>> And, if I change nginx to be 'TLSv1.3-only',
>>
>> - ssl_protocols TLSv1.3 TLSv1.2;
>> - ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384
>> TLS13-AES-128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305";
>> + ssl_protocols TLSv1.3;
>> + ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384
>> TLS13-AES-128-GCM-SHA256";
>>
>> even the webserver config check FAILs,
>>
>> nginxconfcheck
>> TLS13-AES-128-GCM-SHA256") failed (SSL: error:1410D0B9:SSL
>> routines:SSL_CTX_set_cipher_list:no cipher match)
>> nginx: configuration file /usr/local/etc/nginx/nginx.conf test
>> failed
>>
>> and the server fails to start.
>
> That's because the cipher string listed contains no valid ciphers.
Sorry, I'm missing something :-/
What's specifically "invalid" about the 3, listed ciphers?
TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384
TLS13-AES-128-GCM-SHA256
as stated here
https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/
OpenSSL has implemented support for five TLSv1.3 ciphersuites
as follows:
TLS13-AES-256-GCM-SHA384
TLS13-CHACHA20-POLY1305-SHA256
TLS13-AES-128-GCM-SHA256
TLS13-AES-128-CCM-8-SHA256
TLS13-AES-128-CCM-SHA256
for
openssl ciphers -stdname -s -V
'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE:!AES128:!SHA1:!SHA256:!SHA384:!COMPLEMENTOFDEFAULT'
0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3
Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 -
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3
Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
0xC0,0x2C - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256)
Mac=AEAD
0xC0,0x30 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
0xCC,0xA9 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xA8 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
using the alias TLSv1.3 ciphersuite names is also fine,
openssl ciphers -stdname -s -V
'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-128-GCM-SHA256:TLS-AES-256-GCM-SHA384:ECDHE:!AES128:!SHA1:!SHA256:!SHA384:!COMPLEMENTOFDEFAULT'
0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3
Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 -
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3
Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
0xC0,0x2C - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256)
Mac=AEAD
0xC0,0x30 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
0xCC,0xA9 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xA8 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
if in nginx config,
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers
"TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE:!AES128:!SHA1:!SHA256:!SHA384:!COMPLEMENTOFDEFAULT";
ssllabs.com/ssltest reports
Configuration
Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
For TLS 1.3 tests, we only support RFC 8446.
Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS
256
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA)
FS 256
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS
128
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH x25519 (eq.
3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072
bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) ECDH x25519
(eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq.
3072 bits RSA) FS 256
on connect to the site, I see connection handshake,
Protocol
TLS 1.3
Cipher Suite
TLS_AES_256_GCM_SHA384
Key Exchange Group
x25519
Signature Scheme
ECDSA-P384-SHA384
switching nginx config
ssl_protocols TLSv1.3;
BREAKS ssllabs testing/reporting (their issue, apparently), but the site itself
still works, with, again, handshake
Protocol
TLS 1.3
Cipher Suite
TLS_AES_256_GCM_SHA384
Key Exchange Group
x25519
Signature Scheme
ECDSA-P384-SHA384
OTOH, if I enable ONLY TLSv1.3 ciphersuites,
ssl_protocols TLSv1.3;
ssl_ciphers
"TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384";
nginxconfcheck indeed FAILs
nginxconfcheck
nginx: [emerg]
SSL_CTX_set_cipher_list("TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384")
failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match)
nginx: configuration file /usr/local/etc/nginx/nginx.conf test
failed
IIUC due to openssl itself apparently being 'unhappy' with that string,
openssl ciphers -stdname -s -V
'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-128-GCM-SHA256:TLS-AES-256-GCM-SHA384'
Error in cipher list
139817124520384:error:1410D0B9:SSL
routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:
WHY it's unhappy with that string is an openssl issue; I've asked 'over there'
abt that ...
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
