Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nginx ssl params config is wrong #230

Closed
ErisDS opened this issue Jun 26, 2017 · 7 comments · Fixed by #252
Closed

Nginx ssl params config is wrong #230

ErisDS opened this issue Jun 26, 2017 · 7 comments · Fixed by #252
Assignees
@kirrg001
Labels
bug rogue
Milestone
1.0.0-rc.1

Comments

@ErisDS
Copy link
Member

ErisDS commented Jun 26, 2017

See TryGhost/Ghost#8614 for background

in https://github.com/TryGhost/Ghost-CLI/blob/master/lib/services/nginx/files/ssl-params.conf#L12

this line:

add_header X-Frame-Options DENY;

Prevents ghost exports from working.

I'm not sure where these params came from, but they possibly need review to ensure they're not going to have other side effects.

cc @sebgie
@kirrg001 kirrg001 added this to the 1.0.0-rc.1 milestone Jun 26, 2017
@kirrg001 kirrg001 added the bug label Jun 26, 2017
@acburdine
Copy link
Member

I pulled that config from https://cipherli.st but I found one also at https://mozilla.github.io/server-side-tls/ssl-config-generator/ - the Mozilla one doesn't have the X-Frame-Options header so will look at switching to that config.

@sebgie
Copy link
Contributor

sebgie commented Jun 26, 2017
edited
Loading

No objection to using stricter cypher rules/additional security headers. X-Frame-Options: SAMEORIGIN would imo make the download work and still deny malicious attempts to use frames?

Don't know if anyone uses Ghost in an embedded frame though?

@PaszaVonPomiot
Copy link

PaszaVonPomiot commented Jun 26, 2017
edited
Loading

@acburdine with nginx config you need to consider compatibility vs security. By not including TLS1.0 you are preventing some Internet Explorer and older Android browsers from openning the page. But that may be a problem only if you don't use HSTS Just so you are aware.

I also found that the best cipher setup is following:
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
It will have little or no compatibility impact..

@kirrg001 kirrg001 self-assigned this Jun 27, 2017
@ErisDS ErisDS added the rogue label Jun 27, 2017
@ErisDS ErisDS mentioned this issue Jun 27, 2017
Closed
55 tasks
@kirrg001
Copy link
Contributor

@sebgie Any input on ssl_ciphers? Right now we are using EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH in the CLI. There are some best practises out there, but i would like to hear your opinion.

kirrg001 added a commit to kirrg001/Ghost-CLI that referenced this issue Jun 27, 2017
@kirrg001
🎨 X-Frame-Options SAMEORIGIN
89fc764 
refs TryGhost#230

- change x-frame-options from DENY to SAMEORIGIN
- SAMEORIGIN: This setting will allow the page to be displayed in a frame on the same origin as the page itself.
- background: if we deny x-frame-options, we can't export content/database
@kirrg001 kirrg001 mentioned this issue Jun 27, 2017
Merged
@jloh
Copy link
Member

jloh commented Jun 28, 2017

Mozillas SSL generator suggests these:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

My 2cents would be following their recommendation for the best mix of client compatibility vs security!

@PaszaVonPomiot
Copy link

Running simulation with Mozilla "Intermediate" settings for nginx gives following compatibility:

 Running browser simulations via sockets (experimental)

 Android 2.3.7                    TLSv1.0 DHE-RSA-AES128-SHA
 Android 4.1.1                    TLSv1.0 ECDHE-RSA-AES128-SHA
 Android 4.2.2                    TLSv1.0 ECDHE-RSA-AES128-SHA
 Android 4.4.2                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 5.0.0                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 6.0                      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 7.0                      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Baidu Jan 2015                   TLSv1.0 ECDHE-RSA-AES128-SHA
 BingPreview Jan 2015             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Chrome 48 OS X                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Chrome 51 Win 7                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Edge 13 Win 10                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Edge 13 Win Phone 10             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Firefox 45 Win 7                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Firefox 49 Win 7                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Firefox 49 XP SP3                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Googlebot Feb 2015               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 IE 11 Win 10                     TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 IE 11 Win 7                      TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 IE 11 Win 8.1                    TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 IE 11 Win Phone 8.1              TLSv1.2 ECDHE-RSA-AES128-SHA256
 IE 11 Win Phone 8.1 Update       TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 IE 6 XP                          No connection
 IE 7 Vista                       TLSv1.0 ECDHE-RSA-AES128-SHA
 IE 8 Win 7                       TLSv1.0 ECDHE-RSA-AES128-SHA
 IE 8 XP                          TLSv1.0 DES-CBC3-SHA
 Java 6u45                        TLSv1.0 DHE-RSA-AES128-SHA
 Java 7u25                        TLSv1.0 ECDHE-RSA-AES128-SHA
 Java 8b132                       TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 OpenSSL 1.0.1l                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 OpenSSL 1.0.2e                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Opera 17 Win 7                   TLSv1.2 ECDHE-RSA-AES128-SHA256
 Safari 5.1.9 OS X 10.6.8         TLSv1.0 ECDHE-RSA-AES128-SHA
 Safari 6.0.4 OS X 10.8.4         TLSv1.0 ECDHE-RSA-AES128-SHA
 Safari 7 OS X 10.9               TLSv1.2 ECDHE-RSA-AES128-SHA256
 Safari 8 OS X 10.10              TLSv1.2 ECDHE-RSA-AES128-SHA256
 Safari 9 iOS 9                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Safari 9 OS X 10.11              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Safari 10 OS X 10.12             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Apple ATS 9 iOS 9                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Tor 17.0.9 Win 7                 TLSv1.0 ECDHE-RSA-AES128-SHA
 Yahoo Slurp Jan 2015             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 YandexBot Jan 2015               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

For "Modern" settings compatibility is following:

 Running browser simulations via sockets (experimental)

 Android 2.3.7                    No connection
 Android 4.1.1                    No connection
 Android 4.2.2                    No connection
 Android 4.4.2                    TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Android 5.0.0                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 6.0                      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 7.0                      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Baidu Jan 2015                   No connection
 BingPreview Jan 2015             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Chrome 48 OS X                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Chrome 51 Win 7                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Edge 13 Win 10                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Edge 13 Win Phone 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Firefox 45 Win 7                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Firefox 49 Win 7                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Firefox 49 XP SP3                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Googlebot Feb 2015               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 IE 11 Win 10                     TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 IE 11 Win 7                      TLSv1.2 ECDHE-RSA-AES256-SHA384
 IE 11 Win 8.1                    TLSv1.2 ECDHE-RSA-AES256-SHA384
 IE 11 Win Phone 8.1              TLSv1.2 ECDHE-RSA-AES128-SHA256
 IE 11 Win Phone 8.1 Update       TLSv1.2 ECDHE-RSA-AES256-SHA384
 IE 6 XP                          No connection
 IE 7 Vista                       No connection
 IE 8 Win 7                       No connection
 IE 8 XP                          No connection
 Java 6u45                        No connection
 Java 7u25                        No connection
 Java 8b132                       TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 OpenSSL 1.0.1l                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 OpenSSL 1.0.2e                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Opera 17 Win 7                   TLSv1.2 ECDHE-RSA-AES128-SHA256
 Safari 5.1.9 OS X 10.6.8         No connection
 Safari 6.0.4 OS X 10.8.4         No connection
 Safari 7 OS X 10.9               TLSv1.2 ECDHE-RSA-AES256-SHA384
 Safari 8 OS X 10.10              TLSv1.2 ECDHE-RSA-AES256-SHA384
 Safari 9 iOS 9                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Safari 9 OS X 10.11              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Safari 10 OS X 10.12             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Apple ATS 9 iOS 9                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Tor 17.0.9 Win 7                 No connection
 Yahoo Slurp Jan 2015             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 YandexBot Jan 2015               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Current CLI settings provided by @kirrg001 have following compatibility:

 Android 2.3.7                    No connection
 Android 4.1.1                    TLSv1.0 ECDHE-RSA-AES256-SHA
 Android 4.2.2                    TLSv1.0 ECDHE-RSA-AES256-SHA
 Android 4.4.2                    TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Android 5.0.0                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 6.0                      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Android 7.0                      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Baidu Jan 2015                   TLSv1.0 ECDHE-RSA-AES256-SHA
 BingPreview Jan 2015             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Chrome 48 OS X                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Chrome 51 Win 7                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Edge 13 Win 10                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Edge 13 Win Phone 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Firefox 45 Win 7                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 Firefox 49 Win 7                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Firefox 49 XP SP3                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Googlebot Feb 2015               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 IE 11 Win 10                     TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 IE 11 Win 7                      TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 IE 11 Win 8.1                    TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 IE 11 Win Phone 8.1              TLSv1.2 ECDHE-RSA-AES256-SHA
 IE 11 Win Phone 8.1 Update       TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 IE 6 XP                          No connection
 IE 7 Vista                       TLSv1.0 ECDHE-RSA-AES256-SHA
 IE 8 Win 7                       TLSv1.0 ECDHE-RSA-AES256-SHA
 IE 8 XP                          No connection
 Java 6u45                        No connection
 Java 7u25                        No connection
 Java 8b132                       TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 OpenSSL 1.0.1l                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 OpenSSL 1.0.2e                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Opera 17 Win 7                   TLSv1.2 ECDHE-RSA-AES256-SHA
 Safari 5.1.9 OS X 10.6.8         TLSv1.0 ECDHE-RSA-AES256-SHA
 Safari 6.0.4 OS X 10.8.4         TLSv1.0 ECDHE-RSA-AES256-SHA
 Safari 7 OS X 10.9               TLSv1.2 ECDHE-RSA-AES256-SHA384
 Safari 8 OS X 10.10              TLSv1.2 ECDHE-RSA-AES256-SHA384
 Safari 9 iOS 9                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Safari 9 OS X 10.11              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Safari 10 OS X 10.12             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Apple ATS 9 iOS 9                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 Tor 17.0.9 Win 7                 TLSv1.0 ECDHE-RSA-AES256-SHA
 Yahoo Slurp Jan 2015             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 YandexBot Jan 2015               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

This configuration is only vulnerable to

 BEAST (CVE-2011-3389)                     TLS1: DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA
                                           VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2

and it's only vulnerable if TLSv1.1 or TLSv1.2 are not available on client side (older systems and browsers). So in my opinion current setting should be considered both secure and compatible.

All above tests were performed assuming that TLSv1, TLSv1.1 and TLSv1.2 are enabled and that 4096 dhparam is available.

@sebgie
Copy link
Contributor

sebgie commented Jun 30, 2017

@PaszaVonPomiot has posted a great overview of compatible browsers/devices. I would follow the official Mozilla recommendation and use the intermediate profile (no obv. vulnerability but good compatibility): https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1e&hsts=yes&profile=intermediate.

These parameters are maintained here and we can follow necessary changes on GitHub: https://github.com/mozilla/server-side-tls.

sebgie added a commit to sebgie/Ghost-CLI that referenced this issue Jun 30, 2017
@sebgie
Use Mozilla SSL cipher suite
24b3053 
closes TryGhost#230
- changed SSL ciphers to Mozilla recommendation
(https://wiki.mozilla.org/Security/Server_Side_TLS)
@sebgie sebgie mentioned this issue Jun 30, 2017
Merged
acburdine pushed a commit that referenced this issue Jun 30, 2017
@sebgie @acburdine
feat(ssl): use Mozilla SSL cipher suite (#252)
c5091df 
closes #230
- changed SSL ciphers to Mozilla recommendation
(https://wiki.mozilla.org/Security/Server_Side_TLS)
@ErisDS ErisDS mentioned this issue Dec 14, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kirrg001 kirrg001

Labels
bug rogue
Projects
None yet
Milestone
1.0.0-rc.1
Development

Successfully merging a pull request may close this issue.

Use Mozilla SSL cipher suite sebgie/Ghost-CLI
6 participants
@ErisDS @sebgie @kirrg001 @jloh @acburdine @PaszaVonPomiot