Split client and server cipher suite list in TLS defaults

Per @ewindisch, removing the CBC ciphers from the client preferred TLS
cipher suites.  This will allow a future version of the server to also
remove the CBC ciphers from the accepted list.

This changes the server default to client + additional CBC cipher list,
and client default to the non-CBC ciphers.

Also, cipher order preference is modified so that best and highest-bit count
ciphers are most preferred.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)

tlsconfig/config.go

@@ -24,21 +24,39 @@ type Options struct {
 	KeyFile            string
 }
 
-// Default is a secure-enough TLS configuration.
+// Extra (server-side) accepted CBC cipher suites - will phase out in the future
-var Default = tls.Config{
+var acceptedCBCCiphers = []uint16{
+	tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+	tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+}
+
+// Client TLS cipher suites (dropping CBC ciphers for client preferred suite set)
+var clientCipherSuites = []uint16{
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+}
+
+// For use by code which already has a crypto/tls options struct but wants to
+// use a commonly accepted set of TLS cipher suites, with known weak algorithms removed
+var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
+
+// ServerDefault is a secure-enough TLS configuration for the server TLS configuration.
+var ServerDefault = tls.Config{
 	// Avoid fallback to SSL protocols < TLS1.0
 	MinVersion:               tls.VersionTLS10,
 	PreferServerCipherSuites: true,
-	CipherSuites: []uint16{
+	CipherSuites:             DefaultServerAcceptedCiphers,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+}
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+
-		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+// ClientDefault is a secure-enough TLS configuration for the client TLS configuration.
-		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+var ClientDefault = tls.Config{
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+	// Prefer TLS1.2 as the client minimum
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+	MinVersion:   tls.VersionTLS12,
-		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+	CipherSuites: clientCipherSuites,
-		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-	},
 }
 
 // certPool returns an X.509 certificate pool from `caFile`, the certificate file.
@@ -63,7 +81,7 @@ func certPool(caFile string) (*x509.CertPool, error) {
 
 // Client returns a TLS configuration meant to be used by a client.
 func Client(options Options) (*tls.Config, error) {
-	tlsConfig := Default
+	tlsConfig := ClientDefault
 	tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
 	if !options.InsecureSkipVerify {
 		CAs, err := certPool(options.CAFile)
@@ -86,7 +104,7 @@ func Client(options Options) (*tls.Config, error) {
 
 // Server returns a TLS configuration meant to be used by a server.
 func Server(options Options) (*tls.Config, error) {
-	tlsConfig := Default
+	tlsConfig := ServerDefault
 	tlsConfig.ClientAuth = options.ClientAuth
 	tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
 	if err != nil {