BBlack has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/361879 )
Change subject: ssl_ciphersuite: limit ECDH curves where possible ...................................................................... ssl_ciphersuite: limit ECDH curves where possible This removes support for secp384r1 and secp521r1 in the common case (jessie+nginx), possibly other lesser-known curves on trusty+nginx? Apache doesn't have an easy way to configure this at all. The two curves mentioned above are expensive relative to the default secp256r1, which is sufficient for today's pragmatic security margins. They're also virtually never used (except occasional artificial probing) in our stats. At best, they're a vector for trying to consume CPU on our terminators, and at worst they're vectors for unknown weaknesses, being so little used and therefore studied in the TLS context. X25519 is of course our first preference on installs which have a new-enough libssl. If the world moves towards larger ECDH curves in the future, it will likely be in the direction of X448 instead of the legacy ones anyways, assuming newer PQ-Crypto algs don't overtake the scene before that's necessary. Change-Id: I4b5f4261f3538bee3bd4b413d34aef7925e1b3ae --- M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 1 file changed, 8 insertions(+), 0 deletions(-) Approvals: BBlack: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb index 352b42c..9fd9367 100644 --- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb +++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb @@ -162,8 +162,10 @@ # OS / Server -dependant feature flags: nginx_always_ok = true dhe_ok = true + libssl_has_x25519 = true if !function_os_version(['debian >= jessie']) nginx_always_ok = false + libssl_has_x25519 = false if server == 'apache' dhe_ok = false end @@ -191,6 +193,7 @@ output.push('SSLProtocol all -SSLv2 -SSLv3') end output.push("SSLCipherSuite #{cipherlist}") + # Note: missing config to restrict ECDH curves output.push('SSLHonorCipherOrder On') if dhe_ok output.push('SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem"') @@ -205,6 +208,11 @@ output.push('ssl_protocols TLSv1 TLSv1.1 TLSv1.2;') end output.push("ssl_ciphers #{cipherlist};") + if libssl_has_x25519 + output.push("ssl_ecdh_curve X25519:prime256v1;") + else + output.push("ssl_ecdh_curve prime256v1;") + end output.push('ssl_prefer_server_ciphers on;') if dhe_ok output.push('ssl_dhparam /etc/ssl/dhparam.pem;') -- To view, visit https://gerrit.wikimedia.org/r/361879 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4b5f4261f3538bee3bd4b413d34aef7925e1b3ae Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits