From b7d2805acb2d6dcee0e319a633a194eda420c34e Mon Sep 17 00:00:00 2001 From: ruslandoga <67764432+ruslandoga@users.noreply.github.com> Date: Wed, 11 Sep 2024 11:54:09 +0700 Subject: [PATCH 1/4] allow configurable cipher suites in CE --- config/runtime.exs | 93 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/config/runtime.exs b/config/runtime.exs index 296f50c435ee..de82c8d798a6 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -329,14 +329,93 @@ config :plausible, PlausibleWeb.Endpoint, # maybe enable HTTPS in CE if config_env() in [:ce, :ce_dev, :ce_test] do if https_port do - https_opts = [ - port: https_port, - ip: listen_ip, - cipher_suite: :compatible, - transport_options: [socket_opts: [log_level: :warning]] - ] + # https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table + # we default to "old" for compatibility with older clients + # please see https://github.com/plausible/analytics/issues/1708#issuecomment-1093891180 for details + cipher_suite = get_var_from_path_or_env(config_dir, "CIPHER_SUITE", "old") + + cipher_suite_opts = + case cipher_suite do + "old" -> + [ + versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2", :"tlsv1.3"], + honor_cipher_order: true, + ciphers: [ + ~c"ECDHE-ECDSA-AES128-GCM-SHA256", + ~c"ECDHE-RSA-AES128-GCM-SHA256", + ~c"ECDHE-ECDSA-AES256-GCM-SHA384", + ~c"ECDHE-RSA-AES256-GCM-SHA384", + ~c"ECDHE-ECDSA-CHACHA20-POLY1305", + ~c"ECDHE-RSA-CHACHA20-POLY1305", + ~c"DHE-RSA-AES128-GCM-SHA256", + ~c"DHE-RSA-AES256-GCM-SHA384", + ~c"DHE-RSA-CHACHA20-POLY1305", + ~c"ECDHE-ECDSA-AES128-SHA256", + ~c"ECDHE-RSA-AES128-SHA256", + ~c"ECDHE-ECDSA-AES128-SHA", + ~c"ECDHE-RSA-AES128-SHA", + ~c"ECDHE-ECDSA-AES256-SHA384", + ~c"ECDHE-RSA-AES256-SHA384", + ~c"ECDHE-ECDSA-AES256-SHA", + ~c"ECDHE-RSA-AES256-SHA", + ~c"DHE-RSA-AES128-SHA256", + ~c"DHE-RSA-AES256-SHA256", + ~c"AES128-GCM-SHA256", + ~c"AES256-GCM-SHA384", + ~c"AES128-SHA256", + ~c"AES256-SHA256", + ~c"AES128-SHA", + ~c"AES256-SHA", + ~c"DES-CBC3-SHA" + ] + ] + + "intermediate" -> + [ + versions: [:"tlsv1.2", :"tlsv1.3"], + honor_cipher_order: true, + ciphers: [ + ~c"ECDHE-ECDSA-AES128-GCM-SHA256", + ~c"ECDHE-RSA-AES128-GCM-SHA256", + ~c"ECDHE-ECDSA-AES256-GCM-SHA384", + ~c"ECDHE-RSA-AES256-GCM-SHA384", + ~c"ECDHE-ECDSA-CHACHA20-POLY1305", + ~c"ECDHE-RSA-CHACHA20-POLY1305", + ~c"DHE-RSA-AES128-GCM-SHA256", + ~c"DHE-RSA-AES256-GCM-SHA384", + # TODO + ~c"DHE-RSA-CHACHA20-POLY1305" + ] + ] + + "modern" -> + [ + versions: [:"tlsv1.3"], + eccs: [:secp256r1, :secp384r1, :secp521r1], + ciphers: [ + ~c"TLS_AES_128_GCM_SHA256", + ~c"TLS_AES_256_GCM_SHA384", + ~c"TLS_CHACHA20_POLY1305_SHA256" + ] + ] + + _ -> + raise ArgumentError, + "Invalid CIPHER_SUITE: #{cipher_suite}. Expected one of: old, intermediate, modern." + end + + https_opts = + [ + port: https_port, + ip: listen_ip, + transport_options: [socket_opts: [log_level: :warning]] + ] + + https_opts = + default_http_opts + |> Config.Reader.merge(cipher_suite_opts) + |> Config.Reader.merge(https_opts) - https_opts = Config.Reader.merge(default_http_opts, https_opts) config :plausible, PlausibleWeb.Endpoint, https: https_opts domain = base_url.host From ad2c7da22c6c36c7f1522f41f1934d30bdf70650 Mon Sep 17 00:00:00 2001 From: ruslandoga <67764432+ruslandoga@users.noreply.github.com> Date: Wed, 11 Sep 2024 14:14:09 +0700 Subject: [PATCH 2/4] just use intermediate compatibility --- config/runtime.exs | 104 ++++++++++----------------------------------- 1 file changed, 23 insertions(+), 81 deletions(-) diff --git a/config/runtime.exs b/config/runtime.exs index de82c8d798a6..66ee485e140e 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -329,93 +329,35 @@ config :plausible, PlausibleWeb.Endpoint, # maybe enable HTTPS in CE if config_env() in [:ce, :ce_dev, :ce_test] do if https_port do - # https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table - # we default to "old" for compatibility with older clients - # please see https://github.com/plausible/analytics/issues/1708#issuecomment-1093891180 for details - cipher_suite = get_var_from_path_or_env(config_dir, "CIPHER_SUITE", "old") - - cipher_suite_opts = - case cipher_suite do - "old" -> - [ - versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2", :"tlsv1.3"], - honor_cipher_order: true, - ciphers: [ - ~c"ECDHE-ECDSA-AES128-GCM-SHA256", - ~c"ECDHE-RSA-AES128-GCM-SHA256", - ~c"ECDHE-ECDSA-AES256-GCM-SHA384", - ~c"ECDHE-RSA-AES256-GCM-SHA384", - ~c"ECDHE-ECDSA-CHACHA20-POLY1305", - ~c"ECDHE-RSA-CHACHA20-POLY1305", - ~c"DHE-RSA-AES128-GCM-SHA256", - ~c"DHE-RSA-AES256-GCM-SHA384", - ~c"DHE-RSA-CHACHA20-POLY1305", - ~c"ECDHE-ECDSA-AES128-SHA256", - ~c"ECDHE-RSA-AES128-SHA256", - ~c"ECDHE-ECDSA-AES128-SHA", - ~c"ECDHE-RSA-AES128-SHA", - ~c"ECDHE-ECDSA-AES256-SHA384", - ~c"ECDHE-RSA-AES256-SHA384", - ~c"ECDHE-ECDSA-AES256-SHA", - ~c"ECDHE-RSA-AES256-SHA", - ~c"DHE-RSA-AES128-SHA256", - ~c"DHE-RSA-AES256-SHA256", - ~c"AES128-GCM-SHA256", - ~c"AES256-GCM-SHA384", - ~c"AES128-SHA256", - ~c"AES256-SHA256", - ~c"AES128-SHA", - ~c"AES256-SHA", - ~c"DES-CBC3-SHA" - ] - ] - - "intermediate" -> - [ - versions: [:"tlsv1.2", :"tlsv1.3"], - honor_cipher_order: true, - ciphers: [ - ~c"ECDHE-ECDSA-AES128-GCM-SHA256", - ~c"ECDHE-RSA-AES128-GCM-SHA256", - ~c"ECDHE-ECDSA-AES256-GCM-SHA384", - ~c"ECDHE-RSA-AES256-GCM-SHA384", - ~c"ECDHE-ECDSA-CHACHA20-POLY1305", - ~c"ECDHE-RSA-CHACHA20-POLY1305", - ~c"DHE-RSA-AES128-GCM-SHA256", - ~c"DHE-RSA-AES256-GCM-SHA384", - # TODO - ~c"DHE-RSA-CHACHA20-POLY1305" - ] - ] - - "modern" -> - [ - versions: [:"tlsv1.3"], - eccs: [:secp256r1, :secp384r1, :secp521r1], - ciphers: [ - ~c"TLS_AES_128_GCM_SHA256", - ~c"TLS_AES_256_GCM_SHA384", - ~c"TLS_CHACHA20_POLY1305_SHA256" - ] - ] - - _ -> - raise ArgumentError, - "Invalid CIPHER_SUITE: #{cipher_suite}. Expected one of: old, intermediate, modern." - end - + # the following configuration is based on https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + # except we make the server choose the cipher preference https_opts = [ port: https_port, ip: listen_ip, - transport_options: [socket_opts: [log_level: :warning]] + transport_options: [socket_opts: [log_level: :warning]], + versions: [:"tlsv1.2", :"tlsv1.3"], + honor_cipher_order: true, + eccs: [:x25519, :x448, :secp256r1, :secp384r1], + ciphers: [ + # Cipher suites (TLS 1.3) + ~c"TLS_AES_128_GCM_SHA256", + ~c"TLS_AES_256_GCM_SHA384", + ~c"TLS_CHACHA20_POLY1305_SHA256", + # Cipher suites (TLS 1.2) + ~c"ECDHE-ECDSA-AES128-GCM-SHA256", + ~c"ECDHE-RSA-AES128-GCM-SHA256", + ~c"ECDHE-ECDSA-AES256-GCM-SHA384", + ~c"ECDHE-RSA-AES256-GCM-SHA384", + ~c"ECDHE-ECDSA-CHACHA20-POLY1305", + ~c"ECDHE-RSA-CHACHA20-POLY1305", + ~c"DHE-RSA-AES128-GCM-SHA256", + ~c"DHE-RSA-AES256-GCM-SHA384", + ~c"DHE-RSA-CHACHA20-POLY1305" + ] ] - https_opts = - default_http_opts - |> Config.Reader.merge(cipher_suite_opts) - |> Config.Reader.merge(https_opts) - + https_opts = Config.Reader.merge(default_http_opts, https_opts) config :plausible, PlausibleWeb.Endpoint, https: https_opts domain = base_url.host From e61c7e5e3100fa9be7161ac38f6bb53e5516cf96 Mon Sep 17 00:00:00 2001 From: ruslandoga <67764432+ruslandoga@users.noreply.github.com> Date: Wed, 11 Sep 2024 15:15:48 +0700 Subject: [PATCH 3/4] configure eccs like mozilla --- config/runtime.exs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/config/runtime.exs b/config/runtime.exs index 66ee485e140e..c8d374371c3c 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -330,7 +330,7 @@ config :plausible, PlausibleWeb.Endpoint, if config_env() in [:ce, :ce_dev, :ce_test] do if https_port do # the following configuration is based on https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - # except we make the server choose the cipher preference + # except we enforce the cipher and ecc order https_opts = [ port: https_port, @@ -338,13 +338,15 @@ if config_env() in [:ce, :ce_dev, :ce_test] do transport_options: [socket_opts: [log_level: :warning]], versions: [:"tlsv1.2", :"tlsv1.3"], honor_cipher_order: true, - eccs: [:x25519, :x448, :secp256r1, :secp384r1], + honor_ecc_order: true, + eccs: [:x25519, :secp256r1, :secp384r1], + supported_groups: [:x25519, :secp256r1, :secp384r1], ciphers: [ - # Cipher suites (TLS 1.3) + # Mozilla recommended cipher suites (TLS 1.3) ~c"TLS_AES_128_GCM_SHA256", ~c"TLS_AES_256_GCM_SHA384", ~c"TLS_CHACHA20_POLY1305_SHA256", - # Cipher suites (TLS 1.2) + # Mozilla recommended cipher suites (TLS 1.2) ~c"ECDHE-ECDSA-AES128-GCM-SHA256", ~c"ECDHE-RSA-AES128-GCM-SHA256", ~c"ECDHE-ECDSA-AES256-GCM-SHA384", From 16f84d25be2534886766a134c98cebfd25d762bb Mon Sep 17 00:00:00 2001 From: ruslandoga <67764432+ruslandoga@users.noreply.github.com> Date: Wed, 11 Sep 2024 19:52:02 +0700 Subject: [PATCH 4/4] drop ciphers with rsa --- config/runtime.exs | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/config/runtime.exs b/config/runtime.exs index bfff8fa78b62..8a48bdf757a2 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -330,7 +330,8 @@ config :plausible, PlausibleWeb.Endpoint, if config_env() in [:ce, :ce_dev, :ce_test] do if https_port do # the following configuration is based on https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - # except we enforce the cipher and ecc order + # except we enforce the cipher and ecc order and only use ciphers with support + # for ecdsa certificates since that's what certbot generates by default https_opts = [ port: https_port, @@ -348,14 +349,8 @@ if config_env() in [:ce, :ce_dev, :ce_test] do ~c"TLS_CHACHA20_POLY1305_SHA256", # Mozilla recommended cipher suites (TLS 1.2) ~c"ECDHE-ECDSA-AES128-GCM-SHA256", - ~c"ECDHE-RSA-AES128-GCM-SHA256", ~c"ECDHE-ECDSA-AES256-GCM-SHA384", - ~c"ECDHE-RSA-AES256-GCM-SHA384", - ~c"ECDHE-ECDSA-CHACHA20-POLY1305", - ~c"ECDHE-RSA-CHACHA20-POLY1305", - ~c"DHE-RSA-AES128-GCM-SHA256", - ~c"DHE-RSA-AES256-GCM-SHA384", - ~c"DHE-RSA-CHACHA20-POLY1305" + ~c"ECDHE-ECDSA-CHACHA20-POLY1305" ] ]