From 0c0578b01bab7b848c63a599ba0afa1ed43aebf1 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Wed, 10 Jun 2015 12:23:43 -0400 Subject: [PATCH] Split client and server cipher suite list in TLS defaults Per @ewindisch, removing the CBC ciphers from the client preferred TLS cipher suites. This will allow a future version of the server to also remove the CBC ciphers from the accepted list. This changes the server default to client + additional CBC cipher list, and client default to the non-CBC ciphers. Also, cipher order preference is modified so that best and highest-bit count ciphers are most preferred. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- tlsconfig/config.go | 46 +++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/tlsconfig/config.go b/tlsconfig/config.go index ee67f5c..aee2132 100644 --- a/tlsconfig/config.go +++ b/tlsconfig/config.go @@ -24,21 +24,39 @@ type Options struct { KeyFile string } -// Default is a secure-enough TLS configuration. -var Default = tls.Config{ +// Extra (server-side) accepted CBC cipher suites - will phase out in the future +var acceptedCBCCiphers = []uint16{ + tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + tls.TLS_RSA_WITH_AES_256_CBC_SHA, + tls.TLS_RSA_WITH_AES_128_CBC_SHA, +} + +// Client TLS cipher suites (dropping CBC ciphers for client preferred suite set) +var clientCipherSuites = []uint16{ + tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, +} + +// For use by code which already has a crypto/tls options struct but wants to +// use a commonly accepted set of TLS cipher suites, with known weak algorithms removed +var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...) + +// ServerDefault is a secure-enough TLS configuration for the server TLS configuration. +var ServerDefault = tls.Config{ // Avoid fallback to SSL protocols < TLS1.0 MinVersion: tls.VersionTLS10, PreferServerCipherSuites: true, - CipherSuites: []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - }, + CipherSuites: DefaultServerAcceptedCiphers, +} + +// ClientDefault is a secure-enough TLS configuration for the client TLS configuration. +var ClientDefault = tls.Config{ + // Prefer TLS1.2 as the client minimum + MinVersion: tls.VersionTLS12, + CipherSuites: clientCipherSuites, } // certPool returns an X.509 certificate pool from `caFile`, the certificate file. @@ -63,7 +81,7 @@ func certPool(caFile string) (*x509.CertPool, error) { // Client returns a TLS configuration meant to be used by a client. func Client(options Options) (*tls.Config, error) { - tlsConfig := Default + tlsConfig := ClientDefault tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify if !options.InsecureSkipVerify { CAs, err := certPool(options.CAFile) @@ -86,7 +104,7 @@ func Client(options Options) (*tls.Config, error) { // Server returns a TLS configuration meant to be used by a server. func Server(options Options) (*tls.Config, error) { - tlsConfig := Default + tlsConfig := ServerDefault tlsConfig.ClientAuth = options.ClientAuth tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile) if err != nil {