Support strong TLS cipher suites for gitlab.labs.nic.cz

anon50890781 · September 18, 2018, 3:41pm

Having the browser set to TLS 1.2 and 1.3 and limited to these strong cipher suites:

ecdhe_ecdsa_aes_256_gcm_sha384
ecdhe_ecdsa_aes_256_sha
ecdhe_ecdsa_chacha20_poly1305_sha256
ecdhe_rsa_aes_256_gcm_sha384
ecdhe_rsa_aes_256_sha
ecdhe_rsa_chacha20_poly1305_sha256

the connection with gitlab.labs.nic.cz fails:

Secure Connection Failed
An error occurred during a connection to gitlab.labs.nic.cz. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Thus would appreciate that when the certificates gets renewed there would be support for those cipher suites.

vcunat · September 18, 2018, 4:11pm

AES < 256 is considered weak now?

anon50890781 · September 18, 2018, 4:17pm

In my book it is but I would prefer this thread not going into a discussion about it but rather have the cipher suite support on the domain in question, similar to what is available on this forum.

anon50890781 · May 14, 2019, 12:23pm

Unfortunately the picture is still the same and forcing to run another browser instance just access that domain

vojtech.myslivec · May 14, 2019, 1:02pm

Good point. I have reported it to CZ.NIC gitlab admins. Anyway the site receives A+ rank so I don’t see a big issue here.

I don’t want to discuss about cipher suites, but I cannot help:

SHA is broken (from your ecdhe_ecdsa_aes_256_sha and similar), AES128 not – any AES in general not
Gitlab uses RSA key with 2048 b modulus (see gitlab’ certificate), which has security level less than 128 b and far less than your forced AES 256

So if you are paranoid about security, you should deal with SHA1 and RSA 2048 b first

anon50890781 · May 14, 2019, 1:37pm

SHA1 has been phased out of modern browsers some time ago, at least in FF, and thus it does not spawn into SHA1 at all - checking via https://www.ssllabs.com/ssltest/viewMyClient.html or https://www.howsmyssl.com

The cipher suites your client said it supports, in the order it sent them, are:

TLS_AES_128_GCM_SHA256
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

It does not rate well on the cipher strength (80/100)

vojtech.myslivec · May 15, 2019, 8:22am

From rfc5246:

   SHA
      The Secure Hash Algorithm [SHS] is defined in FIPS PUB 180-2.  It
      produces a 20-byte output.  Note that all references to SHA
      (without a numerical suffix) actually use the modified SHA-1
      algorithm.

anon50890781 · May 15, 2019, 8:24am

Thanks for the input, wondering about SHA1 supposedly being disbanded in modern browsers.

And why Gitlab is offering the same with their certificate

vojtech.myslivec · May 15, 2019, 8:29am

AFAIK, it is widely used and probably mandatory from already stated RFC about TLS1.2. Also, as you can see, even SSLLabs is ok with your two SHA1 cipher suites.

Gitlab server is not managed by Turris team in CZ.NIC and as I said, I have reported them the issue about potentially weak cipher suites.

vojtech.myslivec · May 24, 2019, 7:35am

AES256 cipher suites are available from Wednesday.

vojtech.myslivec · May 27, 2019, 4:00pm

This topic was automatically closed after 3 days. New replies are no longer allowed.