nginx 1.17.1 configcheck fails if config'd for TLSv1.3-only ?

PGNet Dev pgnet.dev at gmail.com
Fri Jul 19 17:52:55 UTC 2019


>> And, if I change nginx to be 'TLSv1.3-only',
>>
>> -	ssl_protocols TLSv1.3 TLSv1.2;
>> -	ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305";
>> +	ssl_protocols TLSv1.3;
>> +	ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256";
>>
>> even the webserver config check FAILs,
>>
>> 	nginxconfcheck
>> 		TLS13-AES-128-GCM-SHA256") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
>> 		nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
>>
>> and the server fails to start.
> 
> That's because the cipher string listed contains no valid ciphers.


Sorry, I'm missing something :-/

What's specifically "invalid" about the 3, listed ciphers?

	TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256

as stated here

	https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/

		OpenSSL has implemented support for five TLSv1.3 ciphersuites as follows:

		 
		    TLS13-AES-256-GCM-SHA384

		    TLS13-CHACHA20-POLY1305-SHA256

		    TLS13-AES-128-GCM-SHA256

		    TLS13-AES-128-CCM-8-SHA256

		    TLS13-AES-128-CCM-SHA256



for

	openssl ciphers  -stdname -s -V 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE:!AES128:!SHA1:!SHA256:!SHA384:!COMPLEMENTOFDEFAULT'
          0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
          0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
          0xC0,0x2C - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
          0xC0,0x30 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0xCC,0xA9 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xA8 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD

using the alias TLSv1.3 ciphersuite names is also fine,

	openssl ciphers  -stdname -s -V 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-128-GCM-SHA256:TLS-AES-256-GCM-SHA384:ECDHE:!AES128:!SHA1:!SHA256:!SHA384:!COMPLEMENTOFDEFAULT'
          0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
          0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0x13,0x01 - TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
          0xC0,0x2C - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
          0xC0,0x30 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0xCC,0xA9 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xA8 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD

if in nginx config,

	ssl_protocols TLSv1.3 TLSv1.2;
	ssl_ciphers "TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE:!AES128:!SHA1:!SHA256:!SHA384:!COMPLEMENTOFDEFAULT";

ssllabs.com/ssltest reports

Configuration

	Protocols

		TLS 1.3 	Yes

		TLS 1.2 	Yes

		TLS 1.1 	No

		TLS 1.0 	No

		SSL 3 	No

		SSL 2 	No

		For TLS 1.3 tests, we only support RFC 8446.





Cipher Suites

	# TLS 1.3 (suites in server-preferred order)

	TLS_AES_256_GCM_SHA384 (0x1302)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256

	TLS_CHACHA20_POLY1305_SHA256 (0x1303)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256

	TLS_AES_128_GCM_SHA256 (0x1301)   ECDH x25519 (eq. 3072 bits RSA)   FS 	128

	# TLS 1.2 (suites in server-preferred order)

	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256

	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256

	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256

	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256

on connect to the site, I see connection handshake,

	Protocol
 TLS 1.3

	Cipher Suite
 TLS_AES_256_GCM_SHA384

	Key Exchange Group
 x25519

	Signature Scheme
 ECDSA-P384-SHA384



switching nginx config

	ssl_protocols TLSv1.3;

BREAKS ssllabs testing/reporting (their issue, apparently), but the site itself still works, with, again, handshake

	Protocol
 TLS 1.3

	Cipher Suite
 TLS_AES_256_GCM_SHA384

	Key Exchange Group
 x25519

	Signature Scheme
 ECDSA-P384-SHA384


OTOH, if I enable ONLY TLSv1.3 ciphersuites,

	ssl_protocols TLSv1.3;
	ssl_ciphers "TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384";

nginxconfcheck indeed FAILs

	nginxconfcheck
		nginx: [emerg] SSL_CTX_set_cipher_list("TTLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
		nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

IIUC due to openssl itself apparently being 'unhappy' with that string,

	openssl ciphers  -stdname -s -V 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-128-GCM-SHA256:TLS-AES-256-GCM-SHA384'
		Error in cipher list
		139817124520384:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:

WHY it's unhappy with that string is an openssl issue; I've asked 'over there' abt that ...


More information about the nginx mailing list