New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nginx: add EECDH+AESGCM and EDH+AESGCM SSL ciphers #80952
Conversation
The TinyTinyRSS clients that weren't compatible: The browser that wasn't compatible:
|
@fpletz @nh2 What was the justification for removing chacha20 ciphers in? de8008a It seems like either a change was accidentally added to the git commit, or a sneak modification of the cipher list, because neither the commit message nor the PR mentioned this. We should perhaps discuss what the cipher list should be, and then document the choices made (what ciphers are excluded, which ones are included) in the description for In my eyes, there's no reason to exclude ECDHE-ECDSA-CHACHA20-POLY1305 and ECDHE-RSA-CHACHA20-POLY1305 to the cipher list. |
My LineageOS version is a bit old: 15.1-20180709-NIGHTLY-cheeseburger. That might have an effect on the apps too? Unfortunately I haven't been able to update my OS. But anyway, it'd be nice if the web sites and services worked, if they can without compromising security. |
Chacha20-Poly1305 seems to be a part of the following term, it was not removed as you stated.
|
It was removed from the nixos option nginx.sslCiphers in the commit I referenced above. |
No, it was not. Old default:
New default:
|
Strike that. I misread what you were trying to convey |
Just bumped into this too! For some reason my old iPhone running iOS 10 stopped being able to access my website due to some nixpkgs update (can't figure out which one though). I'd really like to know the reason why this suddenly doesn't work anymore. But the fix here looks good to me (not an expert though) and it fixes the problem! It even looks like TLSv1.2 doesn't work at all without this, because
Not sure why, because looking at the supported ciphers before this commit clearly shows some TLSv1.2 ones:
Ping @fpletz |
I think that the cipher and TLS defaults should track Mozilla's TLS configuration generator; it's the most reliably up-to-date source of configurations over the range of security-compatibility in my opinion. I use the Intermediate ciphers in my nginx configuration and experience no issues with TLS v1.2. |
I can confirm that the cipher list from that configuration generator for the intermediate setting works on my iPhone, link: https://ssl-config.mozilla.org/#server=nginx&version=1.16.1&config=intermediate&openssl=1.1.1d&guideline=5.4 |
That is quite interesting. I ran into a similar issue after having upgraded a machine from 19.09 to 20.03 with an Android app but haven't got time to look into this yet. This might be related to an OpenSSL update. Thanks for the PR and comments, I'm going to look into what's causing this ASAP. I agree with @emilazy that we should probably move to Mozilla's recommendations. |
Ok, this regression is really weird. It is not related to the OpenSSL version because the current ciphers won't work with nginx compiled with either libressl or OpenSSL 1.0.2. Also, I confirmed that this works on 19.09 but fails on 20.03 even though we have the same versions of nginx (1.16.1) and OpenSSL (1.1.1d) on both branches. I'm not sure if it's worth bisecting because we should update the cipher suites anyway. I would propose to update the ciphers according to the Mozilla's Intermediate recommendations. Since we had some ciphers that are now considered weak, we should even backport this to 19.09. |
Right!? I tried to start bisecting the issue too, because I was pretty sure updating my nixpkgs from c3414919a539d06a73c41f90dcf2f346523ae585 to ea79a83 caused it, but even after reverting to the old version it wasn't fixed. Reverting a couple more nixpkgs updates I've done didn't seem to help either. Really weird, I feel like there's an impurity lingering somewhere |
This also affects |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/ssl-issue-with-haskell-server-on-nixos/6086/2 |
I really think we should switch over to the Mozilla intermediate cipher set ASAP to resolve these issues in a future-proof and dependably secure way, and probably backport it to 20.03 too. If nobody else feels like doing that I'll try and get it done within the next week. |
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate is reliably kept up-to-date in terms of security and compatible with a wide range of clients. They've probably had more care and thought put into them than our defaults, and will be easier to keep updated in the future. The only removed (rather than changed) configuration option here is ssl_ecdh_curve, per mozilla/server-side-tls#189. Resolves NixOS#80952.
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate is reliably kept up-to-date in terms of security and compatible with a wide range of clients. They've probably had more care and thought put into them than our defaults, and will be easier to keep updated in the future. The only removed (rather than changed) configuration option here is ssl_ecdh_curve, per mozilla/server-side-tls#189. Resolves NixOS#80952. (cherry picked from commit 4ed98d6)
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate is reliably kept up-to-date in terms of security and compatible with a wide range of clients. They've probably had more care and thought put into them than our defaults, and will be easier to keep updated in the future. The only removed (rather than changed) configuration option here is ssl_ecdh_curve, per mozilla/server-side-tls#189. Resolves NixOS#80952. (cherry picked from commit 4ed98d6)
Motivation for this change
In short: Some browsers / apps weren't able to connect to my web sites/services because of cipher mismatch.
I have some web pages and services running behind nginx. I use SSL with:
SSL works for most browsers I've used, but one browser on my Android device and some TinyTinyRSS clients on my Android device refuse to connect because of
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
.I got some help from
dminuoso
in IRC. He pointed this website: https://syslink.pl/cipherlist/Based on that, I added this to my configuration:
After that change, all the browsers and RSS clients managed to connect. So, I decided to make a pull request that modifies the default value.
Disclaimer: I'm not at all familiar with SSL cipher stuff. Someone should review if this change affects security badly.
Do you think this makes sense?
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)