Configurable SSL cipher suite #9691
Comments
|
@tgurr and perhaps enforcing TLS v1.2? |
|
@bagasme no objections from my side, maybe it should just be the default setting then. Just a note and directly related to Gitea, we encountered some problems on Windows 7 / Server 2008 when disabling TLSv1.0 and TLSv1.1 in other software, they're EOL anyways, but there may still be use cases for it. |
|
It may be worthwhile to simplify the configuration options to allow picking between some of Mozilla's recommendations (i.e. Modern, Intermediate, or Old), as shown here: https://wiki.mozilla.org/Security/Server_Side_TLS Also, adding onto this: this is TLS, not SSL. It seems pedantic but it is important to mention. |
lunny
added
type/proposal
|
Oh good - I managed to find this when looking for the exact same... Currently, I see: It would certainly be good to get this part of things configurable... |
|
The place to adjust this would likely be in you'd need to add the appropriate settings to |
|
Is this actively being worked on? I got back a network scan showing the same results and was asked if I could disable the potentially vulnerable cipher suites. If this is not on the roadmap for a near future Gitea release I might just install a reverse proxy as a work-around. |
Edited my comment, you are right, I used the ones for SSH (all good), but it seems HTTPS is still not covered, I see I have a reverse proxy set up to get that cleared. |
|
Running 1.15.x, I see a much more sane config without having to alter the app.ini anywhere: Looks like at some point it was tightened up a bit... |
|
Describe the settings, the values it would take and what you expect them to do and it would be relatively easy to implement. |
I will see if I have time to upgrade my Gitea to latest this Monday/tomorrow, then will make it visible to the scanner and see if it still complains, otherwise I'll let you know what ciphers should be removed. |
It's curious that I don't see any 3DES ciphers show up in your overview, while our network scan reports that they are offered by Gitea 1.15.3. Here is the relevant part of the scan report: https://gist.github.com/rmbleeker/13168441a2297e0f10faa39242c072a4 |
It would probably be a good idea to implement this in the way Nginx does it for example: http://nginx.org/en/docs/http/ngx_http_ssl_module.html
edit: since Gitea works with comma separated lists rather than space separated, modified my comment slightly for consistency with other Gitea options that take a list of values. |
Note that I'm running 1.15.x not 1.5.x... Earlier versions did indeed offer everything and the kitchen sink... |
Oops, typo. We're also running 1.15.3. I corrected my earlier post. |
|
I've upgraded to 1.15.4 and made it listen on all interfaces again. My Tenable scanner runs late on Wednesday, so I'll post results on Thursday. |
|
Ok, Tenable shows these two as issues:
|
|
|
I don't see the SSL ciphers you see in your scan. I'm wondering if it has more to do with the systems openssl version? |
I haven't been able to find any guidelines for a naming convention for the options in the app.ini file, but here's a suggestion for the protocols and ciphers:
Here's my suggestion for options to configure the HSTS header:
|
That might be the case if Gitea (or Go) is using the system's OpenSSL for TLS connections. I have Gitea on a RHEL7 system which has OpenSSL 1.0.2k-fips as it's OpenSSL library and seeing the same cipher suites in our scans as @eduardok. |
|
I'm using OpenSSL 1.1.1l - so I'm guessing that explains the cipher selections. Technically, OpenSSL 1.0.2 is no longer in support. |
The developers of OpenSSL might not support it any longer, but as long as RHEL7 is supported, Red Hat supports any of the software that's found in their official repositories. Either way, once we're able to configure the list of ciphers Gitea is allowed to use for TLS connections I'll disable all ciphers using 3DES. |
|
You shouldn't need to. Modify the system policy: (EDIT: Yes, I know this is for RHEL8, but the procedures are pretty much the same) |
Very good point, I've changed it to FUTURE now, and I should know after tomorrow's scan. |
I assume you're on RHEL8 then? Because if these commands to conveniently change the crypto policy system-wide exist on RHEL7, I haven't been able to find them for years. All the documentation I have for RHEL7 suggests that this needs to be configured on a per-application basis, which is why I'm interested in this functionality for Gitea. I would love to be proven wrong though. |
Gitea is running alone on a Fedora 33, and update-crypto-policies is available. It won't be running there for much longer, but it would be nice to clear this doubt before I move it. |
|
Gitea (or Go) itself doesn't depend on openssl. If you want that, you could use nginx as a reverse proxy of Gitea. I mean for a workround before there is any PR to send and merged. |
As indicated by @lunny , update-crypto-policies had no effect, the scan still shows the same weak ciphers. |
|
I wonder why my scan is so different to yours then.... Same gitea version - just I'm using Fedora 34 instead of RHEL7... As a reminder, I get: |
Add options for configuring SSL cipher suite. Fix go-gitea#9691
|
Likely, I do use letsencrypt... |
|
having issue to build 1.15.4 for Alpinelinux because of RSA keys in tests. Basically we found no way to point tests to use pre-configured Ref https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/26273 |
This doesn't seem completely related to this issue and is more related to #17175. I don't understand though as #17376 should have fixed this. So I'm confused as to why this is still happening. It would be helpful to see the contents of /etc/ssh/ssh_config You could patch integrations/git_helper_for_declarative_test.go:withKeyFile() to add another |
|
@zeripath thank you, following |
|
Aha! #17376 only fixed the host key algorithm not the pub key algorithm part of the problem. So you don't need to add ssh-rsa to your host keys but you would need to add it to the publickeys (!) Damn. Need to do a bit more work here. for others wanting to replicate the bug but who have an ssh that has ssh-rsa in by default would disable the ssh-rsa algorithm. (Note that the HostKeyAlgorithms=-ssh-rsa alone works fine) |
|
OK looking at how openssh responds and the gossh server responds - it looks like the gossh server is missing a SSH2_MSG_EXT_INFO response. This looks a lot like we're either going to have to rip out the x/crypto/ssh stuff or get patches in upstream. 😢 (This is being proposed at golang/go#49269) |
I assume this response was meant for #17175 since that issue deals with SSH, whereas this issue deals with SSL/TLS? |
|
@rmbleeker yeah unforunately we have a cross-issue conversation going on. I'll open another issue for @andypost's reported issue. If you're interested in configurable SSL options please look at my PR #17440 |
Description
#913 added configurable SSH cipher suite, it would be nice to have the same to configure the SSL cipher suite since currently TLSv1.0 and TLSv1.1 are still accepted which shouldn't be used in 2020 anymore: https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols
and it would also be nice to configure excludes for TLSv1.2 to get rid of the weak ones there as well / provide a way to configure them in general.
The text was updated successfully, but these errors were encountered: