summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-11-20 06:12:43 +0000
committerGitHub <noreply@github.com>2021-11-20 01:12:43 -0500
commitc96be0cd982255f20a3fe6ff4683115b8073e65e (patch)
tree3b5c31858438becb2a8a24557c419de9fa085e2a
parent9f14fe43c6de96ce7cf81c87620fcd50e086910c (diff)
downloadgitea-c96be0cd982255f20a3fe6ff4683115b8073e65e.tar.gz
gitea-c96be0cd982255f20a3fe6ff4683115b8073e65e.zip
Make SSL cipher suite configurable (#17440)
-rw-r--r--cmd/web_graceful.go9
-rw-r--r--cmd/web_https.go191
-rw-r--r--cmd/web_letsencrypt.go17
-rw-r--r--custom/conf/app.example.ini10
-rw-r--r--docs/content/doc/advanced/config-cheat-sheet.en-us.md36
-rw-r--r--go.mod2
-rw-r--r--modules/graceful/server.go40
-rw-r--r--modules/graceful/server_http.go7
-rw-r--r--modules/setting/setting.go8
9 files changed, 266 insertions, 54 deletions
diff --git a/cmd/web_graceful.go b/cmd/web_graceful.go
index 91ac024ddb..1618208c55 100644
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -5,7 +5,6 @@
package cmd
import (
- "crypto/tls"
"net"
"net/http"
"net/http/fcgi"
@@ -20,14 +19,6 @@ func runHTTP(network, listenAddr, name string, m http.Handler) error {
return graceful.HTTPListenAndServe(network, listenAddr, name, m)
}
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
- return graceful.HTTPListenAndServeTLS(network, listenAddr, name, certFile, keyFile, m)
-}
-
-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
- return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
-}
-
// NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
func NoHTTPRedirector() {
graceful.GetManager().InformCleanup()
diff --git a/cmd/web_https.go b/cmd/web_https.go
new file mode 100644
index 0000000000..b939dcab8a
--- /dev/null
+++ b/cmd/web_https.go
@@ -0,0 +1,191 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+ "crypto/tls"
+ "net/http"
+ "os"
+ "strings"
+
+ "code.gitea.io/gitea/modules/graceful"
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
+ "github.com/klauspost/cpuid/v2"
+)
+
+var tlsVersionStringMap = map[string]uint16{
+ "": tls.VersionTLS12, // Default to tls.VersionTLS12
+ "tlsv1.0": tls.VersionTLS10,
+ "tlsv1.1": tls.VersionTLS11,
+ "tlsv1.2": tls.VersionTLS12,
+ "tlsv1.3": tls.VersionTLS13,
+}
+
+func toTLSVersion(version string) uint16 {
+ tlsVersion, ok := tlsVersionStringMap[strings.TrimSpace(strings.ToLower(version))]
+ if !ok {
+ log.Warn("Unknown tls version: %s", version)
+ return 0
+ }
+ return tlsVersion
+}
+
+var curveStringMap = map[string]tls.CurveID{
+ "x25519": tls.X25519,
+ "p256": tls.CurveP256,
+ "p384": tls.CurveP384,
+ "p521": tls.CurveP521,
+}
+
+func toCurvePreferences(preferences []string) []tls.CurveID {
+ ids := make([]tls.CurveID, 0, len(preferences))
+ for _, pref := range preferences {
+ id, ok := curveStringMap[strings.TrimSpace(strings.ToLower(pref))]
+ if !ok {
+ log.Warn("Unknown curve: %s", pref)
+ }
+ if id != 0 {
+ ids = append(ids, id)
+ }
+ }
+ return ids
+}
+
+var cipherStringMap = map[string]uint16{
+ "rsa_with_rc4_128_sha": tls.TLS_RSA_WITH_RC4_128_SHA,
+ "rsa_with_3des_ede_cbc_sha": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ "rsa_with_aes_128_cbc_sha": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+ "rsa_with_aes_256_cbc_sha": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+ "rsa_with_aes_128_cbc_sha256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+ "rsa_with_aes_128_gcm_sha256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+ "rsa_with_aes_256_gcm_sha384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+ "ecdhe_ecdsa_with_rc4_128_sha": tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ "ecdhe_ecdsa_with_aes_128_cbc_sha": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ "ecdhe_ecdsa_with_aes_256_cbc_sha": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ "ecdhe_rsa_with_rc4_128_sha": tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ "ecdhe_rsa_with_3des_ede_cbc_sha": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ "ecdhe_rsa_with_aes_128_cbc_sha": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ "ecdhe_rsa_with_aes_256_cbc_sha": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ "ecdhe_ecdsa_with_aes_128_cbc_sha256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ "ecdhe_rsa_with_aes_128_cbc_sha256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ "ecdhe_rsa_with_aes_128_gcm_sha256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ "ecdhe_ecdsa_with_aes_128_gcm_sha256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ "ecdhe_rsa_with_aes_256_gcm_sha384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ "ecdhe_ecdsa_with_aes_256_gcm_sha384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ "ecdhe_rsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ "ecdhe_ecdsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+ "ecdhe_rsa_with_chacha20_poly1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ "ecdhe_ecdsa_with_chacha20_poly1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ "aes_128_gcm_sha256": tls.TLS_AES_128_GCM_SHA256,
+ "aes_256_gcm_sha384": tls.TLS_AES_256_GCM_SHA384,
+ "chacha20_poly1305_sha256": tls.TLS_CHACHA20_POLY1305_SHA256,
+}
+
+func toTLSCiphers(cipherStrings []string) []uint16 {
+ ciphers := make([]uint16, 0, len(cipherStrings))
+ for _, cipherString := range cipherStrings {
+ cipher, ok := cipherStringMap[strings.TrimSpace(strings.ToLower(cipherString))]
+ if !ok {
+ log.Warn("Unknown cipher: %s", cipherString)
+ }
+ if cipher != 0 {
+ ciphers = append(ciphers, cipher)
+ }
+ }
+
+ return ciphers
+}
+
+// defaultCiphers uses hardware support to check if AES is specifically
+// supported by the CPU.
+//
+// If AES is supported AES ciphers will be preferred over ChaCha based ciphers
+// (This code is directly inspired by the certmagic code.)
+func defaultCiphers() []uint16 {
+ if cpuid.CPU.Supports(cpuid.AESNI) {
+ return defaultCiphersAESfirst
+ }
+ return defaultCiphersChaChaFirst
+}
+
+var (
+ defaultCiphersAES = []uint16{
+ tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ }
+
+ defaultCiphersChaCha = []uint16{
+ tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ }
+
+ defaultCiphersAESfirst = append(defaultCiphersAES, defaultCiphersChaCha...)
+ defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
+)
+
+// runHTTPs listens on the provided network address and then calls
+// Serve to handle requests on incoming TLS connections.
+//
+// Filenames containing a certificate and matching private key for the server must
+// be provided. If the certificate is signed by a certificate authority, the
+// certFile should be the concatenation of the server's certificate followed by the
+// CA's certificate.
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
+ tlsConfig := &tls.Config{}
+ if tlsConfig.NextProtos == nil {
+ tlsConfig.NextProtos = []string{"h2", "http/1.1"}
+ }
+
+ if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
+ tlsConfig.MinVersion = version
+ }
+ if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
+ tlsConfig.MaxVersion = version
+ }
+
+ // Set curve preferences
+ tlsConfig.CurvePreferences = []tls.CurveID{
+ tls.X25519,
+ tls.CurveP256,
+ }
+ if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
+ tlsConfig.CurvePreferences = curves
+ }
+
+ // Set cipher suites
+ tlsConfig.CipherSuites = defaultCiphers()
+ if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
+ tlsConfig.CipherSuites = ciphers
+ }
+
+ tlsConfig.Certificates = make([]tls.Certificate, 1)
+
+ certPEMBlock, err := os.ReadFile(certFile)
+ if err != nil {
+ log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, network, listenAddr, err)
+ return err
+ }
+
+ keyPEMBlock, err := os.ReadFile(keyFile)
+ if err != nil {
+ log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, network, listenAddr, err)
+ return err
+ }
+
+ tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
+ if err != nil {
+ log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, network, listenAddr, err)
+ return err
+ }
+
+ return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
+}
+
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
+ return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
+}
diff --git a/cmd/web_letsencrypt.go b/cmd/web_letsencrypt.go
index 096db36b24..066208457b 100644
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -55,6 +55,23 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
tlsConfig := magic.TLSConfig()
tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
+ if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
+ tlsConfig.MinVersion = version
+ }
+ if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
+ tlsConfig.MaxVersion = version
+ }
+
+ // Set curve preferences
+ if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
+ tlsConfig.CurvePreferences = curves
+ }
+
+ // Set cipher suites
+ if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
+ tlsConfig.CipherSuites = ciphers
+ }
+
if enableHTTPChallenge {
go func() {
log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 233e8981cb..16977f609b 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -51,6 +51,16 @@ RUN_MODE = ; prod
;REDIRECT_OTHER_PORT = false
;PORT_TO_REDIRECT = 80
;;
+;; Minimum and maximum supported TLS versions
+;SSL_MIN_VERSION=TLSv1.2
+;SSL_MAX_VERSION=
+;;
+;; SSL Curve Preferences
+;SSL_CURVE_PREFERENCES=X25519,P256
+;;
+;; SSL Cipher Suites
+;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
+;;
;; Timeout for any write to the connection. (Set to 0 to disable all timeouts.)
;PER_WRITE_TIMEOUT = 30s
;;
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index ae4f754170..d7a7023ff5 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -310,6 +310,42 @@ The following configuration set `Content-Type: application/vnd.android.package-a
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
- `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
+- `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support.
+- `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
+- `SSL_CURVE_PREFERENCES`: **X25519,P256**: Set the prefered curves,
+- `SSL_CIPHER_SUITES`: **ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305**: Set the preferred cipher suites.
+ - If there is not hardware support for AES suites by default the cha cha suites will be preferred over the AES suites
+ - supported suites as of go 1.17 are:
+ - TLS 1.0 - 1.2 cipher suites
+ - "rsa_with_rc4_128_sha"
+ - "rsa_with_3des_ede_cbc_sha"
+ - "rsa_with_aes_128_cbc_sha"
+ - "rsa_with_aes_256_cbc_sha"
+ - "rsa_with_aes_128_cbc_sha256"
+ - "rsa_with_aes_128_gcm_sha256"
+ - "rsa_with_aes_256_gcm_sha384"
+ - "ecdhe_ecdsa_with_rc4_128_sha"
+ - "ecdhe_ecdsa_with_aes_128_cbc_sha"
+ - "ecdhe_ecdsa_with_aes_256_cbc_sha"
+ - "ecdhe_rsa_with_rc4_128_sha"
+ - "ecdhe_rsa_with_3des_ede_cbc_sha"
+ - "ecdhe_rsa_with_aes_128_cbc_sha"
+ - "ecdhe_rsa_with_aes_256_cbc_sha"
+ - "ecdhe_ecdsa_with_aes_128_cbc_sha256"
+ - "ecdhe_rsa_with_aes_128_cbc_sha256"
+ - "ecdhe_rsa_with_aes_128_gcm_sha256"
+ - "ecdhe_ecdsa_with_aes_128_gcm_sha256"
+ - "ecdhe_rsa_with_aes_256_gcm_sha384"
+ - "ecdhe_ecdsa_with_aes_256_gcm_sha384"
+ - "ecdhe_rsa_with_chacha20_poly1305_sha256"
+ - "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
+ - TLS 1.3 cipher suites
+ - "aes_128_gcm_sha256"
+ - "aes_256_gcm_sha384"
+ - "chacha20_poly1305_sha256"
+ - Aliased names
+ - "ecdhe_rsa_with_chacha20_poly1305" is an alias for "ecdhe_rsa_with_chacha20_poly1305_sha256"
+ - "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
diff --git a/go.mod b/go.mod
index a1146372ad..4c156b1957 100644
--- a/go.mod
+++ b/go.mod
@@ -69,7 +69,7 @@ require (
github.com/kevinburke/ssh_config v1.1.0 // indirect
github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
github.com/klauspost/compress v1.13.1
- github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+ github.com/klauspost/cpuid/v2 v2.0.9
github.com/klauspost/pgzip v1.2.5 // indirect
github.com/lib/pq v1.10.2
github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
diff --git a/modules/graceful/server.go b/modules/graceful/server.go
index f7ec791d85..159a9879df 100644
--- a/modules/graceful/server.go
+++ b/modules/graceful/server.go
@@ -95,48 +95,14 @@ func (srv *Server) ListenAndServe(serve ServeFunction) error {
return srv.Serve(serve)
}
-// ListenAndServeTLS listens on the provided network address and then calls
-// Serve to handle requests on incoming TLS connections.
-//
-// Filenames containing a certificate and matching private key for the server must
-// be provided. If the certificate is signed by a certificate authority, the
-// certFile should be the concatenation of the server's certificate followed by the
-// CA's certificate.
-func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFunction) error {
- config := &tls.Config{}
- if config.NextProtos == nil {
- config.NextProtos = []string{"h2", "http/1.1"}
- }
-
- config.Certificates = make([]tls.Certificate, 1)
-
- certPEMBlock, err := os.ReadFile(certFile)
- if err != nil {
- log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err)
- return err
- }
-
- keyPEMBlock, err := os.ReadFile(keyFile)
- if err != nil {
- log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err)
- return err
- }
-
- config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
- if err != nil {
- log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err)
- return err
- }
-
- return srv.ListenAndServeTLSConfig(config, serve)
-}
-
// ListenAndServeTLSConfig listens on the provided network address and then calls
// Serve to handle requests on incoming TLS connections.
func (srv *Server) ListenAndServeTLSConfig(tlsConfig *tls.Config, serve ServeFunction) error {
go srv.awaitShutdown()
- tlsConfig.MinVersion = tls.VersionTLS12
+ if tlsConfig.MinVersion == 0 {
+ tlsConfig.MinVersion = tls.VersionTLS12
+ }
l, err := GetListener(srv.network, srv.address)
if err != nil {
diff --git a/modules/graceful/server_http.go b/modules/graceful/server_http.go
index 4471e379ef..f7b22ceb5e 100644
--- a/modules/graceful/server_http.go
+++ b/modules/graceful/server_http.go
@@ -33,13 +33,6 @@ func HTTPListenAndServe(network, address, name string, handler http.Handler) err
return server.ListenAndServe(lHandler)
}
-// HTTPListenAndServeTLS listens on the provided network address and then calls Serve
-// to handle requests on incoming connections.
-func HTTPListenAndServeTLS(network, address, name, certFile, keyFile string, handler http.Handler) error {
- server, lHandler := newHTTPServer(network, address, name, handler)
- return server.ListenAndServeTLS(certFile, keyFile, lHandler)
-}
-
// HTTPListenAndServeTLSConfig listens on the provided network address and then calls Serve
// to handle requests on incoming connections.
func HTTPListenAndServeTLSConfig(network, address, name string, tlsConfig *tls.Config, handler http.Handler) error {
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index c5608c85bc..16ebde1791 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -114,6 +114,10 @@ var (
LetsEncryptTOS bool
LetsEncryptDirectory string
LetsEncryptEmail string
+ SSLMinimumVersion string
+ SSLMaximumVersion string
+ SSLCurvePreferences []string
+ SSLCipherSuites []string
GracefulRestartable bool
GracefulHammerTime time.Duration
StartupTimeout time.Duration
@@ -618,6 +622,10 @@ func NewContext() {
}
LetsEncryptDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
LetsEncryptEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
+ SSLMinimumVersion = sec.Key("SSL_MIN_VERSION").MustString("")
+ SSLMaximumVersion = sec.Key("SSL_MAX_VERSION").MustString("")
+ SSLCurvePreferences = sec.Key("SSL_CURVE_PREFERENCES").Strings(",")
+ SSLCipherSuites = sec.Key("SSL_CIPHER_SUITES").Strings(",")
Domain = sec.Key("DOMAIN").MustString("localhost")
HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")
HTTPPort = sec.Key("HTTP_PORT").MustString("3000")