disable tlsv1 and 1.1 on our webservers
I think we should disable these old protocols.
This would additionally break, if I read https://www.ssllabs.com/ssltest/ right (I am comparing old www.debian.org with post-change www.debian.org):
Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI 2 Protocol mismatch (not simulated) Android 4.0.4 Protocol mismatch (not simulated) Android 4.1.1 Protocol mismatch (not simulated) Android 4.2.2 Protocol mismatch (not simulated) Android 4.3 Protocol mismatch (not simulated) Baidu Jan 2015 Protocol mismatch (not simulated) IE 7 / Vista Protocol mismatch (not simulated) IE 8-10 / Win 7 R Protocol mismatch (not simulated) IE 10 / Win Phone 8.0 Protocol mismatch (not simulated) Java 7u25 Protocol mismatch (not simulated) OpenSSL 0.9.8y Protocol mismatch (not simulated) Safari 5.1.9 / OS X 10.6.8 Protocol mismatch (not simulated) Safari 6.0.4 / OS X 10.8.4 R Protocol mismatch (not simulated)
Safari 6 / iOS 6.0.1 Server sent fatal alert: handshake_failure Safari 7 / iOS 7.1 R Server sent fatal alert: handshake_failure Safari 7 / OS X 10.9 R Server sent fatal alert: handshake_failure Safari 8 / iOS 8.4 R Server sent fatal alert: handshake_failure Safari 8 / OS X 10.10 R Server sent fatal alert: handshake_failure IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure
the following already don't work: IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure Java 6u45 No SNI 2 Client does not support DH parameters > 1024 bits IE 6 / XP No FS 1 No SNI 2 Protocol mismatch (not simulated)
this is the debian.org diff, tor's would be very similar:
--- a/modules/apache2/templates/puppet-config.erb
+++ b/modules/apache2/templates/puppet-config.erb
@@ -1,13 +1,11 @@
<IfModule mod_ssl.c>
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder On
-
- # this is a list that seems suitable as of 2014-10, when running wheezy. It
- # probably requires re-visiting regularly.
- # 2018-07-17
- # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.25&openssl=1.0.2l&hsts=yes&profile=intermediate
- # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.25&openssl=1.1.0&hsts=no&profile=intermediate
- SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+ # this is a list that seems suitable as of 2020-03, when running buster
+ # (Debian 10). It probably requires re-visiting regularly.
+ # 2020-03-11
+ # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1d&guideline=5.4
+ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ SSLHonorCipherOrder off
SSLUseStapling On