nginx 1.17.1 configcheck fails if config'd for TLSv1.3-only ?

Fri Jul 19 18:24:36 UTC 2019

On 7/19/19 11:02 AM, Maxim Dounin wrote:
> Hello!
> 
> On Fri, Jul 19, 2019 at 10:52:55AM -0700, PGNet Dev wrote:
> 
>>>> And, if I change nginx to be 'TLSv1.3-only',
>>>>
>>>> -	ssl_protocols TLSv1.3 TLSv1.2;
>>>> -	ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305";
>>>> +	ssl_protocols TLSv1.3;
>>>> +	ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256";
>>>>
>>>> even the webserver config check FAILs,
>>>>
>>>> 	nginxconfcheck
>>>> 		TLS13-AES-128-GCM-SHA256") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
>>>> 		nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
>>>>
>>>> and the server fails to start.
>>>
>>> That's because the cipher string listed contains no valid ciphers.
>>
>>
>> Sorry, I'm missing something :-/
>>
>> What's specifically "invalid" about the 3, listed ciphers?
>>
>> 	TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256
> 
> There are no such ciphers in the OpenSSL.
> Try it yourself:
> 
> $ openssl ciphers TLS13-CHACHA20-POLY1305-SHA256
> Error in cipher list
> 0:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:
> 
> [...]
> 

Then what are these lists?

https://wiki.openssl.org/index.php/TLS1.3

	Ciphersuites

	OpenSSL has implemented support for five TLSv1.3 ciphersuites as follows:

	    TLS_AES_256_GCM_SHA384

	    TLS_CHACHA20_POLY1305_SHA256

	    TLS_AES_128_GCM_SHA256

	    TLS_AES_128_CCM_8_SHA256

	    TLS_AES_128_CCM_SHA256

https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/

	Ciphersuites

	OpenSSL has implemented support for five TLSv1.3 ciphersuites as follows:

	    TLS13-AES-256-GCM-SHA384

	    TLS13-CHACHA20-POLY1305-SHA256

	    TLS13-AES-128-GCM-SHA256

	    TLS13-AES-128-CCM-8-SHA256

	    TLS13-AES-128-CCM-SHA256

	"$ openssl ciphers -s -v ECDHE
	  Will list all the ciphersuites for TLSv1.2 and below that support ECDHE and additionally all of the default TLSv1.3 ciphersuites."

openssl ciphers -s -v ECDHE
>>	TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
>>	TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
>>	TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
	...

openssl ciphers -tls1_3
>>	TLS_AES_256_GCM_SHA384:
>>	TLS_CHACHA20_POLY1305_SHA256:
>>	TLS_AES_128_GCM_SHA256:
	ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA

openssl ciphers TLS13-CHACHA20-POLY1305-SHA256
	Error in cipher list
	140418731745728:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:

openssl ciphers TLS-CHACHA20-POLY1305-SHA256
	Error in cipher list
	140126717628864:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:

openssl ciphers TLS13_CHACHA20_POLY1305_SHA256
	Error in cipher list
	139978279444928:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:

openssl ciphers TLS_CHACHA20_POLY1305_SHA256
	Error in cipher list
	139921842241984:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549:

If your argument for TLSv1.3 usage in nginx is as-correctly-used in openssl, that's fine.

Can you provide a correct nginx example of TLS13-only usage of CHACHA20-POLY1305-SHA256 cipher?