[tor-bugs] #32351 [Internal Services/Tor Sysadmin Team]: review our ssl ciphers suite

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 11 13:34:26 UTC 2020


#32351: review our ssl ciphers suite
-------------------------------------------------+---------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by weasel):

 not just the cipher suites, but also the protocols.

 [copying from #33591]:
 I think we should disable these old protocols.

 This would additionally break, if I read https://www.ssllabs.com/ssltest/
 right (I am comparing old www.debian.org with post-change www.debian.org):

 # Not simulated clients (Protocol mismatch)
 Android 2.3.7   No SNI 2                Protocol mismatch (not simulated)
 Android 4.0.4   Protocol mismatch (not simulated)
 Android 4.1.1   Protocol mismatch (not simulated)
 Android 4.2.2   Protocol mismatch (not simulated)
 Android 4.3     Protocol mismatch (not simulated)
 Baidu Jan 2015  Protocol mismatch (not simulated)
 IE 7 / Vista    Protocol mismatch (not simulated)
 IE 8-10 / Win 7  R              Protocol mismatch (not simulated)
 IE 10 / Win Phone 8.0   Protocol mismatch (not simulated)
 Java 7u25       Protocol mismatch (not simulated)
 OpenSSL 0.9.8y  Protocol mismatch (not simulated)
 Safari 5.1.9 / OS X 10.6.8      Protocol mismatch (not simulated)
 Safari 6.0.4 / OS X 10.8.4  R           Protocol mismatch (not simulated)


 Safari 6 / iOS 6.0.1    Server sent fatal alert: handshake_failure
 Safari 7 / iOS 7.1  R           Server sent fatal alert: handshake_failure
 Safari 7 / OS X 10.9  R         Server sent fatal alert: handshake_failure
 Safari 8 / iOS 8.4  R           Server sent fatal alert: handshake_failure
 Safari 8 / OS X 10.10  R                Server sent fatal alert:
 handshake_failure
 IE 11 / Win Phone 8.1  R                Server sent fatal alert:
 handshake_failure

 the following already don't work:
 IE 8 / XP   No FS 1       No SNI 2              Server sent fatal alert:
 handshake_failure
 Java 6u45   No SNI 2            Client does not support DH parameters >
 1024 bits
 IE 6 / XP   No FS 1       No SNI 2              Protocol mismatch (not
 simulated)


 this is the debian.org diff, tor's would be very similar:

 {{{
 --- a/modules/apache2/templates/puppet-config.erb
 +++ b/modules/apache2/templates/puppet-config.erb
 @@ -1,13 +1,11 @@
  <IfModule mod_ssl.c>
 -  SSLProtocol all -SSLv2 -SSLv3
 -  SSLHonorCipherOrder On
 -
 -  # this is a list that seems suitable as of 2014-10, when running
 wheezy.  It
 -  # probably requires re-visiting regularly.
 -  # 2018-07-17
 -  #  https://mozilla.github.io/server-side-tls/ssl-config-
 generator/?server=apache-2.4.25&openssl=1.0.2l&hsts=yes&profile=intermediate
 -  #  https://mozilla.github.io/server-side-tls/ssl-config-
 generator/?server=apache-2.4.25&openssl=1.1.0&hsts=no&profile=intermediate
 -  SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-
 CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-
 SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-
 AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256
 :ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384
 :ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA
 :ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-
 AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-
 CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-
 SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 +  # this is a list that seems suitable as of 2020-03, when running buster
 +  # (Debian 10).  It probably requires re-visiting regularly.
 +  # 2020-03-11
 +  #  https://ssl-
 config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1d&guideline=5.4
 +  SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
 +  SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128
 -GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
 :ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128
 -GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 +  SSLHonorCipherOrder     off

    SSLUseStapling On
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32351#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list