dcarley · September 24, 2015 08:00
diff --git a/disable_anull_ciphers.patch b/disable_anull_ciphers.patch
 commit a23477e06eecc147927143d07e76a412039e462b
 Author: Dan Carley <[email protected]>
 Date:   Wed Mar 26 08:17:41 2014 +0000

    [#68243876] Disable Nginx SSL/TLS aNULL ciphers

    NB: This commits contains a lot of output and references NOT because I know
    what I'm doing with SSL ciphers. Quite the opposite.

    The upgrade of machines from Lucid to Precise for Platform1 introduced a
    regression in the SSL ciphers that our Nginx config allows. This causes us
    to fail a simple ssllabs.com test with the following..

    https://www.ssllabs.com/ssltest/analyze.html?d=signon.production.alphagov.co.uk&hideResults=on
    ```
    TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)   INSECURE  256
    TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)   INSECURE 112
    TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)   INSECURE  128
    ```

    The newer version of OpenSSL introduces AECDH ciphers that have no
    authentication and aren't disabled by OpenSSL's default exclusion of `NULL`.

    Comparison of Lucid and Precise:
    ```
    dcarley@preview-backend-lb-1:~$ openssl version
    OpenSSL 0.9.8k 25 Mar 2009
    dcarley@preview-backend-lb-1:~$ openssl ciphers | xargs -d: -n1 echo | grep ECDH | wc -l
    0

    dcarley@p1-production-backend-lb-1:~$ openssl version
    OpenSSL 1.0.1 14 Mar 2012
    dcarley@p1-production-backend-lb-1:~$ openssl ciphers | xargs -d: -n1 echo | grep ECDH | wc -l
    32
    ```

    From the OpenSSL `ciphers(1SSL)` docs:
    > eNULL, NULL
    >     the "NULL" ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk they are disabled unless explicitly included.
    >
    > aNULL
    >     the cipher suites offering no authentication. This is currently the anonymous DH algorithms. These cipher suites are vulnerable to a "man in the middle" attack and so their use is normally
    >     discouraged.

    Disable anon ciphers by using `!aNULL`. This is actually Nginx's default
    now, but we override it presumably to disable RC4 or enable MD5? We should
    review those..

    The notify to reload `nginx::service` appears to pick this up fine.

    Before, noting the `AECDH`/`Anon` entries:
    ```
    ➜  sslyze-0_8-osx64  python sslyze.py --sslv3 --tlsv1 --hide_rejected_ciphers 10.1.0.2
    …
      * SSLV3 Cipher Suites :
    …
          Accepted Cipher Suite(s):
            AECDH-DES-CBC3-SHA            Anon
            AECDH-AES256-SHA              Anon
            AECDH-AES128-SHA              Anon
            ECDHE-RSA-AES256-SHA          256 bits
            CAMELLIA256-SHA               256 bits
            AES256-SHA                    256 bits
            ECDHE-RSA-DES-CBC3-SHA        168 bits
            DES-CBC3-SHA                  168 bits
            ECDHE-RSA-AES128-SHA          128 bits
            CAMELLIA128-SHA               128 bits
            AES128-SHA                    128 bits

      * TLSV1 Cipher Suites :
            CAMELLIA256-SHA               256 bits
            AES256-SHA                    256 bits
            ECDHE-RSA-DES-CBC3-SHA        168 bits
            DES-CBC3-SHA                  168 bits
            ECDHE-RSA-AES128-SHA          128 bits
            CAMELLIA128-SHA               128 bits
            AES128-SHA                    128 bits
    ```

    After, noting no `Anon` cipher strengths:
    ```
    ➜  sslyze-0_8-osx64  python sslyze.py --sslv3 --tlsv1 --hide_rejected_ciphers 10.1.0.2
    …
      * TLSV1 Cipher Suites :
    …
          Accepted Cipher Suite(s):
            ECDHE-RSA-AES256-SHA          256 bits
            CAMELLIA256-SHA               256 bits
            AES256-SHA                    256 bits
            ECDHE-RSA-DES-CBC3-SHA        168 bits
            DES-CBC3-SHA                  168 bits
            ECDHE-RSA-AES128-SHA          128 bits
            CAMELLIA128-SHA               128 bits
            AES128-SHA                    128 bits

      * SSLV3 Cipher Suites :
    …
          Accepted Cipher Suite(s):
            ECDHE-RSA-AES256-SHA          256 bits
            CAMELLIA256-SHA               256 bits
            AES256-SHA                    256 bits
            ECDHE-RSA-DES-CBC3-SHA        168 bits
            DES-CBC3-SHA                  168 bits
            ECDHE-RSA-AES128-SHA          128 bits
            CAMELLIA128-SHA               128 bits
            AES128-SHA                    128 bits
    ```

 diff --git a/modules/nginx/files/etc/nginx/ssl.conf b/modules/nginx/files/etc/nginx/ssl.conf
 index b10babc..eb389f6 100644
 --- a/modules/nginx/files/etc/nginx/ssl.conf
 +++ b/modules/nginx/files/etc/nginx/ssl.conf
 @@ -1,6 +1,6 @@
 proxy_set_header          X-Forwarded-Ssl on;
 ssl_protocols             TLSv1 SSLv3;
 -ssl_ciphers               HIGH:!ADH:!kEDH;
 +ssl_ciphers               HIGH:!ADH:!kEDH:!aNULL;
 ssl_prefer_server_ciphers on;

 # FIXME: SSL session cache directives have been moved to nginx.conf as
	commit a23477e06eecc147927143d07e76a412039e462b
	Author: Dan Carley <[email protected]>
	Date: Wed Mar 26 08:17:41 2014 +0000

	[#68243876] Disable Nginx SSL/TLS aNULL ciphers

	NB: This commits contains a lot of output and references NOT because I know
	what I'm doing with SSL ciphers. Quite the opposite.

	The upgrade of machines from Lucid to Precise for Platform1 introduced a
	regression in the SSL ciphers that our Nginx config allows. This causes us
	to fail a simple ssllabs.com test with the following..

	https://www.ssllabs.com/ssltest/analyze.html?d=signon.production.alphagov.co.uk&hideResults=on
	```
	TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) INSECURE 256
	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE 112
	TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) INSECURE 128
	```

	The newer version of OpenSSL introduces AECDH ciphers that have no
	authentication and aren't disabled by OpenSSL's default exclusion of `NULL`.

	Comparison of Lucid and Precise:
	```
	dcarley@preview-backend-lb-1:~$ openssl version
	OpenSSL 0.9.8k 25 Mar 2009
	dcarley@preview-backend-lb-1:~$ openssl ciphers \| xargs -d: -n1 echo \| grep ECDH \| wc -l
	0

	dcarley@p1-production-backend-lb-1:~$ openssl version
	OpenSSL 1.0.1 14 Mar 2012
	dcarley@p1-production-backend-lb-1:~$ openssl ciphers \| xargs -d: -n1 echo \| grep ECDH \| wc -l
	32
	```

	From the OpenSSL `ciphers(1SSL)` docs:
	> eNULL, NULL
	> the "NULL" ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk they are disabled unless explicitly included.
	>
	> aNULL
	> the cipher suites offering no authentication. This is currently the anonymous DH algorithms. These cipher suites are vulnerable to a "man in the middle" attack and so their use is normally
	> discouraged.

	Disable anon ciphers by using `!aNULL`. This is actually Nginx's default
	now, but we override it presumably to disable RC4 or enable MD5? We should
	review those..

	The notify to reload `nginx::service` appears to pick this up fine.

	Before, noting the `AECDH`/`Anon` entries:
	```
	➜ sslyze-0_8-osx64 python sslyze.py --sslv3 --tlsv1 --hide_rejected_ciphers 10.1.0.2
	…
	* SSLV3 Cipher Suites :
	…
	Accepted Cipher Suite(s):
	AECDH-DES-CBC3-SHA Anon
	AECDH-AES256-SHA Anon
	AECDH-AES128-SHA Anon
	ECDHE-RSA-AES256-SHA 256 bits
	CAMELLIA256-SHA 256 bits
	AES256-SHA 256 bits
	ECDHE-RSA-DES-CBC3-SHA 168 bits
	DES-CBC3-SHA 168 bits
	ECDHE-RSA-AES128-SHA 128 bits
	CAMELLIA128-SHA 128 bits
	AES128-SHA 128 bits

	* TLSV1 Cipher Suites :
	CAMELLIA256-SHA 256 bits
	AES256-SHA 256 bits
	ECDHE-RSA-DES-CBC3-SHA 168 bits
	DES-CBC3-SHA 168 bits
	ECDHE-RSA-AES128-SHA 128 bits
	CAMELLIA128-SHA 128 bits
	AES128-SHA 128 bits
	```

	After, noting no `Anon` cipher strengths:
	```
	➜ sslyze-0_8-osx64 python sslyze.py --sslv3 --tlsv1 --hide_rejected_ciphers 10.1.0.2
	…
	* TLSV1 Cipher Suites :
	…
	Accepted Cipher Suite(s):
	ECDHE-RSA-AES256-SHA 256 bits
	CAMELLIA256-SHA 256 bits
	AES256-SHA 256 bits
	ECDHE-RSA-DES-CBC3-SHA 168 bits
	DES-CBC3-SHA 168 bits
	ECDHE-RSA-AES128-SHA 128 bits
	CAMELLIA128-SHA 128 bits
	AES128-SHA 128 bits

	* SSLV3 Cipher Suites :
	…
	Accepted Cipher Suite(s):
	ECDHE-RSA-AES256-SHA 256 bits
	CAMELLIA256-SHA 256 bits
	AES256-SHA 256 bits
	ECDHE-RSA-DES-CBC3-SHA 168 bits
	DES-CBC3-SHA 168 bits
	ECDHE-RSA-AES128-SHA 128 bits
	CAMELLIA128-SHA 128 bits
	AES128-SHA 128 bits
	```

	diff --git a/modules/nginx/files/etc/nginx/ssl.conf b/modules/nginx/files/etc/nginx/ssl.conf
	index b10babc..eb389f6 100644
	--- a/modules/nginx/files/etc/nginx/ssl.conf
	+++ b/modules/nginx/files/etc/nginx/ssl.conf
	@@ -1,6 +1,6 @@
	proxy_set_header X-Forwarded-Ssl on;
	ssl_protocols TLSv1 SSLv3;
	-ssl_ciphers HIGH:!ADH:!kEDH;
	+ssl_ciphers HIGH:!ADH:!kEDH:!aNULL;
	ssl_prefer_server_ciphers on;

	# FIXME: SSL session cache directives have been moved to nginx.conf as