Proposal: Tighten up SSL protocols and ciphers in nginx config

[nmaludy]

Problem

TLSv1.1 and older and end of life and not recommended by security professionals. They are not supported in high security environments (such as PCI) and trigger on vulnerability scans.

Our current nginx settings are:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers   EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;

Solution

We should tighten up the SSL protocols and ciphers in NGINX to be TLSv1.2 and higher along with a tighter set of ciphers.

I'm recommending the following settings:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers   TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305;

Places
Some ideas on where we need to make this change (others are welcome):

• https://github.com/StackStorm/st2/blob/master/conf/nginx/st2.conf
• https://github.com/StackStorm/st2/blob/master/conf/HA/nginx/st2.conf.blueprint.sample
• https://github.com/StackStorm/st2/blob/master/conf/HA/nginx/st2.conf.controller.sample
• https://github.com/StackStorm/puppet-st2/blob/master/manifests/profile/web.pp
• https://github.com/StackStorm/ansible-st2/blob/master/roles/StackStorm.nginx/tasks/main.yml

References

• https://wiki.mozilla.org/Security/Server_Side_TLS
• https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

[arm4b]

I noticed there was a discussion in Slack with some pros and cons about different settings, so what is the collective team conclusion about this?

@StackStorm/maintainers especially @nmaludy @punkrokk @blag Are there any security settings which we can take from this and 💯 on-board and which were controversial?

Eg. are there any first take-aways from this to be codified as a PR?

[punkrokk]

@nmaludy Can we enable TLSv2 and add the syntax to enable TLSv3? We should probably add a note about this to the docs also.

My fear related to defaulting to TLSv3 is that we will end up troubleshooting things for new/existing users due to internal IT policy. And it just breaking things like upgrades in a way that a user may not be able to work around easily due to internal enterprise policies.