From 3587d581fe65c69f3dcf6dc33e5c0be186a1dbb5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 12 May 2021 23:17:57 +0000 Subject: [PATCH] proxy / controplane: use old upstream cipher suite (#2196) (#2197) Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> --- config/envoyconfig/clusters.go | 16 ++++ config/envoyconfig/clusters_test.go | 112 ++++++++++++++++++++++++++++ docs/docs/community/security.md | 49 ++++++++---- 3 files changed, 164 insertions(+), 13 deletions(-) diff --git a/config/envoyconfig/clusters.go b/config/envoyconfig/clusters.go index 038a46362..c181af216 100644 --- a/config/envoyconfig/clusters.go +++ b/config/envoyconfig/clusters.go @@ -207,6 +207,22 @@ func (b *Builder) buildPolicyTransportSocket(ctx context.Context, policy *config tlsContext := &envoy_extensions_transport_sockets_tls_v3.UpstreamTlsContext{ CommonTlsContext: &envoy_extensions_transport_sockets_tls_v3.CommonTlsContext{ TlsParams: &envoy_extensions_transport_sockets_tls_v3.TlsParameters{ + CipherSuites: []string{ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA", + }, EcdhCurves: []string{ "X25519", "P-256", diff --git a/config/envoyconfig/clusters_test.go b/config/envoyconfig/clusters_test.go index cd49dbd13..ac37aa715 100644 --- a/config/envoyconfig/clusters_test.go +++ b/config/envoyconfig/clusters_test.go @@ -47,6 +47,22 @@ func Test_buildPolicyTransportSocket(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", @@ -82,6 +98,22 @@ func Test_buildPolicyTransportSocket(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", @@ -117,6 +149,22 @@ func Test_buildPolicyTransportSocket(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", @@ -153,6 +201,22 @@ func Test_buildPolicyTransportSocket(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", @@ -189,6 +253,22 @@ func Test_buildPolicyTransportSocket(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", @@ -314,6 +394,22 @@ func Test_buildCluster(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", @@ -341,6 +437,22 @@ func Test_buildCluster(t *testing.T) { "commonTlsContext": { "alpnProtocols": ["h2", "http/1.1"], "tlsParams": { + "cipherSuites": [ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "AES128-GCM-SHA256", + "AES128-SHA", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "AES256-GCM-SHA384", + "AES256-SHA" + ], "ecdhCurves": [ "X25519", "P-256", diff --git a/docs/docs/community/security.md b/docs/docs/community/security.md index 519d39d96..a65218435 100644 --- a/docs/docs/community/security.md +++ b/docs/docs/community/security.md @@ -55,28 +55,51 @@ Encryption at rest: Encryption in transit: -- Data in transit is protected by Transport Layer Security ([TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security)) . See our lab's [SSL Labs report](https://www.ssllabs.com/ssltest/analyze.html?d=authenticate.demo.pomerium.com&latest) . +- Data in transit is protected by Transport Layer Security ([TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security)). See our lab's [SSL Labs report](https://www.ssllabs.com/ssltest/analyze.html?d=authenticate.demo.pomerium.com&latest) . + +- For downstream TLS (connections from the user's client to Pomerium) - The minimum accepted version of TLS is 1.2. - - For TLS 1.3, the following cipher suites are offered: - - - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - - TLS_CHACHA20_POLY1305_SHA256 - - For TLS 1.2, the following cipher suites are offered, in this order: - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 - The following elliptic curves are offered, in this order: - X25519 - secp256r1 - - X448 - - secp521r1 - - secp384r1 + +- For upstream TLS (connections from Pomerium to the application or service) + + - The minimum accepted version of TLS is 1.2. + - For TLS 1.2, the following cipher suites are supported: + + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - AES128-GCM-SHA256 + - AES128-SHA + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - AES256-GCM-SHA384 + - AES256-SHA + + - The following elliptic curves are supported: + + - X25519 + - P-256 + - P-384 + - P-521 - [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) (HSTS) with a long duration is used by default.