1250454 - Use a more secure TLS configuration on brasstacks & set HSTS headers

Status: RESOLVED FIXED

(Tree Management Graveyard :: OrangeFactor, defect)

Description

[Ed Morley [:emorley]]

Currently:

~/src/cipherscan $ ./analyze.py -t brasstacks.mozilla.com
brasstacks.mozilla.com:443 has bad ssl/tls

Things that are bad:
* remove cipher RC4-SHA

Changes needed to match the old level:
* remove cipher RC4-SHA
* add cipher DES-CBC3-SHA
* use a certificate with sha1WithRSAEncryption signature
* consider enabling OCSP Stapling

Changes needed to match the intermediate level:
* remove cipher RC4-SHA
* disable SSLv3
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher AES128-GCM-SHA256
* remove cipher AES256-GCM-SHA384
* remove cipher RC4-SHA
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-SHA256
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-SHA256
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* disable TLSv1
* disable SSLv3
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

And it gets a "C" on:
https://www.ssllabs.com/ssltest/analyze.html?d=brasstacks.mozilla.com&hideResults=on

Comment 1

[Ed Morley [:emorley]]

I've used the generator at https://mozilla.github.io/server-side-tls/ssl-config-generator/ and chosen the modern config. This also required generating a stronger DHE key (I've created a 2048 bit key), to be passed into `ssl_dhparam`.

brasstacks now gets an "A+" on:
https://www.ssllabs.com/ssltest/analyze.html?d=brasstacks.mozilla.com&hideResults=on

And cipherscan is much happier with it:

~/src/cipherscan $ ./analyze.py -t brasstacks.mozilla.com
brasstacks.mozilla.com:443 has modern ssl/tls

Changes needed to match the old level:
* consider enabling TLSv1
* consider enabling SSLv3
* add cipher DES-CBC3-SHA
* use a certificate with sha1WithRSAEncryption signature
* use DHE of 1024bits and ECC of 256bits
* consider enabling OCSP Stapling

Changes needed to match the intermediate level:
* consider enabling TLSv1
* add cipher AES128-SHA
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* consider enabling OCSP Stapling

(This version of nginx doesn't support OCSP stapling)


The old config for reference (RC4, yuck):

ssl_certificate      ...;
ssl_certificate_key  ...;
ssl_session_timeout  5m;
ssl_protocols  SSLv3 TLSv1;
ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
ssl_prefer_server_ciphers   on;

The new config:

ssl_certificate ...;
ssl_certificate_key ...;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_dhparam ...;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;

Confirmed HSTS set:

[~/src]$ curl -sI https://brasstacks.mozilla.com | grep Security
Strict-Transport-Security: max-age=15768000