Login/Register
Recommended TLS Ciphers for Traefik
Asked Answered
Solved sslencryptiontls1.2traefik
S

3

11

I'm looking for a recommended configuration for SSL/TLS in Traefik. I have set minVersion = "VersionTLS12" to avoid the weaker older versions and found the supported ciphers in Go. Cross-checking that with the recommendations from SSLLabs I came up with the following sequence (order matters):

cipherSuites = [
  "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
  "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
  "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
  "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
  "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
  "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
  "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
]

[Update] Later cross-checked with Mozilla's SSL Config Generator, dropping the SHA-1 ones and using the suggested order:

cipherSuites = [
  "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
  "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
  "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
  "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
  "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]

Does that make sense? I want to avoid weak ciphers, but include as many strong ciphers as possible for compatibility.

Sceptre answered 1/9, 2018 at 14:20 Comment(0)
H
2

Looks good. I'm running the same config as in your update and everything looks secure and compatible according to the SSL Labs tests.

Update 05-07-19:

The CBC ciphers are now also weak according to SSL Labs. You can remove these, but if your certificate is signed with RSA you won't be able to view your website on IE 11 with Windows 7. I signed my certificate with ECDSA with the current ciphers above (wihout CBC) to get it working on IE 11 Windows 7.

Hula answered 3/9, 2018 at 16:30 Comment(0)
I
10

You can use this page to generate your traefik config: https://ssl-config.mozilla.org/#server=traefik&server-version=1.7.12&config=intermediate

# generated 2019-07-17, https://ssl-config.mozilla.org/#server=traefik&server-version=1.7.12&config=intermediate
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"

  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      minVersion = "VersionTLS12"
      cipherSuites = [
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
      ]

      [[entryPoints.https.tls.certificates]]
      certFile = "/path/to/signed_cert_plus_intermediates"
      keyFile = "/path/to/private_key"
Ikon answered 17/7, 2019 at 10:10 Comment(0)
W
5

Edit: as noted in the issue linked below, the config-generator has been fixed.

I found this question while researching the cipher suites for Traefik. So, for future reference, and people who have tried the generator but ran into problems:

I found the ssl-config page of Mozilla, that Rui Martins mentioned as well. This works fine, except for the last four entries.

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Are not recognized by Traefik as valid cipher suites.
I checked the Go documentation, and found that the cipher suites aren't mentioned there either. Relatively close alternatives were mentioned however: https://godoc.org/crypto/tls#pkg-constants

So I replaced the values as follows:

+-----------------------------------------------+----------------------------------------+
| Old Value                                     | New Value                              |
+-----------------------------------------------+----------------------------------------+
| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ‎TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 |
+-----------------------------------------------+----------------------------------------+
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305   |
+-----------------------------------------------+----------------------------------------+
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  |
+-----------------------------------------------+----------------------------------------+
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  |
+-----------------------------------------------+----------------------------------------+

Note the removed _SHA256 for the first two entries, and the added EC for the last two.

This works fine, but is not a solution for the core problem. As I do not have a lot of knowledge or experience in cipher suites, I have filed a bug report with Mozilla about their ssl-config generation for Traefik. ( https://github.com/mozilla/ssl-config-generator/issues/52 )

Wherewith answered 9/8, 2019 at 16:11 Comment(0)
H
2

Looks good. I'm running the same config as in your update and everything looks secure and compatible according to the SSL Labs tests.

Update 05-07-19:

The CBC ciphers are now also weak according to SSL Labs. You can remove these, but if your certificate is signed with RSA you won't be able to view your website on IE 11 with Windows 7. I signed my certificate with ECDSA with the current ciphers above (wihout CBC) to get it working on IE 11 Windows 7.

Hula answered 3/9, 2018 at 16:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.