BBlack has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/361879 )
Change subject: ssl_ciphersuite: limit ECDH curves where possible
......................................................................
ssl_ciphersuite: limit ECDH curves where possible
This removes support for secp384r1 and secp521r1 in the common
case (jessie+nginx), possibly other lesser-known curves on
trusty+nginx? Apache doesn't have an easy way to configure this
at all.
The two curves mentioned above are expensive relative to the
default secp256r1, which is sufficient for today's pragmatic
security margins. They're also virtually never used (except
occasional artificial probing) in our stats. At best, they're a
vector for trying to consume CPU on our terminators, and at worst
they're vectors for unknown weaknesses, being so little used and
therefore studied in the TLS context.
X25519 is of course our first preference on installs which have a
new-enough libssl. If the world moves towards larger ECDH curves
in the future, it will likely be in the direction of X448 instead
of the legacy ones anyways, assuming newer PQ-Crypto algs don't
overtake the scene before that's necessary.
Change-Id: I4b5f4261f3538bee3bd4b413d34aef7925e1b3ae
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 8 insertions(+), 0 deletions(-)
Approvals:
BBlack: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index 352b42c..9fd9367 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -162,8 +162,10 @@
# OS / Server -dependant feature flags:
nginx_always_ok = true
dhe_ok = true
+ libssl_has_x25519 = true
if !function_os_version(['debian >= jessie'])
nginx_always_ok = false
+ libssl_has_x25519 = false
if server == 'apache'
dhe_ok = false
end
@@ -191,6 +193,7 @@
output.push('SSLProtocol all -SSLv2 -SSLv3')
end
output.push("SSLCipherSuite #{cipherlist}")
+ # Note: missing config to restrict ECDH curves
output.push('SSLHonorCipherOrder On')
if dhe_ok
output.push('SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem"')
@@ -205,6 +208,11 @@
output.push('ssl_protocols TLSv1 TLSv1.1 TLSv1.2;')
end
output.push("ssl_ciphers #{cipherlist};")
+ if libssl_has_x25519
+ output.push("ssl_ecdh_curve X25519:prime256v1;")
+ else
+ output.push("ssl_ecdh_curve prime256v1;")
+ end
output.push('ssl_prefer_server_ciphers on;')
if dhe_ok
output.push('ssl_dhparam /etc/ssl/dhparam.pem;')
--
To view, visit https://gerrit.wikimedia.org/r/361879
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4b5f4261f3538bee3bd4b413d34aef7925e1b3ae
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
