Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener

[roman-vynar]

Added tls_cipher_suites, tls_prefer_server_cipher_suites config options to define preferred ciphersuites to enforce a high grade of security. Addresses #1193

For example:

listener "tcp" {
  address = "127.0.0.1:8200"
  tls_min_version = "tls12"
...
  tls_cipher_suites = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
  tls_prefer_server_cipher_suites = "true"
}

Golang supports 17 ciphersuites, 5 of them are grade C.
The example above excludes those and nmap is happy with that:

$ nmap --script +ssl-enum-ciphers -p 8200 127.0.0.1

Starting Nmap 7.40 ( https://nmap.org ) at 2017-01-23 18:08 EET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00036s latency).
PORT     STATE SERVICE
8200/tcp open  trivnet1
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: true
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds

Please let me know if you want me to change/improve anything to support this.
Thanks.

[jefferai]

Hi @roman-vynar,

This looks really great. One thing: can you move the parsing logic into helper/tlsutil? That way if we need to be able to parse a set of cipher suites elsewhere we can use shared code, just as we do for the TLS version lookup.

Thanks!

[vishalnayak]

Can we use the inbuilt helper strutil.ParseDedupAndSortStrings() here? Also, it might be better to delimit the entries with a , instead of a : just to be consistent with several API field delimiters.

[vishalnayak]

We could use %q instead of '%s'.

[vishalnayak]

Can we rename this to tls_prefer_server_cipher_suites?

[vishalnayak]

Can we rename this to tls_prefer_server_cipher_suites?

[roman-vynar]

Applied all the suggestions.

[jefferai]

I'm going to merge this but remove the Grade C comments. It's not meaningful to anyone that doesn't know where those grades are coming from, and it seems odd without also adding in the grades of other ciphers, plus those comments can/will easily get out of date as people forget to update the grades of other ciphers over time.

[rhuddleston]

One thought here is to just remove 3DES and RC4 ciphers from the list all together. Given the security purpose of this program and that only tls 1.2 is allowed with the default vault binaries, anything that can connect would not need these ciphers.

[jefferai]

Not quite true. TLS is the default but the binaries have a config option to allow stepping down...not a compile time option.