crypto/tls ciphers and protocol version supported about caddy HOT 6 CLOSED

My opnion:

By default: Secure
i.e: min_version tls1.1
weak ciphers disabled

tls options:

tls cert key {
    protocols ssl3 tlsv1 tls11 tls12
    ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5
}

from caddy.

tls cert key {
    protocols TLSv1 TLSv1.1 TLSv1.2
    ciphers AES128-SHA AES256-SHA DES-CBC3-SHA
    cache 128  #default cache capacity is 64
}

from caddy.

This is on the right track. The syntax you've proposed seems pretty good although the ciphers might be space-separated instead of colon-separated? Also, maybe the protocols could use a dot in the version, for readability? e.g. protocols ssl3 tls1.0 tls1.1 tls1.2 -- although I don't want to allow ssl3, see below.

The default behavior of Caddy must strike a good balance between compatibility and security. As such, I think we should first agree on some solid defaults. Here's what I've come up with so far.

• Session caching: Yes - this is already done thanks to your pull request
• SSLv3: No. I don't even think there's any good reason to allow a user to enable SSLv3.
• RC4: No. The RC4 ciphers are weak.

This should allow Caddy's default HTTPS configuration to score an A on SSL Labs' tests.

If we allow TLS 1.0, I don't think we should allow CBC mode ciphers with it. I need to see if TLS 1.2 is widely enough implemented in clients so that we can drop older TLS support too - at least, for default. So I think we need to do a little more research.

from caddy.

Nice @mholt !

I agree about not support SSLv3, but my concern is with freedom of choice, if for some reason I need use SSLv3, maybe for a legacy device or a test case... I think user can have this choice... maybe we change the option name to something like unsecure_SSLv3, then user need to explicitly select the choice and are advised that this option is not secure...

some statistics:

from: https://jve.linuxwall.info/blog/index.php?post/TLS_Survey (11/2014)

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      85447     18.9264
SSL2 Only                 38        0.0084
SSL3                      449864    99.6443
SSL3 Only                 4443      0.9841
TLS1                      446575    98.9158
TLS1 Only                 736       0.163
TLS1.1                    145266    32.1762
TLS1.1 Only               1         0.0002
TLS1.2                    149921    33.2073
TLS1.2 Only               5         0.0011
TLS1.2 but not 1.1        11888     2.6332

from caddy.

💯 That's super-useful, thank you.

Okay, perhaps we can allow the user to force SSLv3 by specifying it in the protocol list, for compatibility. But with a notice in the documentation that the cipher will be removed from Caddy in a future version. (In fact, any of the ciphers or protocols are subject to removal from Caddy at any time.)

You want to draft a PR?

from caddy.

Perfect @mholt!

Sure! I'll send a PR soon as possible =]

from caddy.