HAProxy SSL Ciphers

Hi,
I’m trying to configure the rancher LB with some custom settings for Ciphers. This has been thrown up by our PCI compliance scan so I’m posting it here both because I’m looking for the best way of resolving this correctly and also as I’m guessing it would be of use to quite a few people here also requiring a PCI compliant SSL configuration.

The two issues I currently have being reported by the scan are:

  • SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
  • SSL Medium Strength Cipher Suites Supported

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) TLSv1 ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

This is after removing SSL-V3 and TLSv1 ciphers with the lines:
ssl-default-bind-options no-sslv3 no-tlsv10
ssl-default-server-options no-sslv3 no-tlsv10

And this has already thrown up issues with some of our users on ie8,9 & 10 who can nolonger connect to our website - but I guess this is the way of the world.

Having tried to read some of the HAProxy documentation it seems you can specify the ‘ssl-default-bind-ciphers’ option but this requires you listing all known good Ciphers? Is there a way to just exclude these insecure cyphers from the config? I’m afraid to configure this directly incase I remove perfectly good ciphers from our config that may be added in the future or that already exist and I’m unaware of.

Is there a way to get a list of currently active Ciphers and what’s the best practice here?

After some research I’ve settled on this HA proxy config and list of ciphers:

global
ssl-default-bind-options no-sslv3 no-tlsv10
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tlsv10
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
tune.ssl.default-dh-param 2048

This is largely based on this blog post: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ with the addition of the no-tls10 variable. Having tested this on https://www.ssllabs.com/ssltest it appears most clients are able to connect with this configuration and this removes all 64bit ciphers and mitigates the sweet32 vulnerability.

On top of this it only has limited impact on some old android phones and IE on windows XP so it seems like a sensible default at least for us.

I’d be interested to hear peoples views on Snapt’s choice of Ciphers I found here: https://support.snapt.net/hc/en-us/articles/213807549-Snapt-Cipher-Sets as in their latest version they appear to have limited it down to just the string:
AES128+EECDH:AES128+EDH

Hope this helps someone!

1 Like