april
commented
4 years ago @gene1wood, this looks fine to me, but I thought I'd run it by you to see if you had any caveats.
Closed sonicdoe closed 4 years ago
april
commented
4 years ago @gene1wood, this looks fine to me, but I thought I'd run it by you to see if you had any caveats.
jrchamp
commented
4 years ago I have very little love for old versions of Windows or Internet Explorer, but I do want to note that's why the DHE-RSA suites are present in Intermediate. If you're okay dropping them, then at least you're doing it on purpose and not on accident. :heart:
sonicdoe
commented
4 years ago I fully agree with keeping compatibility with Internet Explorer 11 on Windows 7 as specified for the Intermediate configuration. Looking at https://github.com/mozilla/server-side-tls/issues/178#issuecomment-506146146, another requirement seems to be keeping compatibility even if the server uses a certificate with an RSA key.
For AWS ALB, I think this is taken care of by ECDHE-RSA-AES128-SHA256 which is not present in the Intermediate configuration but is present in both the old and new security policy. The corresponding IANA name, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, is listed on Qualys SSL Labs’s user agent capabilities page.
april
commented
4 years ago Yep, that was my thought as well. Basically they prefer ECDHE-RSA-AES128-SHA256 over DHE-RSA-AES128-GCM-SHA256, for IE11 support. I don't think either one of them is particularly wrong: they're both somewhat outdated cipher suites and you have to pick one to keep around.
jrchamp
commented
4 years ago Sorry! I missed the fact that the table is not aligned. I read the first column (which is 100% FS and AEAD) and didn't realize the second and third columns were completely different.
This change is a definite improvement because nothing at the Intermediate level is being lost by this change (comparing the before "middle" and the after "right" columns). Not that they're likely to make changes after the fact, but it would make me a bit happier if @awslabs dropped ECDHE-ECDSA-AES128-SHA256 and ECDHE-ECDSA-AES256-SHA384 from that preset.
sonicdoe
commented
4 years ago Sorry, I definitely see how the table can be confusing. To be clear, the old and new security policies are the same except for the new one no longer including AES128-GCM-SHA256, AES128-SHA256, AES256-GCM-SHA384, and AES256-SHA256 (the last four in the middle column).
As to the Intermediate configuration, the security policy shares the first four cipher suites but does not include any ChaCha20-Poly1305 and DHE cipher suites (the last four in the first column). Instead, it includes ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, and ECDHE-RSA-AES256-SHA384.
Looking at the AWS documentation, there’s no security policy stricter than this.
april
commented
4 years ago I haven't heard from @gene1wood, but I think my concerns have been allayed here. :)
Updates the Intermediate configuration for Amazon Web Services’s Application Load Balancer to
ELBSecurityPolicy-FS-1-2-Res-2019-08which was added on October 8, 2019.This policy is the same as the previous
ELBSecurityPolicy-TLS-1-2-2017-01but removes support for AES128-GCM-SHA256, AES128-SHA256, AES256-GCM-SHA384, and AES256-SHA256.Here’s a table comparing the TLS 1.2 cipher suites of the Intermediate configuration, the previous
ELBSecurityPolicy-TLS-1-2-2017-01security policy, and the newELBSecurityPolicy-FS-1-2-Res-2019-08security policy: