tomato42
commented
4 years ago And why expectation of the internet.nl tool is correct but this one isn't?
Closed Dave-09 closed 4 years ago
tomato42
commented
4 years ago And why expectation of the internet.nl tool is correct but this one isn't?
Dave-09
commented
4 years ago If you read the information on the internet in combination with the error message on internet.nl you come to this conclusion.
tomato42
commented
4 years ago which information? what error messages?
Dave-09
commented
4 years ago He says:
Ciphers must be selected based on a descending order of their key and then based on their hash size (Level of requirement: Recommended);
Dutch:
Ciphers moeten gekozen worden op basis van een aflopende volgorde van hun sleutel en dan pas op basis van hun hash-grootte (Niveau van vereistheid: Aanbevolen);
tomato42
commented
4 years ago well, that's their opinion, our opinion and justification for it is here: https://wiki.mozilla.org/Security/Server_Side_TLS
Dave-09
commented
4 years ago I certainly understand you, but we think that internet.nl is right and you are not. We see more websites where it is as at internet.nl:
https://owasp.org/www-project-cheat-sheets/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
Internet.nl is also offered by SIDN, Ministry of Economic Affairs and Climate and NCSC.
These are very large providers that we must expect to be right. Can't you check it again?
tomato42
commented
4 years ago I certainly understand you, but we think that internet.nl is right and you are not.
well, then don't use this config generator
Dave-09
commented
4 years ago It is used by our control panel. That is why we use it.
jrchamp
commented
4 years ago There is no single "right" answer. It's about priorities. The original post has two long lists of ciphers, but the only difference is the order of the last two DHE-RSA ciphers. The recommendation is to use ECDSA if possible, so those two ciphers are never used in a single-cert ECDSA situation. @Dave-09: Do not rely solely on automatically generated lists created and controlled by third parties. These are helpful guidelines that are not intended to be the final say in how you should do things for your situation.
april
commented
4 years ago In this case, I do think that internet.nl is mistaken. I can't think of any particular reason why they would prefer AES-128 for ECDHE but AES-256 for DHE.
@gthess, do you know why this is the case? Thanks!
Dave-09
commented
4 years ago Thanks for the responses! I'll wait for @gthess.
gthess
commented
4 years ago Hi all,
The internet.nl tool checks the TLS configuration based on the guidelines offered by the Dutch National Cyber Security Centre (NCSC). Their approach wrt cipher order includes the following:
[..] Fourth, algorithms are preferred in descending order of their key and then hash size. [..]
AFAIK there is no explicit suggestion for a cipher list on the internet.nl's website's. I think what @Dave-09 refers to is the cipher list in an example apache configuration file we have on github if you want to install and setup your own internet.nl instance. It is a cipher list that passes the test.
I also find the ssl-config-generator's suggestion correct. As the cipher list on the original post corresponds to the intermediate level I find the following justification reasonable:
The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES
We have brought the issue up with the NCSC and that led to ignoring the cipher order test when only GOOD (according to the NCSC) ciphers are used (https://github.com/NLnetLabs/Internet.nl/commit/f9c614f24edf553888074a12179c1dac2a30de33).
All in all I believe @jrchamp 's suggestion about "not rely solely on automatically generated lists" stands true.
@april: I am afraid I don't see your point. Do you refer on the cipher lists presented above and I miss something?
april
commented
4 years ago @april: I am afraid I don't see your point. Do you refer on the cipher lists presented above and I miss something?
Ahhh, in that case it's probably OWASP that is incorrect. I had assumed that OP had verified their information against the official recommendations.
It looks like OWASP matches neither the NCSC recommendations (which has AES-256 > AES-128) nor the Mozilla TLS Guidelines (which have AES-128 > AES-256), but which generally don't matter because we let the browser select inside Intermediate.
I did test my a website using nginx and Intermediate and it passed with internet.nl just fine, so I'm going to close this bug as invalid. Thanks for responding, @gthess, I really appreciate it.
Dear Sir / Madam,
We use your information on: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.4
Now there are tools (such as internet.nl in the Netherlands) that indicate that it is incorrect:
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
That should be:
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256;
Can you adjust it?
Thank you!