Confirmed users
112
edits
Security/Server Side TLS: Difference between revisions
m
Deploying https://github.com/mozilla/server-side-tls/pull/296
(Update certificate lifespans) |
m (Deploying https://github.com/mozilla/server-side-tls/pull/296) |
||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 74: | Line 74: | ||
<p style="max-width: 60em;">OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the <span style="color: gray; font-weight: bold;">Old</span> configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.</p> | <p style="max-width: 60em;">OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the <span style="color: gray; font-weight: bold;">Old</span> configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.</p> | ||
<p style="max-width: 60em;">Different libraries support different cipher suites and refer to them by different names. Mozilla maintains a list of [[Security/Cipher Suites|all known cipher suites]] and their corresponding names.</p> | |||
<br style="clear: right;"> | <br style="clear: right;"> | ||
| Line 88: | Line 90: | ||
* Cipher preference: '''client chooses''' | * Cipher preference: '''client chooses''' | ||
< | <!-- This tabular openssl list can be produced by running "openssl ciphers -V" --> | ||
<pre> | |||
0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD | 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD | ||
0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD | 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD | ||
0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD | 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD | ||
</ | </pre> | ||
* Rationale: | * Rationale: | ||
| Line 100: | Line 103: | ||
== <span style="color:orange;">'''Intermediate'''</span> compatibility (recommended) == | == <span style="color:orange;">'''Intermediate'''</span> compatibility (recommended) == | ||
<p style="max-width: 60em;">For services that don't need compatibility with legacy clients | <p style="max-width: 60em;">For services that don't need compatibility with legacy clients such as Windows XP or old versions of OpenSSL. This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.</p> | ||
* Cipher suites (TLS 1.3): '''TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256''' | * Cipher suites (TLS 1.3): '''TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256''' | ||
* Cipher suites (TLS 1.2): '''ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384''' | * Cipher suites (TLS 1.2): '''ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305''' | ||
* Protocols: '''TLS 1.2, TLS 1.3''' | * Protocols: '''TLS 1.2, TLS 1.3''' | ||
* TLS curves: '''X25519, prime256v1, secp384r1''' | * TLS curves: '''X25519, prime256v1, secp384r1''' | ||
| Line 112: | Line 115: | ||
* Cipher preference: '''client chooses''' | * Cipher preference: '''client chooses''' | ||
< | <!-- This tabular openssl list can be produced by running "openssl ciphers -V" --> | ||
<pre> | |||
0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD | 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD | ||
0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD | 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD | ||
| Line 124: | Line 128: | ||
0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD | 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD | ||
0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD | 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD | ||
</ | 0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD | ||
</pre> | |||
* Rationale: | * Rationale: | ||
| Line 151: | Line 156: | ||
* Cipher preference: '''server chooses''' | * Cipher preference: '''server chooses''' | ||
< | <!-- This tabular openssl list can be produced by running "openssl ciphers -V" --> | ||
<pre> | |||
0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD | 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD | ||
0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD | 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD | ||
| Line 181: | Line 187: | ||
0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 | 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 | ||
0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 | 0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 | ||
</ | </pre> | ||
* Rationale: | * Rationale: | ||
| Line 192: | Line 198: | ||
= JSON version of the recommendations = | = JSON version of the recommendations = | ||
<p style="max-width: 60em;">Mozilla also maintains [https://ssl-config.mozilla.org/guidelines/5. | <p style="max-width: 60em;">Mozilla also maintains [https://ssl-config.mozilla.org/guidelines/5.7.json these recommendations] in JSON format, for automated system configuration. This location is versioned and permanent, and can be referenced in scripts and tools. The file will not change, to avoid breaking tools when we update the recommendations.</p> | ||
<p style="max-width: 60em;">We also maintain a [https://ssl-config.mozilla.org/guidelines/latest.json rolling version] of these recommendations, with the caveat that they may change '''without warning''' and '''without providing backwards compatibility'''. As it may break things if you use it to automatically configure your servers without review, we recommend you use the [https://ssl-config.mozilla.org/guidelines/5. | <p style="max-width: 60em;">We also maintain a [https://ssl-config.mozilla.org/guidelines/latest.json rolling version] of these recommendations, with the caveat that they may change '''without warning''' and '''without providing backwards compatibility'''. As it may break things if you use it to automatically configure your servers without review, we recommend you use the [https://ssl-config.mozilla.org/guidelines/5.7.json version-specific file] instead.</p> | ||
= Version History = | = Version History = | ||
| Line 202: | Line 208: | ||
! Editor | ! Editor | ||
! Changes | ! Changes | ||
|- | |||
| style="text-align: center;" | 5.7 | |||
| style="text-align: center;" | Gene Wood | |||
| Add DHE-RSA-CHACHA20-POLY1305 cipher to the Intermediate configuration | |||
|- | |||
| style="text-align: center;" | 5.6 | |||
| style="text-align: center;" | April King | |||
| Fixed incorrect cipher ordering for the Intermediate configuration | |||
|- | |- | ||
| style="text-align: center;" | 5.5 | | style="text-align: center;" | 5.5 | ||