[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14603319#comment-14603319
]
ASF subversion and git services commented on TS-3136:
-
Commit 703ccb7108c215cd7357f473c3a9427221ee3b7e in trafficserver's branch
refs/heads/6.0.x from shinrich
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=703ccb7 ]
TS-3136: Update default ciphersuite list. This closes #233
(cherry picked from commit df59f9191e750995821120df198d637792489ace)
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.1
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14601036#comment-14601036
]
ASF subversion and git services commented on TS-3136:
-
Commit df59f9191e750995821120df198d637792489ace in trafficserver's branch
refs/heads/master from shinrich
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=df59f91 ]
TS-3136: Update default ciphersuite list. This closes #233
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14601040#comment-14601040
]
ASF GitHub Bot commented on TS-3136:
Github user asfgit closed the pull request at:
https://github.com/apache/trafficserver/pull/233
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599486#comment-14599486
]
ASF GitHub Bot commented on TS-3136:
Github user shinrich closed the pull request at:
https://github.com/apache/trafficserver/pull/230
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599488#comment-14599488
]
ASF GitHub Bot commented on TS-3136:
GitHub user shinrich opened a pull request:
https://github.com/apache/trafficserver/pull/233
TS-3136: Update default ciphersuite list.
I think this is the final agreed upon list. Review comments and discussion
on TS-3136.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/shinrich/trafficserver ts-3136-2
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/233.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #233
commit 8e0b3ce0b5ea83f6ff0da55ee6546b8e08e0acc5
Author: shinrich shinr...@yahoo-inc.com
Date: 2015-06-24T14:29:25Z
TS-3136: Update default ciphersuite list.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599395#comment-14599395
]
Susan Hinrichs commented on TS-3136:
Talking with more people, some clients (namely Java 7 clients
https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_and_Java) do not support
DH parameters greater than 1024 bits. In ATS, the default parameters are 2048
bits (1024 bit parameters are vulnerable to attack). It is possible that your
increase in error count was due to older clients trying to negotiate DHE but
failing once the too large parameters were presented.
I think this is another argument against enabling DHE protocols by default. To
usefully support DHE, you need to understand your client base.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599671#comment-14599671
]
Susan Hinrichs commented on TS-3136:
@bcall noted that no clients will actually negotiate CHACHA since it is so low
in the list. since CHACHA is not yet widely deployed we are a bit hesitant to
put it on top at this point. So we are removing CHACHA from the default list.
Individual deployments may want to add it depending on their client and server
sets.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14597653#comment-14597653
]
Susan Hinrichs commented on TS-3136:
[~briang] and [~jacksontj] any comments on your experience with DHE?
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14598324#comment-14598324
]
Brian Geffon commented on TS-3136:
--
[~shinrich], basically what we found was that upgrading to 5.2 where we added
DHE support meant that clients could start negotiating DHE and that caused a
spike in ssl_error_ssl, that's about all we ever figured out. We never looked
into the reason behind the error spikes, disabling DHE fixed the issue. Also
[~bcall] did some research and found that basically no sites are using DHE.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14595053#comment-14595053
]
Susan Hinrichs commented on TS-3136:
Agreed. Independent of the DHE in default cipher list issue, enabling DHE
ciphers should be a single step process. I filed TS-3711 to track that issue.
It is a minor issue to reenable.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594463#comment-14594463
]
John Eaglesham commented on TS-3136:
People don't use DHE because of the performance impact, but it's well known to
improve security for a number of reasons and it's use is recommended by, for
example, Mozilla and Qualys. What are the details of the problem Brian Geffon
encountered? If the ATS implementation of DHE is broken we should fix that. If
Brian Geffon has a use case where client's negotiate a DHE-enabled cipher but
can't actually handle a DHE-enabled server then that's interesting and might be
worth disabling DHE for.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594586#comment-14594586
]
Susan Hinrichs commented on TS-3136:
As I recall, with the dhparams enabled, their servers suffered a significant
increase in the ssl_error_ssl stat. I don't think they even had DHE in the
their ciphersuite list. But there were several issues we addressed to work
things out. [~briang], can you remind us of your DHE issue?
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594642#comment-14594642
]
Leif Hedstrom commented on TS-3136:
---
[~shinrich] I'm almost 100% sure that they did have DHE in their Cipher Suite
settings, they had copied one from Mozilla. The confusion / problem arose
during an upgrade from 5.1 (or 2) to 5.3, and suddenly clients started
negotiating DHE. The claim is that some clients would negotiate DHE now, but
fail (hence the increase in ssl_error_ssl stat).
I don't know why this increase in failed negotiation happened. I got the
impression that our implementation was correct, and some client is not, but I
don't have any details. Only [~briang] or [~jacksontj] would have those. The
end result was that we made changes in 5.x such that DHE would not be
negotiated without an explicit dhparam config file (right?)
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594654#comment-14594654
]
Susan Hinrichs commented on TS-3136:
[~zwoop] that is correct. We changed things to the current state. If there is
no dhparams file specific, ATS will not load one for you. So the DHE-
protocosl will not be selected during negotiation.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594711#comment-14594711
]
John Eaglesham commented on TS-3136:
If we want to disable DHE in the default install (which I'm still not confident
is the right thing to do, pending what Brian or Thomas say), it's easier to
administer if we restore the code that applies default DH params from RFC 5114
and remove DHE from the cipher list than to do the inverse or to remove both.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594878#comment-14594878
]
Leif Hedstrom commented on TS-3136:
---
Yeah, I'm +1 on doing the right thing with DHE for 6.0.0. The reason we made
this change was because it theoretically broke backwards compatibility for at
least one user (where they got DHE enabled between upgrading from 5.2.0 to
5.3.0). It was arguable though, since they had set their Cipher list to include
DHE :).
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594125#comment-14594125
]
Susan Hinrichs commented on TS-3136:
And because you cannot have too much fun playing with data, here is the
negotiated cipher table subtotaled by type of cipher
|Cipher Group|% 6/19 list|% 6/18 list|% 5.x default|
|non-PFS block cipher |6.89| 6.86|0.48|
|GCM|35.69 |35.64 |35.79|
|PFS CBC|57.42| 57.5| 40.56|
|RC4|0| 0| 23.18|
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594017#comment-14594017
]
Susan Hinrichs commented on TS-3136:
I ran an experiment to estimate the impact of DHE on our traffic set. I set up
2048 bit dhparams file and inserted the DHE params ciphers right in front of
the non PFS ciphers. The following cipher percentages changed
|_.Cipher|_.6/19 list w/o DHE %|_.6/19 list with DHE %|
|DHE-RSA-AES128-SHA|0|4.12|
|AES128-SHA|5.78|0|
|AES256-SHA|0|1.28|
These don't all add up to equal exchanges. The other ciphers had small shifts
one way or the other. Even with DHE there are still a small percentage of CBC
ciphers that sneak through. I did these test in series, so these aren't the
end-all be-all numbers. I just wanted to get some idea on the scale of the
impact. So broadly speaking by introducing DHE most of the non-PFS ciphers get
shifted over to DHE.
However, I would still argue that we should not include DHE in the default
cipher list. Most of the major sites do not offer DHE. We've had a major ATS
deployer experience an increase in SSL errors that went away when DHE was
removed. If you don't install a good DHParam, the DHE protocol can be hacked.
Therefore, for a default stance, I think an ATS deployment will operate more
securely and with less stability risk if DHE is not included in the
cipher_suites list.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594073#comment-14594073
]
Susan Hinrichs commented on TS-3136:
I spent today running experiments with a variety of cipher_suite strings.
Based on feedback from my previous suggestion and these experiments, my latest
suggested default cipher_suite list is below (which I referred to as the 6/19
list in the comment above).
{code}
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
I think it is a good trade off of security, availability, and reliability for a
good out-of-the-box experience.
My final experiment involved three boxes in the same pod. One running with the
list above (6/19 list). One running the list suggested yesterday (6/18 list).
One running the 5.x default.
There was a little bit of CPU difference. The experiment ran for 100 wall
clock minutes. The CPU time for each scenario was
|Scenario|CPU Time|
|6/19 list|130 minutes|
|6/18 list|152 minutes|
|5.x default|180 minutes|
The summary of negotiated protocols
|Cipher |% list 6/19| % list 6/18|% 5.x list|
|ECDHE-RSA-AES256-GCM-SHA384|0.01 |4.79| 0.02|
|ECDHE-ECDSA-AES256-GCM-SHA384 |0 |0 |0|
|ECDHE-RSA-AES256-SHA384|0 |30.43| 0|
|ECDHE-ECDSA-AES256-SHA384 |0| 0| 0|
|ECDHE-RSA-AES256-SHA |0| 26.92| 0|
|ECDHE-ECDSA-AES256-SHA |0| 0| 0|
|ECDH-RSA-AES256-GCM-SHA384 |0 |0 |0|
|ECDH-ECDSA-AES256-GCM-SHA384 |0 |0 |0|
|ECDH-RSA-AES256-SHA384 |0 |0 |0|
|ECDH-ECDSA-AES256-SHA384 |0 |0 |0|
|ECDH-RSA-AES256-SHA|0 |0 |0|
|ECDH-ECDSA-AES256-SHA |0 |0 |0|
|AES256-GCM-SHA384 |0.32| 0.31| 0|
|AES256-SHA256 |0 |0.16 |0|
|AES256-SHA |0 |5.07| 0|
|ECDHE-RSA-AES128-GCM-SHA256|35.68 |30.85 |35.77|
|ECDHE-ECDSA-AES128-GCM-SHA256 |0 |0 |0|
|ECDHE-RSA-AES128-SHA256|0 |0 |31.71|
|ECDHE-ECDSA-AES128-SHA256 |0 |0 |0|
|ECDHE-RSA-AES128-SHA |57.42 |0.15| 8.85|
|ECDHE-ECDSA-AES128-SHA |0 |0 |0|
|ECDHE-RSA-DES-CBC3-SHA |0 |0 |0|
|ECDHE-ECDSA-DES-CBC3-SHA |0 |0 |0|
|ECDH-RSA-AES128-GCM-SHA256 |0 |0 |0|
|ECDH-ECDSA-AES128-GCM-SHA256 |0 |0 |0|
|ECDH-RSA-AES128-SHA256 |0 |0 |0|
|ECDH-ECDSA-AES128-SHA256 |0 |0 |0|
|ECDH-RSA-AES128-SHA|0 |0 |0|
|ECDH-ECDSA-AES128-SHA |0 |0 |0|
|AES128-GCM-SHA256 |0 |0 |0.42|
|AES128-SHA256 |0 |0 |0|
|DES-CBC3-SHA |0.79 |0.79 |0|
|ECDHE-RSA-RC4-SHA |0| 0 |16.65|
|ECDHE-ECDSA-RC4-SHA|0 |0 |0|
|ECDH-RSA-RC4-SHA |0 |0 |0|
|ECDH-ECDSA-RC4-SHA |0 |0 |0|
|RC4-SHA|0 |0 |6.53|
|RC4-MD5|0 |0 |0|
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594077#comment-14594077
]
Susan Hinrichs commented on TS-3136:
For reference, here is the 5.x default cipher suite list
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2
{code}
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593193#comment-14593193
]
Ivan Ristic commented on TS-3136:
-
I think the proposed cipher suite selection is pretty good in terms of
security, but it can be improved for performance. Here are my suggestions:
- Prefer AES128 over AES256. The latter is about 8% slower (for bulk transfers,
not handshakes) but no better for security. In fact, some believe that AES128
is stronger.
- Prefer SHA non-GCM suites over SHA256 and SHA384. Non-GCM suites that use
SHA256 and SHA384 are _much_ slower over those that use SHA. I never measured
the difference for SHA384, but SHA256 suites are twice as slow (bulk tranfers,
not handshakes) as their SHA counterparts. At the same time, there is no
measurable security advantage. Non-GCM suites use hash functions for integrity
validation in tandem with HMAC and there are no known practical attacks against
them.
- Additionally, SHA256 and SHA384 introduce additional transport overhead (per
each TLS record), because these hashes are substantially larger.
- Side note: despite the same suffix (e.g., SHA256 and SHA384), GCM suites
don't use these hash functions in the same way as non-GCM suites. For that
reason, they're not slow. In fact, they're the fastest suites currently
available. If you're curious, in the names of GCM suites, the SHA256/SHA384
prefix denotes the hashing function used by the protocol's pseudorandom
function (PRF).
- Please make sure that your DH parameters are at least 2048 bits. I don't know
if this isn't the case at the moment, but 1024-bit parameters are very common
and yet weak.
- If you want to be at the cutting edge of TLS performance, consider adding
support for ChaCha20-Poly1305 suites. These are not yet supported by OpenSSL,
but they will be soon. LibreSSL supports them natively. CloudFlare maintain an
OpenSSL fork that adds support. ChaCha20 suites are strong and provide better
performance for mobile users... Chrome has been using them extensively. You
should test, but it may be that simply adding the ChaCha20 suites by name to
your configuration is enough when ATS is running against a library that
supports them. There's a catch when it comes to suite ordering: for desktop
users ChaCha20 should be below GCM suites; for mobile users, ChaCha20 should
come first. I believe the OpenSSL patch handles this. When you look at
CloudFlare's suite configuration
https://www.ssllabs.com/ssltest/analyze.html?d=cloudflare.coms=198.41.214.163
you can see that the ChaCha20 suites are at the end. I believe that OpenSSL
detects mobile users somehow and selects a ChaCha20 suite even though they're
nominally at the bottom. I haven't tested this myself.
[~shinrich] to be absolely sure about any performance degradation, is it
possible that you disconnect two servers from the persistent session storage?
Leave one server with the original cipher suite configuration and try the new
configuration the other.
Source: Bulletproof SSL and TLS, chapter 9. (I am the author.) Disclaimer: all
benchmarks performed on servers that support AES-NI hardware acceleration.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593477#comment-14593477
]
Susan Hinrichs commented on TS-3136:
[~jeaglesham] and [~ivanr] thanks for your comments.
Looking back at the performance numbers that [~davet] did last year, the AES128
vs AES256 performance numbers are consistent with yours Ivan. I'm really
surprised that SHA256 vs SHA would have such a big performance impact. Since
SHA has been broken so long, I just had a knee jerk reaction against it. But I
think you make a good argument that SHA is good enough in that case.
You do bring up a good point about the dhparams. We do provide a means to set
your own, but I think the default is the 1024 bit one, which is no good these
days. [~bcall] what do you think about setting a 2048 bit DHParam by default?
I think [~i.galic] filed a bug on dh params a while back. I'll review the
current state of things.
Since this string is supposed to be reasonable for at least the coming year,
adding ChaCha seems quite reasonable.
I think doing the additional test that you suggest is a good idea. I'll see if
ops will give me two or three machines so I can compare my proposed string from
yesterday, an updated string based on your comments, and potentially the 5.x
default cipher string.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593519#comment-14593519
]
Ivan Ristic commented on TS-3136:
-
That's great, thanks! By the way, if ATS is currently using fixed 1024-bit DH
parameters, chances are that all its DH traffic can be passively decrypted by a
state-level attacker. This was the recent Logjam discovery. If you do decide to
stay with 1024 bits, the only reasonably safe approach is to generate
per-server DH parameters during installation. Although it's best to transition
to 2048-bit parameters, you should be aware that Java command line clients
can't handle anything above 1024 bits.
There is also a performance penalty associated with increasing DH parameters to
2048 bits, but, judging from your numbers, DHE would almost never be used.
Actually, after a closer look, it doesn't seem that you have
EDH-RSA-DES-CBC3-SHA in your proposed configuration. If you add it just before
DES-CBC3-SHA, it's possible that the clients currently using 3DES would use
this cipher suite instead.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593528#comment-14593528
]
Ivan Ristic commented on TS-3136:
-
[~shinrich] the value of keeping DHE around is to use for fallback for clients
that don't support ECDHE. If you don't have DHE, such clients would use the RSA
key exchange instead, leaving their traffic without forward secrecy. Because
the support for ECDHE is widespread, only a small number of clients would be
affected by the removal of DHE, but it's difficult to know exactly how much,
given that everyone's user profile is slightly different. In your example
above, I think that would be below 1%. At that rate, you might argue that the
RSA key exchange is acceptable. For what it's worth, Google doesn't use DHE on
their servers.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593518#comment-14593518
]
Susan Hinrichs commented on TS-3136:
TS-3624 is the bug Igor filed suggesting that we autogenerate DH parameters
periodically. Don't think we want to do that for 6.0 at this point.
The way it currently stands, unless you specify a dhparams file, no dhparams is
registered, so the DHE ciphers won't be negotiated (which explains why my
measurements had no DHE ciphers). At one point in 5.2/5.3 we registered a 2048
bit DH param from RFC 5114, but that messed things up for [~briang] so the
change was backed out and the param is only set if the user specifies it via a
file.
In my opinion for 6.0, we should either:
* Remove DHE from the list of default ciphers
* Re-introduce an auto-generated DH param so the DHE ciphers might get
negotiated.
From a lazy developer's perspective I'd vote for just removing DHE from the
list. It looks like ECDHE is pretty prevalent. Is there big value for
keeping DHE in the defaults?
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593573#comment-14593573
]
Susan Hinrichs commented on TS-3136:
It looks like we have around 5% hitting non-PFS protocols.
I'll add an experiment to set a dh params file (to actually activate the DHE
protocols) and see how much of that 5% we can convert to DHE protocols.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592951#comment-14592951
]
John Eaglesham commented on TS-3136:
Should we prefer AES128 over AES256? AES128 is faster and secure enough for all
reasonable scenarios.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592524#comment-14592524
]
ASF GitHub Bot commented on TS-3136:
GitHub user shinrich opened a pull request:
https://github.com/apache/trafficserver/pull/230
TS-3136: Change default TLS cipher suites
The bug contains a rational for this list as well as some production test
results.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/shinrich/trafficserver ts-3136
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/230.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #230
commit 1024e9ede1dd840f883aa0d6a7d5851940a336e5
Author: shinrich shinr...@yahoo-inc.com
Date: 2015-06-18T21:07:27Z
TS-3136: Change default TLS cipher suites
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592485#comment-14592485
]
Susan Hinrichs commented on TS-3136:
Ran some tests on a production box in Y! Based on those results, I suggest the
following cipher string.
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
The upshot is that we remove RC4, add new ciphers, and rearrange the list to
give preference to cipher attributes in the following order: PFS, then GCM,
then stronger SHA, then stronger AES. 3DES is at the end to scoop up the
remainders.
We tested in the Y! environment which tends to have a wide variety of clients.
Removing RC4 did not seem to significantly impact handshake success rate. CBC
algorithms are also concerning, but if we care about out-of-the-box experience
it looks like the CBC algorithms need to stick around for a while longer.
Here are details of the test
With Y! original cipher string
0.0102% ssl_error_ssl
The number of DES-CBC3-SHA sessions was negligible (45). The Y! initial
configuration has one RC4 algorithm listed kind of early, so the RC4 percentage
was around 30% as [~davet] noted in an earlier comment.
With proposed default cipher string running for an hour
0.009% ssl_error_ssl
The percentage of DES-CBC3-SHA sessions grew to 0.9% of sessions. In my
experiment, it was impossible to isolate the CPU impact of this change. To
test a new cipher without updating all the machines in the production pod, I
remove the test box from the SSL session sharing communication. The test box
experienced around a 30% increase in CPU utilization, but I think that can be
mostly attributed to increased session negotiation since it did not know about
the sessions negotiated by other machines in the pod.
We did one experiment with the RC4 ciphers added after DES-CBC3 as another
measure of how many clients are only willing to do RC4. After about an hour, 2
RC4 sessions were started.
510932 = Total Successful Handshakes
Percentage of various cipher's negotiated
# Start with PFS/GCM ciphers. Give slight preference to AES256 over AES128,
and prefer stronger SHA
0% ECDHE-ECDSA-AES256-GCM-SHA384:
4.2% ECDHE-RSA-AES256-GCM-SHA384:
0% ECDHE-ECDSA-AES128-GCM-SHA256:
30.6% ECDHE-RSA-AES128-GCM-SHA256:
# DHE still gives of PFS but at increased computation cost
0% DHE-RSA-AES256-GCM-SHA384:
0% DHE-DSS-AES256-GCM-SHA384:
0% DHE-RSA-AES128-GCM-SHA256:
0% DHE-DSS-AES128-GCM-SHA256:
# CBC versions of the PFS ciphers
0% ECDHE-ECDSA-AES256-SHA384:
30.6% ECDHE-RSA-AES256-SHA384:
0% ECDHE-ECDSA-AES256-SHA:
27.7% ECDHE-RSA-AES256-SHA:
0% ECDHE-ECDSA-AES128-SHA256:
0% ECDHE-RSA-AES128-SHA256:
0% ECDHE-ECDSA-AES128-SHA:
0.14% ECDHE-RSA-AES128-SHA:
0% DHE-RSA-AES256-SHA256:
0% DHE-DSS-AES256-SHA256:
0% DHE-RSA-AES128-SHA256:
0% DHE-DSS-AES128-SHA256:
0% DHE-RSA-AES256-SHA:
0% DHE-DSS-AES256-SHA:
0% DHE-RSA-AES128-SHA:
0% DHE-DSS-AES128-SHA:
# No PFS, GCM
0.3% AES256-GCM-SHA384:
0% AES128-GCM-SHA256:
# No PFS, CBC
0.2% AES256-SHA256:
0% AES128-SHA256:
4.8% AES256-SHA:
0.5% AES128-SHA:
# 3DES as a last resort
0.9% DES-CBC3-SHA
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14589978#comment-14589978
]
ASF GitHub Bot commented on TS-3136:
Github user persiaAziz closed the pull request at:
https://github.com/apache/trafficserver/pull/223
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588253#comment-14588253
]
Dave Thompson commented on TS-3136:
---
I did some performance tests a while back using ATS. For some relative
general reference ballpark numbers see below. Hardware was AES-NI capable.
3DES was clearly CPU bound, the others were likely network bound in the test
environment.
100% 3DES ciphers, I was able to see 1.5Gbps with ~99% CPU.
100% AES_GCM ciphers, I was able to see 5.3Gbps with 35%CPU.
100% RC4_CBC, 4.5Gbps with 50% CPU.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588169#comment-14588169
]
Susan Hinrichs commented on TS-3136:
[~jacksontj] did the increase in 3DES impact your CPU utilization in a
significant way?
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588316#comment-14588316
]
Dave Thompson commented on TS-3136:
---
Doh, I meant RC4 as in RC4_SHA, That would be a trick to make that stream
cipher CBC :-)
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588193#comment-14588193
]
Thomas Jackson commented on TS-3136:
Nothing noticable-- but TBH both of these are really low in the list of ciphers
we actually see. If we want specific numbers I'd have to wait until I get into
the office. From my perspective RC4 is broken, 3DES is slow. Slow broken :)
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588162#comment-14588162
]
Thomas Jackson commented on TS-3136:
[~shinrich] In our testing/experience you can drop RC4 and as long as you
support 3DES clients will move to that. Granted 3DES isn't super secure, but
its not as broken as RC4 :)
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14586515#comment-14586515
]
Susan Hinrichs commented on TS-3136:
We've had one person review the list internally, and it is queued up with
another. The first reviewer thought the list was ok. But acknowledged it may
not be practical to remove RC4. He also noted that there are problems with CBC
algorithms as well (e.g. BEAST) so it isn't necessarily clear that RC4 is so
much worse.
I'm in the process of trying out the string in production to see what kind of
performance impact it has (does it increase CPU utilization or handshake
failure rate?). Unfortunately due to session sharing in our production farms,
I need to get more clearance to try the new cipher_suite string on all machines
in the group rather than just one.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14586594#comment-14586594
]
John Eaglesham commented on TS-3136:
I think it's better to ship a secure SSL configuration that works for 99% of
users than a configuration that that works everywhere but is also insecure
everywhere. To that end we should probably set the default to TLS 1.2 at the
same time, and then we don't have to worry about CBC ciphers.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583653#comment-14583653
]
Leif Hedstrom commented on TS-3136:
---
Fwiw, I didn't mean to imply that we should just blindly take one of these
cipher suite. What i think is important is that we keep our cipher suite up to
date with TLS changes. Like, eliminate RC4 seems like a good idea.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583609#comment-14583609
]
ASF GitHub Bot commented on TS-3136:
GitHub user persiaAziz opened a pull request:
https://github.com/apache/trafficserver/pull/223
TS-3136: change default cipher suite
TS-3136: change default cipher suite
https://issues.apache.org/jira/browse/TS-3136
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/persiaAziz/trafficserver TS-3136
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/223.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #223
commit 3ec0fd99c7b63801bd6e8ef87e1f91c7c0292e29
Author: Syeda Persia Aziz persia.a...@yahoo.com
Date: 2015-06-12T15:55:42Z
TS-3136: change default cipher suite
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Susan Hinrichs
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583649#comment-14583649
]
ASF GitHub Bot commented on TS-3136:
Github user jpeach commented on the pull request:
https://github.com/apache/trafficserver/pull/223#issuecomment-111547708
How was this tested?
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583654#comment-14583654
]
Bryan Call commented on TS-3136:
[~persiaAziz]
Was this just a copy and paste of the mozilla chiper list? The chiper list
that we had was well tested and ordered based on a lot of usability testing.
We should run this through our security team before changing it.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583658#comment-14583658
]
ASF GitHub Bot commented on TS-3136:
Github user shinrich commented on the pull request:
https://github.com/apache/trafficserver/pull/223#issuecomment-111550501
Persia did basic testing with a browser. I'm going additional tests with
openssl s_client feeding in particular ciphers. Also reviewing the
suggesting cipher list.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583688#comment-14583688
]
Syeda Persia Aziz commented on TS-3136:
---
I agree
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583728#comment-14583728
]
Susan Hinrichs commented on TS-3136:
I think we may want to consider the following string for default. Starting
from the mozilla string that Thomas suggested.
Removed Camilla. Moved ECDHE-ECDSA in front of the ECHDE-RSA versions. Moved
AES256 in front of AES128 versions. Still have 3DES for truly ancient clients.
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583706#comment-14583706
]
Susan Hinrichs commented on TS-3136:
@bcall, do you mean the yahoo security team? Or is there an apache team we
should reach out to?
I did some initial comparisons to the old list and there isn't a huge
difference.
The new list removes the RC4 ciphers.
It adds in the ECDHE-ECDSA version of the ECDHE-RSA ciphers that are in the list
It adds in a number of DHE-* ciphers, more options for PFS
It adds in the camellia cipher
Since we have honor server order on by default, we may want to move the
ECDHE-ECDSA version ahead of the ECDHE-RSA version
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583847#comment-14583847
]
Dave Thompson commented on TS-3136:
---
In march, I did a survey of ciphers selected by various desktopmobile clients
in production hitting our servers, and found approximately 33% hitting were RC4
ciphers (23% ECDHE-RC4, 10% RC4-SHA). Because of the selection bias of AES
first configuration, this means there were a significant number of client not
capable of AES. It's possible that the implementers of those clients were more
afraid of block cipher attacks like BEAST and Lucky13 on AES, than they were
from the various RC4 biasing attacks.
With the new cipher suite selection we would then fall back to triple-DES,
which is a non-trivial bump up in performance degradation.
While ChaCha20+Poly1305 is likely to become the RC4 stream replacement, it's
still a little too early and currently has limited availability.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Syeda Persia Aziz
Labels: compatibility
Fix For: 6.0.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3136) Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14216871#comment-14216871
]
John Eaglesham commented on TS-3136:
We shouldn't change the default cipher list in a point release. Tagging with
compatibility.
Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: John Eaglesham
Fix For: 5.2.0
In TS-3135 [~i.galic] suggested:
{quote}
also, recommendations for a safer ciphersuite:
SSLCipherSuite
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
from https://cipherli.st/
{quote}
[~jacksontj] had responded with:
{quote}
[~i.galic] That cipher quite is geared towards security, but doesn't support
quite a few older clients. I'd recommend we use the suite from mozilla
(https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations)
which is a good mix of security and compatibility:
{code}
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{code}
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
