Drop DHE TLS ciphers

[bwbroersma]

desec-stack/www/conf/conf.d/ssl.conf

Lines 4 to 6 in 6a4ae93

	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers off;
	ssl_dhparam /etc/nginx/dhparam.pem;

So currently supported:

• ECDHE-ECDSA-AES128-GCM-SHA256
• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-ECDSA-AES256-GCM-SHA384
• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-ECDSA-CHACHA20-POLY1305
• ECDHE-RSA-CHACHA20-POLY1305
• DHE-RSA-AES128-GCM-SHA256
• DHE-RSA-AES256-GCM-SHA384

Update: The defined ssl_dhparam is not an FFDHE of RFC 7919. However it actually is FFDHE2048 .. but somehow the new sslyze internet.nl doesn't correctly recognizes it, since it's now insufficient according to the NCSC-NL TLS it's not reported, the old implementation does show it (https://internet.nl/site/desec.io/3753551/#control-panel-14)

DHE in general is not recommended, see https://datatracker.ietf.org/doc/html/rfc9325#appendix-A-2.2.2.9 (part of BCP 195). Note there is also a draft https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/08/ to completely deprecate DHE.

BTW since openssl 3 IANA cipher notation can be used (: (see our cipher config):

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

In the NCSC-NL TLS recommendation DHE is already dropped, see an early demo implementation of it: https://dev4.internet.nl/site/desec.io/120/#control-panel-12