From 6716183a6894ddeeb789aaaccd97fc7b5ef8e642 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Mon, 28 Aug 2023 21:30:21 +1000 Subject: [PATCH] http/tls: update to new mozilla recommendations This updates to the Mozilla page (https://wiki.mozilla.org/Security/Server_Side_TLS) v5.7 --- http/tls.lua | 86 ++++++++++++++++++---------------------------------- 1 file changed, 30 insertions(+), 56 deletions(-) diff --git a/http/tls.lua b/http/tls.lua index 9d8fceb2..2c1700c9 100644 --- a/http/tls.lua +++ b/http/tls.lua @@ -19,91 +19,52 @@ end -- "Modern" cipher list local modern_cipher_list = cipher_list { - "ECDHE-ECDSA-AES256-GCM-SHA384"; - "ECDHE-RSA-AES256-GCM-SHA384"; - "ECDHE-ECDSA-CHACHA20-POLY1305"; - "ECDHE-RSA-CHACHA20-POLY1305"; - "ECDHE-ECDSA-AES128-GCM-SHA256"; - "ECDHE-RSA-AES128-GCM-SHA256"; - "ECDHE-ECDSA-AES256-SHA384"; - "ECDHE-RSA-AES256-SHA384"; - "ECDHE-ECDSA-AES128-SHA256"; - "ECDHE-RSA-AES128-SHA256"; + "TLS_AES_128_GCM_SHA256"; + "TLS_AES_256_GCM_SHA384"; + "TLS_CHACHA20_POLY1305_SHA256"; } -- "Intermediate" cipher list local intermediate_cipher_list = cipher_list { - "ECDHE-ECDSA-CHACHA20-POLY1305"; - "ECDHE-RSA-CHACHA20-POLY1305"; "ECDHE-ECDSA-AES128-GCM-SHA256"; "ECDHE-RSA-AES128-GCM-SHA256"; "ECDHE-ECDSA-AES256-GCM-SHA384"; "ECDHE-RSA-AES256-GCM-SHA384"; + "ECDHE-ECDSA-CHACHA20-POLY1305"; + "ECDHE-RSA-CHACHA20-POLY1305"; "DHE-RSA-AES128-GCM-SHA256"; "DHE-RSA-AES256-GCM-SHA384"; - "ECDHE-ECDSA-AES128-SHA256"; - "ECDHE-RSA-AES128-SHA256"; - "ECDHE-ECDSA-AES128-SHA"; - "ECDHE-RSA-AES256-SHA384"; - "ECDHE-RSA-AES128-SHA"; - "ECDHE-ECDSA-AES256-SHA384"; - "ECDHE-ECDSA-AES256-SHA"; - "ECDHE-RSA-AES256-SHA"; - "DHE-RSA-AES128-SHA256"; - "DHE-RSA-AES128-SHA"; - "DHE-RSA-AES256-SHA256"; - "DHE-RSA-AES256-SHA"; - "ECDHE-ECDSA-DES-CBC3-SHA"; - "ECDHE-RSA-DES-CBC3-SHA"; - "EDH-RSA-DES-CBC3-SHA"; - "AES128-GCM-SHA256"; - "AES256-GCM-SHA384"; - "AES128-SHA256"; - "AES256-SHA256"; - "AES128-SHA"; - "AES256-SHA"; - "DES-CBC3-SHA"; - "!DSS"; + "DHE-RSA-CHACHA20-POLY1305"; } -- "Old" cipher list local old_cipher_list = cipher_list { - "ECDHE-ECDSA-CHACHA20-POLY1305"; - "ECDHE-RSA-CHACHA20-POLY1305"; - "ECDHE-RSA-AES128-GCM-SHA256"; "ECDHE-ECDSA-AES128-GCM-SHA256"; - "ECDHE-RSA-AES256-GCM-SHA384"; + "ECDHE-RSA-AES128-GCM-SHA256"; "ECDHE-ECDSA-AES256-GCM-SHA384"; + "ECDHE-RSA-AES256-GCM-SHA384"; + "ECDHE-ECDSA-CHACHA20-POLY1305"; + "ECDHE-RSA-CHACHA20-POLY1305"; "DHE-RSA-AES128-GCM-SHA256"; - "DHE-DSS-AES128-GCM-SHA256"; - "kEDH+AESGCM"; - "ECDHE-RSA-AES128-SHA256"; + "DHE-RSA-AES256-GCM-SHA384"; + "DHE-RSA-CHACHA20-POLY1305"; "ECDHE-ECDSA-AES128-SHA256"; - "ECDHE-RSA-AES128-SHA"; + "ECDHE-RSA-AES128-SHA256"; "ECDHE-ECDSA-AES128-SHA"; - "ECDHE-RSA-AES256-SHA384"; + "ECDHE-RSA-AES128-SHA"; "ECDHE-ECDSA-AES256-SHA384"; - "ECDHE-RSA-AES256-SHA"; + "ECDHE-RSA-AES256-SHA384"; "ECDHE-ECDSA-AES256-SHA"; + "ECDHE-RSA-AES256-SHA"; "DHE-RSA-AES128-SHA256"; - "DHE-RSA-AES128-SHA"; - "DHE-DSS-AES128-SHA256"; "DHE-RSA-AES256-SHA256"; - "DHE-DSS-AES256-SHA"; - "DHE-RSA-AES256-SHA"; - "ECDHE-RSA-DES-CBC3-SHA"; - "ECDHE-ECDSA-DES-CBC3-SHA"; - "EDH-RSA-DES-CBC3-SHA"; "AES128-GCM-SHA256"; "AES256-GCM-SHA384"; "AES128-SHA256"; "AES256-SHA256"; "AES128-SHA"; "AES256-SHA"; - "AES"; "DES-CBC3-SHA"; - "HIGH"; - "SEED"; "!aNULL"; "!eNULL"; "!EXPORT"; @@ -458,6 +419,15 @@ local spec_to_openssl = { TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "ECDHE-PSK-CHACHA20-POLY1305"; TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = "DHE-PSK-CHACHA20-POLY1305"; TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = "RSA-PSK-CHACHA20-POLY1305"; + + + -- TLS v1.3 cipher suites + + TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256"; + TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384"; + TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256"; + TLS_AES_128_CCM_SHA256 = "TLS_AES_128_CCM_SHA256"; + TLS_AES_128_CCM_8_SHA256 = "TLS_AES_128_CCM_8_SHA256"; } -- Banned ciphers from https://http2.github.io/http2-spec/#BadCipherSuites @@ -750,13 +720,17 @@ local default_tls_options = openssl_ctx.OP_NO_COMPRESSION + openssl_ctx.OP_SINGLE_ECDH_USE + openssl_ctx.OP_NO_SSLv2 + openssl_ctx.OP_NO_SSLv3 + + openssl_ctx.OP_NO_SSLv3 + + openssl_ctx.OP_NO_TLSv1 + + openssl_ctx.OP_NO_TLSv1_1 + + openssl_ctx.OP_NO_TICKET local function new_client_context() local ctx = openssl_ctx.new("TLS", false) ctx:setCipherList(intermediate_cipher_list) ctx:setOptions(default_tls_options) if ctx.setGroups then - ctx:setGroups("P-521:P-384:P-256") + ctx:setGroups("P-521:P-384:P-256:X25519") else ctx:setEphemeralKey(openssl_pkey.new{ type = "EC", curve = "prime256v1" }) end