-
-
Notifications
You must be signed in to change notification settings - Fork 61
Description
desec-stack/www/conf/conf.d/ssl.conf
Lines 4 to 6 in 6a4ae93
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
| ssl_prefer_server_ciphers off; | |
| ssl_dhparam /etc/nginx/dhparam.pem; |
So currently supported:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
Update: The defined it actually is FFDHE2048 .. but ssl_dhparam is not an FFDHE of RFC 7919. Howeversomehow the new sslyze internet.nl doesn't correctly recognizes it, since it's now insufficient according to the NCSC-NL TLS it's not reported, the old implementation does show it (https://internet.nl/site/desec.io/3753551/#control-panel-14)
DHE in general is not recommended, see https://datatracker.ietf.org/doc/html/rfc9325#appendix-A-2.2.2.9 (part of BCP 195). Note there is also a draft https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/08/ to completely deprecate DHE.
BTW since openssl 3 IANA cipher notation can be used (: (see our cipher config):
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
In the NCSC-NL TLS recommendation DHE is already dropped, see an early demo implementation of it: https://dev4.internet.nl/site/desec.io/120/#control-panel-12