SSL Listeners Supported Ciphers Config

Is there a way to specify what SSL/TLS protocols and ciphers that a Cockroach node will use?

I did not seem to find any options in cockroach start --help or the documentation pages that were related.

A Nessus vulnerability scanner is showing our nodes vulnerable to the following two items:

  • SSL 64-bit Block Size Cipher Suites Supported (SWEET32) (94437)
  • SSL Medium Strength Cipher Suites Supported (42873)

Both are on the default SSL listening port (26257 / TCP).

The details show that this is due to allowing 3DES:

– SSL 64-bit Block Size Cipher Suites Supported (SWEET32) (94437) –
"
List of 64-bit block cipher suites supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

TLSv1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
"

– SSL Medium Strength Cipher Suites Supported (42873) –
"
Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

TLSv12
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
"

An additional scan with sslscan confirms the Supported Server Ciphers has 3DES:

Supported Server Cipher(s):
Accepted TLS12 256 bits ECDHE-RSA-AES256-GCM-SHA384
Accepted TLS12 256 bits ECDHE-RSA-AES256-SHA
Accepted TLS12 256 bits AES256-GCM-SHA384
Accepted TLS12 256 bits AES256-SHA
Accepted TLS12 128 bits ECDHE-RSA-AES128-GCM-SHA256
Accepted TLS12 128 bits ECDHE-RSA-AES128-SHA
Accepted TLS12 128 bits AES128-GCM-SHA256
Accepted TLS12 128 bits AES128-SHA
Accepted TLS12 112 bits ECDHE-RSA-DES-CBC3-SHA
Accepted TLS12 112 bits DES-CBC3-SHA

Preferred Server Cipher(s):
SSLv2 0 bits (NONE)
TLSv1 0 bits (NONE)
TLS12 128 bits ECDHE-RSA-AES128-GCM-SHA256

Thank you!

Hmm, that doesn’t look good. We don’t currently give you any knobs to change the TLS settings because they’re supposed to be set conservatively and you shouldn’t ever need to change them, but it looks like that may not be true. We’re using Go’s defaults (except for requiring TLS 1.2), which are generally pretty good in the crypto area.

There’s an upstream issue talking about disabling CBC ciphers, which would have the effect of removing all the 3DES-based suites, although I don’t see any discussion about disabling 3DES itself. Based on cloudflare’s report on SWEET32, since we’re already requiring TLS 1.2, it should be safe for us to disable 3DES ciphers.

Thank you for the prompt response Ben!

Looking forward to the update that implements either the option to disable or the by default fix.

Filed this upstream: https://github.com/golang/go/issues/21144

After doing some more research, this Nessus report is arguably a false positive: Any TLS 1.2 implementation MUST support at least one cipher that is higher in the priority list than 3DES, so it will never be selected except for security scans that are deliberately looking for it. However, for the same reason, there is no good reason to keep the 3DES-based cipher suites enabled, so I have a PR to disable them: https://github.com/cockroachdb/cockroach/pull/17237

It looks like this change to disable 3DES ciphers has been merged into the master branch?
If so, should this be expected with the next v1.0.5 release?

Thank you!

I wasn’t planning on putting this into 1.0.5 because it’s not a real security issue and is basically a false positive in the security scanner (no real TLS 1.2 client would ever negotiate the 3DES cipher suites because one of the AES suites higher in the list is mandatory-to-implement in TLS 1.2. Clients that deliberately disable all the better suites can specifically choose 3DES, which is what your security scanner is doing). But I guess it’s low risk enough that we can patch it in to 1.0.5.

Oh, I completely agree that its a low risk/borderline false positive.

Putting it into the next release would be awesome though; keeps our security team happy.

Thanks again Ben, much appreciated!