Strong ciphers break the test

[maquis196]

Describe the bug So my configured edge router had "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" set, with min version tls 1.2. Federation tester would not work. Possibly broken just fetching the .well-known server file.

To Reproduce Steps to reproduce the behavior:

1. Set your edge router to "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" or its specific version of this
2. Run federation test
3. See failure to talk to domain

Expected behavior I expect the usual federation output of a working matrix instance.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Curl works against the endpoint, so can confirm matrix/server is fetch-able, so could be the specific tool downloading this file? Unfortunately at this time I'm unable to set high ciphers for synapse and low for the above, possible when I have more time though.

[erikjohnston]

The problem with putting such a strong requirement on your TLS handshake is that there will be a bunch of matrix servers out there who can't speak TLS 1.2, and this will break federation for them. Now ideally we should put some guidance out about what the minimum versions should be, but I doubt enough of the world speaks 1.2 for it to be considered as a viable minimum.

Fixing the federation tester to speak 1.2 won't help with any of that, so I'm not sure it'd be an advantage to fix it.

[maquis196]

Future proofing? maybe a warning "your ciphers are too strong for federation use". I only raised this because whilst trying to diagnose my connection, this failing was a red herring is all.

Also, who can't speak tls1.2 out of interest? is that some kind of python2/centos6 aged type thing?

Also handy for private homeserver groups that dont talk to the general populace (arguably).

[erikjohnston]

Yeah, agreed that it'd be useful to make the federation tester check for TLS compatibility (assuming we make some guidelines). Will file a new issue about it.

Also, who can't speak tls1.2 out of interest? is that some kind of python2/centos6 aged type thing?

I think some older versions of distros use openssl 0.9.x versions which don't support it? Or something, I haven't really looked recently if I'm honest.

[erikjohnston]

See https://github.com/matrix-org/matrix-federation-tester/issues/110 and https://github.com/matrix-org/synapse/issues/8316 :slightly_smiling_face:

[maquis196]

Yeah openssl 0.9.x doesnt have tls1.2, I guess that would be anyone on an ancient centos6 install, but even that has openssl1 as an official rpm. Considering the first security advice you read for securing services is disabling tls1.1 thats some old unsupported stuff right there (be nice if they got a warning but joys of legacy software).

Thanks for the tickets!

[erikjohnston]

I could totally believe that I'm just remembering the situation from 2014 or whenever the last time this came up was! When/if we get time to look at the tickets we'll try and figure out the appropriate bounds, which may well include 1.2.

Thanks for flagging this! :+1: Will close this in favour of the others now though