No PFS, old MAC (Sha1) and the ciphers could use an update too.
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
mailman: SSL settings to Apache 2.4 and "mid" | operations/puppet | production | +7 -1 |
Event Timeline
Does this need to be confidential, given it's just about dealing with SSL issues that anyone can see?
I was uncertain when I opened this bug, if it was confidential or not. I have no problem if this is switched to public (a similar bg about the OTRS is public after all).
The TLS setup on this box is definitely awful. Many of the necessary changes are probably blocked by outdated software, so linking this to the jessie upgrade that sodium is long overdue for.
Looking at the config now it already uses <%= @ssl_settings.join("\n") %> and $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365')
That means the settings are taken from the global place, HSTS is enabled with 1 year expiry and the rest will be solved by switching to Apache 2.4.
as to the "compat" part, after upgrading we will have 3 options, "strong", "mid" or keeping "compat". I'm pasting the comments from wmflib here:
17 # - strong: Only TLSv1.2 with PFS+AEAD ciphers. In practice this is a 18 # very short list, and requires a very modern client. No 19 # tradeoff is made for compatibility. Known to work with: 20 # New FF/Chrome, IE11, Java8, Android 4.4+, OpenSSL 1.0.x 21 # Definitely broken with: All Safari (OSX/iOS). 22 # IE11 support requires either DHE support or an ECDSA key. 23 # - mid: Supports TLSv1.0 and higher, and adds several forward-secret 24 # options which are not AEAD. This is compatible with many 25 # more clients than "strong". With a DHE-capable server, 26 # should only be incompatible with IE8/XP, ancient/un-updated 27 # Java6, and some small corner cases like Nokia feature 28 # phones. With a non-DHE server, compatibility is also lost 29 # with Android 2.x, OpenSSL 0.9.8, and more Java6 clients. 30 # - compat: Supports most legacy clients, PFS optional but preferred.
I would say "strong" is out because it excludes too many clients for a very public service like lists. "mid" might be a reasonable choice, just no IE8 then. or we have to stay with "compat"
Change 232420 had a related patch set uploaded (by Dzahn):
mailman: SSL settings to Apache 2.4 and "mid"
what it will be soon on fermium with the "mid" setting:
per ssllabs.com:
Protocol Support: 95/100
Secure Renegotiation Supported
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported - This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
Forward Secrecy Yes (with most browsers) ROBUST
Strict Transport Security (HSTS) Yes max-age=31536000 - This server supports HTTP Strict Transport Security with long duration.
Public Key Pinning (HPKP) No
Issuer RapidSSL SHA256 CA - G3
who will not be able to connect anymore ( Protocol or cipher suite mismatch):
Android 2.3.7
IE 6 / XP
IE 8 / XP
Java 6u45
OpenSSL 0.9.8y
we are now rated Grade A+ by ssllabs
https://www.ssllabs.com/ssltest/analyze.html?d=lists.wikimedia.org
Forward Secrecy Yes (with most browsers) ROBUST
uses SHA256 instead of SHA1
ciphers updated , now on Apache 2.4
apparently this broke support for the "listadmin" script below, but i don't know if we can do much about it since the last update of that script seems to be 2007 and our cipher settings are rated as modern and don't exclude many clients: (https://www.ssllabs.com/ssltest/analyze.html?d=lists.wikimedia.org&latest < mutante> clients we exclude: Java6, openssl 0.9.8, IE6/IE8 on XP)
10:37 < marktraceur> http://www.freecode.com/projects/listadmin
10:38 < marktraceur> ERROR: fetching https://lists.wikimedia.org/mailman/admindb/wikimedia-us-mn
10:38 < marktraceur> ERROR: 500 SSL negotiation failed: -- skipping list