仅使用 TLS1.3 密码套件的 Nginx

仅使用 TLS1.3 密码套件的 Nginx

我正在尝试将 Nginx 配置为仅使用带有 2 个密码的 TLS1.3:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256。

因此,我尝试了这种配置:

ssl_protocols TLSv1.3;
ssl_ciphers TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256;

nginx -s 重新加载错误

nginx: [emerg] SSL_CTX_set_cipher_list("TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)", "operationName": "Default", "category": "Default"}

看来我需要附加至少一个非 TLS1.3 密码才能使配置正常工作。我尝试了各种这样的组合,它们都有效。其中之一是:

TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384

为什么会这样?我认为这是因为 OpenSSL 本身不接受原始密码套件字符串。我使用的是 OpenSSL-1.1.1g。

root@2ed6cae6e062:/azure/appgw# openssl ciphers -v TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256
Error in cipher list
140686067873536:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2558:

我遇到了一些有用的链接,但不知道如何实现我想要的 -仅使用 TLS1.3 密码套件

https://forum.nginx.org/read.php?2,284909,284914#msg-284914
https://trac.nginx.org/nginx/ticket/1529
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites

答案1

我在提供的链接中找到了答案。 Maxim Dounin 的所有答案都很有价值。您应该提供一个令人满意的密码SSL_CTX_set_cipher_list,然后使用指令强制密码列表ssl_conf_command Ciphersuites

ssl_protocols TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384;
ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
ssl_prefer_server_ciphers off;

OpenSSL 版本:

# openssl version
OpenSSL 1.1.1d  10 Sep 2019

请注意,默认情况下启用 TLSv1.3 密码。

# openssl ciphers -v ECDHE-ECDSA-AES256-GCM-SHA384
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD

使用建议的脚本https://superuser.com/a/224263尤其是更新后的版本https://gist.github.com/jahir/23c4202eee12e377ef3acf1dcdc7c776我检查了上述配置。

$ ./test_ciphers.sh <put IP here>:443
Using OpenSSL 1.1.1k 25 Mar 2021.
Using tls1_1
Testing ECDHE-ECDSA-AES256-SHA         ... NO (tlsv1 alert protocol version)
...
Using tls1_2
Testing ECDHE-ECDSA-AES256-GCM-SHA384  ... NO (tlsv1 alert protocol version)
...
Using tls1_3
Testing TLS_AES_256_GCM_SHA384         ... YES
Testing TLS_CHACHA20_POLY1305_SHA256   ... YES
Testing TLS_AES_128_GCM_SHA256         ... YES

下面附有脚本供参考。

#!/usr/bin/env bash

CIPHERS='ALL:eNULL'
DELAY=${2:-0.1}
SERVER=${1:?usage: $0 <host:port> [delay, default is ${DELAY}s] [ciphers, default is ${CIPHERS}]}
MAXLEN=$(openssl ciphers "$CIPHERS" | sed -e 's/:/\n/g' | awk '{ if ( length > L ) { L=length} }END{ print L}')

echo Using $(openssl version).

declare -A TLSMAP=( [tls1_1]=cipher [tls1_2]=cipher [tls1_3]=ciphersuites )

for tlsver in "${!TLSMAP[@]}"
do
  echo "Using $tlsver"
  ciphers=$(openssl ciphers -$tlsver -s "$CIPHERS" | sed -e 's/:/ /g')
  for cipher in ${ciphers[@]}
  do
    in=$(openssl s_client -$tlsver -${TLSMAP[$tlsver]} "$cipher" -connect $SERVER </dev/null 2>&1)
    if [[ "$in" =~ ":error:" ]] ; then
      result="NO ($(echo -n $in | cut -d':' -f6))"
    else
      if [[ "$in" =~ "Cipher is ${cipher}" || "$in" =~ "Cipher    :" ]] ; then
        result='YES'
      else
        result="UNKNOWN RESPONSE\n$in"
      fi
    fi
    printf 'Testing %-*s ... %s\n' "$MAXLEN" "$cipher" "$result"
    sleep $DELAY
  done
done

答案2

我通过添加ssl_prefer_server_ciphers off;指令成功了。

相关内容