HAProxy SSL Ciphers

dcdc · June 16, 2017, 3:20pm

Hi,
I’m trying to configure the rancher LB with some custom settings for Ciphers. This has been thrown up by our PCI compliance scan so I’m posting it here both because I’m looking for the best way of resolving this correctly and also as I’m guessing it would be of use to quite a few people here also requiring a PCI compliant SSL configuration.

The two issues I currently have being reported by the scan are:

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
SSL Medium Strength Cipher Suites Supported

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) TLSv1 ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

This is after removing SSL-V3 and TLSv1 ciphers with the lines:
ssl-default-bind-options no-sslv3 no-tlsv10
ssl-default-server-options no-sslv3 no-tlsv10

And this has already thrown up issues with some of our users on ie8,9 & 10 who can nolonger connect to our website - but I guess this is the way of the world.

Having tried to read some of the HAProxy documentation it seems you can specify the ‘ssl-default-bind-ciphers’ option but this requires you listing all known good Ciphers? Is there a way to just exclude these insecure cyphers from the config? I’m afraid to configure this directly incase I remove perfectly good ciphers from our config that may be added in the future or that already exist and I’m unaware of.

Is there a way to get a list of currently active Ciphers and what’s the best practice here?

dcdc · June 22, 2017, 11:04am

After some research I’ve settled on this HA proxy config and list of ciphers:

global
ssl-default-bind-options no-sslv3 no-tlsv10
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tlsv10
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
tune.ssl.default-dh-param 2048

This is largely based on this blog post: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ with the addition of the no-tls10 variable. Having tested this on https://www.ssllabs.com/ssltest it appears most clients are able to connect with this configuration and this removes all 64bit ciphers and mitigates the sweet32 vulnerability.

On top of this it only has limited impact on some old android phones and IE on windows XP so it seems like a sensible default at least for us.

I’d be interested to hear peoples views on Snapt’s choice of Ciphers I found here: https://support.snapt.net/hc/en-us/articles/213807549-Snapt-Cipher-Sets as in their latest version they appear to have limited it down to just the string:
AES128+EECDH:AES128+EDH

Hope this helps someone!

Topic		Replies	Views
Trouble defining haproxy_config configuration Rancher 1.x	1	935	April 4, 2016
HAProxy as ELB for Rancher High Availability (HA) Rancher 1.x	5	5238	August 25, 2016
SSL Termination Security Configuration Rancher 1.x	4	1650	October 12, 2015
How to configure IPv6 for RancherOS/Rancher/Haproxy (even forwarding to IPv4 would work, anything)? RancherOS	0	1736	April 15, 2017
Load Balancer with SSL Termination and x509 Client Certificates Rancher 1.x	1	3758	March 22, 2016

HAProxy SSL Ciphers

Related topics