Nginx – How to disable just one cipher out of OpenSSL TLSv1.3 list

cipherlets-encryptnginxopensslubuntu-18.04

I use Nginx + Let's Encrypt with OpenSSL on my server. I wanted to use TLSv1.2 and TLSv1.3. But I wanted to use very specific SSL ciphers. Specifically:

TLS_AES_256_GCM_SHA384 (TLSv1.3),
TLS_CHACHA20_POLY1305_SHA256 (TLSv1.3),
ECDHE-RSA-AES256-GCM-SHA384 (TLSv1.2),
ECDHE-RSA-CHACHA20-POLY1305 (TLSv1.2),
DHE-RSA-AES256-GCM-SHA384 (TLSv1.2),
DHE-RSA-CHACHA20-POLY1305 (TLSv1.2),

but not TLS_AES_128_GCM_SHA256 (TLSv1.3). I have done multiple configuration on Nginx configuration file to disable this cipher but it didn't work. Some of them are:

ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"; – Adding double quotes
ssl_ciphers "!TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"; – Adding ! to that cipher
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 – Without double quotes

So how do I achieve this? Thank you and have a nice day.

Best Answer

Nginx doesn't support configuring TLS 1.3 cipher suites like this, and you shouldn't, as per RFC 8446, 9.1 there are Mandatory-to-Implement Cipher Suites.

A TLS-compliant application MUST implement the TLS_AES_128_GCM_SHA256 [GCM] cipher suite and SHOULD implement the TLS_AES_256_GCM_SHA384 [GCM] and TLS_CHACHA20_POLY1305_SHA256 [RFC8439] cipher suites (see Appendix B.4).

If you really want to mess with this, you'd have to disable the mandatory cipher suite in the OpenSSL CONF library configuration files openssl.cnf as explained in e.g. Perfect 100 SSL-Labs Score Revisited:

[system_default_sect] 
MinProtocol = TLSv1.2 
CipherString = DEFAULT@SECLEVEL=2 
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 
Options = ServerPreference,PrioritizeChaCha 
...
This will state to your OS that the minimum TLS version used is TLS1.2 and the Ciphersuites to use ar the ones specified. Please note that I have only specified TLS1.3 suites. If you need TLS1.2 support, do add "some" of them.

Related Solutions

Nginx – OCSP validation – unable to get local issuer certificate

Those two errors was unrelated although the error message was same.

[...]SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 [...] Start Time: 1411583991 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)

Above error was issued openssl_client command. As explained by Florian Heigl, you get this error because the openssl_client need the Globalsign Root cert in /etc/ssl/certs.

OCSP_basic_verify() failed (SSL: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:Verify error:unable to get local issuer certificate) while requesting certificate status, responder: gv.symcd.com

For this error, it was issued by nginx ocsp routine, especially when you add ssl_stapling_verify on; line in nginx.conf.

Here some excerpt from the documentation of ssl_stapling_verify to explain why it throws the error

Syntax: ssl_stapling_verify on | off;

Enables or disables verification of OCSP responses by the server.

For verification to work, the certificate of the server certificate issuer, the root certificate, and all intermediate certificates should be configured as trusted using the ssl_trusted_certificate directive.

In other words, you need provide (2) Intermediate CA Bundle (RapidSSL SHA256 CA - G3) and (3) Intermediate CA Bundle (GeoTrust Global CA) to ssl_trusted_certificate directive.

cat GeoTrustGlobalCA.crt rapidsslG3.crt > ocsp-chain.crt

and add ocsp-chain.crt to ssl_trusted_certificate directive.

OpenSSL able to negotiate a cipher that isn’t supported

You likely have two OpenSSL installations on your CentOS server.

Run the command ldd /usr/local/apache/modules/mod_ssl.so using the path to mod_ssl.so defined in your httpd.conf. This will return the libraries linked to mod_ssl.so. Are they using the same libraries as your system OpenSSL?

My guess is that your Apache is configured to use a different OpenSSL than the default system OpenSSL. This is why Apache can accept the AES256-GCM-SHA384 cipher, but your use of the system openssl command fails. Often times installations or upgrades of OpenSSL performed after the OS installation will get installed to /usr/local/ssl with the library folder at /usr/local/ssl/lib.

Best Answer

Related Solutions

Nginx – OCSP validation – unable to get local issuer certificate

OpenSSL able to negotiate a cipher that isn’t supported

Related Topic