Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When specifying cipher suites, not all are used #9092

Closed
challett opened this issue May 27, 2020 · 2 comments
Closed

When specifying cipher suites, not all are used #9092

challett opened this issue May 27, 2020 · 2 comments
Labels
bug Used to indicate a potential bug core/config

Comments

@challett
Copy link

Describe the bug
When specifying the below cipher suites, not all of them are detected on a scan of the tcp port.
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"

Scan output after restarting vault service:

|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       Forward Secrecy not supported by any cipher
|_  least strength: A

To Reproduce
Steps to reproduce the behavior:

  1. Create cluster
  2. Specify cipher suites listed above in tls config
  3. Restart service
  4. Scan port

Expected behavior
All of the ciphers specified in the config should be offered as below

TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Environment:

  • Vault Server Version (retrieve with vault status): Vault 1.3.1+prem
  • Vault CLI Version (retrieve with vault version): NA
  • Server Operating System/Architecture: RHEL

Vault server configuration file(s):

listener "tcp" {
  tls_cert_file            = "/etc/vault.d/tls.crt"
  tls_key_file             = "/etc/vault.d/tls.key"
  address                  = "0.0.0.0:8200"
  tls_disable              = "false"
  tls_min_version	   = "tls12"
  tls_disable_client_certs = "true"
  tls_cipher_suites        = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
  tls_prefer_server_cipher_suites = "true"
}
storage "consul" {
  address         = "127.0.0.1:7501"
  token           = "censored"
  path            = "vault/"
  scheme          = "https"
  tls_ca_file     = "/etc/vault.d/ca_cert.pem"
  tls_cert_file   = "/etc/vault.d/server_cert.pem"
  tls_key_file    = "/etc/vault.d/server_key.pem"
  tls_skip_verify = "true"
}
seal "azurekeyvault" {
#valid config in here removed
}
ui       = true

Additional context
Add any other context about the problem here.

@austingebauer austingebauer added bug Used to indicate a potential bug core/config labels May 27, 2020
@challett
Copy link
Author

Out of curiosity I created a brand new cluster on 1.4.2-prem and saw the same behviour.

@dp-h
Copy link

dp-h commented Jun 17, 2020

The reason the ciphersuites specified in the configuration are not showing on the list is that they are blacklisted per the HTTP/2 rfc7540 specification: https://tools.ietf.org/html/rfc7540#appendix-A

An HTTP/2 implementation MAY treat the negotiation of any of the following cipher suites with TLS 1.2 as a connection error (Section 5.4.1) of type INADEQUATE_SECURITY:

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA

Are all in that blacklist. The reasoning is given:

Note: This list was assembled from the set of registered TLS
cipher suites at the time of writing. This list includes those
cipher suites that do not offer an ephemeral key exchange and
those that are based on the TLS null, stream, or block cipher type
(as defined in Section 6.2.3 of [TLS12]). Additional cipher
suites with these properties could be defined; these would not be
explicitly prohibited.

The Vault CLI uses http/2 with TLS 1.2 per #6300

Golang http2 https://pkg.go.dev/golang.org/x/net/http2?tab=doc has a setting called PermitProhibitedCipherSuites which defaults to false and why those cipher suites are not showing on your scans.

As a side note, Vault uses this go library to check for ciphers that do fall under the http/2 bad ciphers list, and logs a warning message: https://github.com/jefferai/isbadcipher

Hope this helps.

@dp-h dp-h closed this as completed Jun 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Used to indicate a potential bug core/config
Projects
None yet
Development

No branches or pull requests

3 participants