Closed SoftCreatR closed 7 years ago
The ssl_ciphers
directive uses the syntax for BoringSSL's bracketed equal-preference groups, which is not supported by OpenSSL.
You can either build nginx with BoringSSL instead, or apply a patch, such as https://gitlab.com/buik/openssl/blob/openssl-patch/openssl-1.1/OpenSSL1.1f-equal-preference-cipher-groups.patch.
About TLS 1.3 support: BoringSSL does support TLS 1.3, so you have the option to go with BoringSSL, or use the OpenSSL 1.1.1-dev.
Hey,
thank you so far. Using BoringSSL instead seems to work. The only thing i can't make work is TLSv1.3. According to SSLLabs, my nginx only supports TLSv1, TLSv1.1 and TLSv1.2, even after building with --with-openssl-opt=enable-tls1_3
(which worked flawlessly).
And compared to a site that uses CF and Flexible SSL (i guess, others are the same), the results are extremely different. First off all, they have OCSP stapling enabled, which is - afaik - not available in BoringSSL. Furthermore, they support robust forward secrecy, which is not possible with the given cipher suite. The given cipher suites for a CF proxified web looks like this:
# TLS 1.3
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
# TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
# TLS 1.1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
while the config provided here results in this:
# TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_3DES_EDE_CBC_SHA
# TLS 1.1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
# TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
This one provides TLS_RSA_WITH_3DES_EDE_CBC_SHA
, which is insecure.
TL;DR: Could it be, that the config provided here is outdated? It seems, that it doesn't match the current SSL configuration of CF.
Just switched from boringSSL to OpenSSL 1.1.1-dev (TLSv1.3-draft18). This seems to work and TLSv1.3 is being detected. I also use a different Cipher Suite and i get a 100/100 score on SSLLabs now.
So for now, i'll just sit and wait. Thank you for your input :)
I'm trying to use the
ssl_ciphers
from conf file in Nginx 1.13.5. However, it doesn't work:I've OpenSSL 1.1.0f installed with the ChaCha20+Poly1305 patch for OpenSSL 1.1.0. Do i need to apply any other patch?
Furthermore, i'm wondering about the
TLSv1.3
entry in thessl_protocols
option, because this is just supported in OpenSSL 1.1.1-dev (Draft 18/19/20).