ssl_ciphers not working

SoftCreatR commented 7 years ago

I'm trying to use the ssl_ciphers from conf file in Nginx 1.13.5. However, it doesn't work:

nginx: [emerg] SSL_CTX_set_cipher_list("[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES") failed (SSL: error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command)
nginx: configuration file /etc/nginx/nginx.conf test failed

I've OpenSSL 1.1.0f installed with the ChaCha20+Poly1305 patch for OpenSSL 1.1.0. Do i need to apply any other patch?

Furthermore, i'm wondering about the TLSv1.3 entry in the ssl_protocols option, because this is just supported in OpenSSL 1.1.1-dev (Draft 18/19/20).

injust commented 7 years ago

The ssl_ciphers directive uses the syntax for BoringSSL's bracketed equal-preference groups, which is not supported by OpenSSL. You can either build nginx with BoringSSL instead, or apply a patch, such as https://gitlab.com/buik/openssl/blob/openssl-patch/openssl-1.1/OpenSSL1.1f-equal-preference-cipher-groups.patch.

About TLS 1.3 support: BoringSSL does support TLS 1.3, so you have the option to go with BoringSSL, or use the OpenSSL 1.1.1-dev.

SoftCreatR commented 7 years ago

Hey,

thank you so far. Using BoringSSL instead seems to work. The only thing i can't make work is TLSv1.3. According to SSLLabs, my nginx only supports TLSv1, TLSv1.1 and TLSv1.2, even after building with --with-openssl-opt=enable-tls1_3 (which worked flawlessly).

And compared to a site that uses CF and Flexible SSL (i guess, others are the same), the results are extremely different. First off all, they have OCSP stapling enabled, which is - afaik - not available in BoringSSL. Furthermore, they support robust forward secrecy, which is not possible with the given cipher suite. The given cipher suites for a CF proxified web looks like this:

# TLS 1.3
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

# TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

# TLS 1.1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

# TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

while the config provided here results in this:

# TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_3DES_EDE_CBC_SHA

# TLS 1.1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

# TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

This one provides TLS_RSA_WITH_3DES_EDE_CBC_SHA, which is insecure.

TL;DR: Could it be, that the config provided here is outdated? It seems, that it doesn't match the current SSL configuration of CF.

SoftCreatR commented 7 years ago

Just switched from boringSSL to OpenSSL 1.1.1-dev (TLSv1.3-draft18). This seems to work and TLSv1.3 is being detected. I also use a different Cipher Suite and i get a 100/100 score on SSLLabs now.

So for now, i'll just sit and wait. Thank you for your input :)

cloudflare / sslconfig

ssl_ciphers not working #81