bigbluebutton
Weak ciphers configured in haproxy reported by ssllabs
Hello,
a normal (3.0-)BBB-installation results on grade A on ssllabs with weak ciphers activated. Those weak ciphers are not used by any (popular) client and those clients are not supported: IE 11 / Win Phone 8.1 Safari 6 / iOS 6.0.1 Safari 7 / iOS 7.1 Safari 7 / OS X 10.9 Safari 8 / iOS 8.4 Safari 8 / OS X 10.10
With https://ssl-config.mozilla.org/#server=haproxy&version=2.4.24&config=intermediate&openssl=3.4.2&guideline=5.7 you get the following configuration ssl-default-bind-curves X25519:prime256v1:secp384r1 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets
haproxy.cfg is overwritten by bbb-install in https://github.com/bigbluebutton/bbb-install/blob/v3.0.x-release/bbb-install.sh#L744
A (git) diff to fix this issue could like this
diff --git a/bbb-install.sh b/bbb-install.sh
index a079fa9..223a3c2 100644
--- a/bbb-install.sh
+++ b/bbb-install.sh
@@ -741,9 +741,13 @@ global
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
- ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
- ssl-default-bind-options ssl-min-ver TLSv1.2
- tune.ssl.default-dh-param 2048
+ ssl-default-bind-curves X25519:prime256v1:secp384r1
+ ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+ ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+ ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2 no-tls-tickets
+ ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+ ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+ ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets
We already discussed it on https://groups.google.com/g/bigbluebutton-dev/c/ZEBqtxi9Oxo/m/sGvL4VDnAgAJ
The "modern" configuration that is suggested by Mozilla may be worth considering too? TLS 1.3 has widespread support by now. https://caniuse.com/tls1-3
The "modern" configuration that is suggested by Mozilla may be worth considering too? TLS 1.3 has widespread support by now. https://caniuse.com/tls1-3
Also in "modern" configuration TLSv1.3 is on. Or do you suggest to turn TLSv1.2 off? Without TLSv1.2 you can loos some (students/) customer with very old HW. Maybe old smartphones (which can be used for audio connection to BBB) with Android 8. In practice, it is probably possible to deactivate TLSv1.2 in most cases.