More updates to TLS cipher list

[bdarnell]

Benjamin Darnell (bdarnell) commented:

I didn't catch that in https://github.com/cockroachdb/docs/pull/18385/commits/7f66b095202cc0eaf657723bf89fab4f129ff8dd when the TLS cipher list was moved to an external file, it got a lot longer and included some cipher suites that we do not support (for example, we don't support any PSK ciphers). How was this longer list generated? This list also includes only TLS 1.2 ciphers; the TLS 1.3 ciphers are not present.

In TLS 1.3, we support the following ciphers (source):

TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256,

In TLS 1.2, we support the following ciphers by default (source):

	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,

The following ciphers are disabled by default but may be enabled with the COCKROACH_TLS_ENABLE_OLD_CIPHER_SUITES environment variable:

	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
	TLS_RSA_WITH_AES_128_GCM_SHA256,
	TLS_RSA_WITH_AES_256_GCM_SHA384,
	TLS_RSA_WITH_AES_128_CBC_SHA,
	TLS_RSA_WITH_AES_256_CBC_SHA,

It looks like you may have pulled the full list of IETF-recommended ciphers, but the actual answer is the ciphers that are

1. Recommended by IETF
2. Implemented in Go (this excludes the CCM ciphers among others)
3. Applicable to our configuration (this would exclude PSK ciphers even if they were implemented in Go)

And all of this is for standard builds; FIPS builds have their own cipher lists that are documented in https://www.cockroachlabs.com/docs/stable/fips#in-flight (correctly, I think? I'm not sure if FIPS builds add the TLS 1.3 AES-CCM ciphers).

Jira Issue: DOC-10076