin@austinpray.com>
@swalkinshaw
Copy link
Member Author

@swalkinshaw swalkinshaw commented Jan 19, 2020

Doing some testing with these new settings:

image

@swalkinshaw
Copy link
Member Author

@swalkinshaw swalkinshaw commented Jan 19, 2020

image

Not sure those WEAK warnings are necessarily bad? (or avoidable)

@austinpray
Copy link
Member

@austinpray austinpray commented Jan 19, 2020

@swalkinshaw afaik the Mozilla ciphers have the same warnings. If you excluded those the browser support would be unacceptably modern.

@swalkinshaw
Copy link
Member Author

@swalkinshaw swalkinshaw commented Jan 19, 2020

@TangRufus are you able to give this a try?

@TangRufus
Copy link
Member

@TangRufus TangRufus commented Jan 19, 2020

Tested on a remote server. Looks good to me.
However, I must admit I don't fully understand all the changes, especially ssl_ciphers and #ssl_early_data on;.

Question: Are we going to bundle the whole https://github.com/h5bp/server-configs-nginx/tree/28cb47df4227f8b8ae562e3a35e0d663a6593279/h5bp in Trellis?

@swalkinshaw
Copy link
Member Author

@swalkinshaw swalkinshaw commented Jan 19, 2020

It would be nice to update them all but that's a much bigger task so I'd rather get the important SSL updates in first.

@swalkinshaw swalkinshaw merged commit 0e0a6a1 into master Jan 19, 2020
6 checks passed
@swalkinshaw swalkinshaw deleted the update-ssl-config branch Jan 19, 2020
@austinpray
Copy link
Member

@austinpray austinpray commented Jan 20, 2020

Should we tag a minor (maybe even major) release and put out a little FYI? This should impact browser support a fair bit. Don't wanna blindside people updating.

@swalkinshaw
Copy link
Member Author

@swalkinshaw swalkinshaw commented Jan 20, 2020

Yes I planned to. Unless you mean like asap? I'll do one tonight/tomorrow

@austinpray
Copy link
Member

@austinpray austinpray commented Jan 20, 2020

Oh no ASAP implied: just meant at some point 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants