search

moby / buildkit

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
https://github.com/moby/moby/issues/34227
Apache License 2.0
8.25k stars 1.17k forks source link

Add Configuration Option for CipherSuites in TLS Settings #5448

Open jpf-okteto opened 1 month ago

jpf-okteto commented 1 month ago

Currently, the TLS configuration in buildkitd defaults to Go's default cipher suites, which include some weak ciphers (CBC and 64-bit block size).

https://github.com/moby/buildkit/blob/17896f6c47588987d53f626cb2882f330acb934f/cmd/buildkitd/main.go#L741-L744

It would be beneficial to have an option to customize the CipherSuites in the tls.Config to allow users to specify stronger ciphers and avoid using weak ones.

tonistiigi commented 4 weeks ago

I have not evaluated the exact set, but if there are some old ciphers that are weak/not recommended and not used in practice, then we could just disable them without bothering making it configurable. We want to make sure that the older buildkit clients we have shipped can still access the daemon, as well as the modern ones that some 3rd party clients could use. We don't care about backwards compatibility with some old ones that no buildkit client would use anyway.

rgarmas89aws commented 2 weeks ago

Just to provide some insights of vulnerable 3DES ciphers to be removed, along with TLS1.0 and TLS1.1 which should not be enabled anymore if possible:

nmap --script ssl-enum-ciphers -p 443 xxxxxxxxxx Starting Nmap 7.95 ( https://nmap.org ) at 2024-10-23 13:16 CEST Nmap scan report for xxxxx Host is up (0.034s latency).

PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C <<< | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C <<<< | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C <<< | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C. <<< | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C <<< | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C <<<< | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.3: | ciphers: | TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A | TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A | TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdhx25519) - A | cipher preference: server | least strength: C

Nmap done: 1 IP address (1 host up) scanned in 2.83 seconds

Thanks!