DEV Community

Masui Masanori
Masui Masanori

Posted on • Updated on

[Nginx] Configuration about TLS

Intro

This time, I will try Nginx configuration about TLS.

Environments

  • Ubuntu ver.22.04.1 LTS
  • Nginx ver.1.22.1
  • OpenSSL ver.3.0.2 15 Mar 2022

Cipher suites

To connect using TLS, the server and client need to agree on whitch cipher suite to use.

webrtcapp.conf

...
server {
    listen 4444 ssl http2;
    server_name localhost;
    proxy_buffering off;
    proxy_cache off;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    proxy_read_timeout 24h;
    chunked_transfer_encoding off;

    # default values
    #ssl_ciphers 'HIGH:!aNULL:!MD5';
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_prefer_server_ciphers off;

    ssl_certificate /home/example/local_cert.pem;
    ssl_certificate_key /home/example/local_key.pem;
    location / {
...
        proxy_pass http://localhost:8080;
    }
}
Enter fullscreen mode Exit fullscreen mode

Default ciphers

I can use "openssl ciphers -v 'HIGH:!aNULL:!MD5'" to see what cipher suites are selected.

TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
DHE-DSS-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=DSS   Enc=AESGCM(256)            Mac=AEAD
DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(256)            Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305    TLSv1.2 Kx=ECDH     Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305      TLSv1.2 Kx=DH       Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8        TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256)           Mac=AEAD
ECDHE-ECDSA-AES256-CCM         TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256)            Mac=AEAD
DHE-RSA-AES256-CCM8            TLSv1.2 Kx=DH       Au=RSA   Enc=AESCCM8(256)           Mac=AEAD
DHE-RSA-AES256-CCM             TLSv1.2 Kx=DH       Au=RSA   Enc=AESCCM(256)            Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(256)           Mac=AEAD
ECDHE-ARIA256-GCM-SHA384       TLSv1.2 Kx=ECDH     Au=RSA   Enc=ARIAGCM(256)           Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384     TLSv1.2 Kx=DH       Au=DSS   Enc=ARIAGCM(256)           Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384     TLSv1.2 Kx=DH       Au=RSA   Enc=ARIAGCM(256)           Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
DHE-DSS-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=DSS   Enc=AESGCM(128)            Mac=AEAD
DHE-RSA-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(128)            Mac=AEAD
ECDHE-ECDSA-AES128-CCM8        TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128)           Mac=AEAD
ECDHE-ECDSA-AES128-CCM         TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128)            Mac=AEAD
DHE-RSA-AES128-CCM8            TLSv1.2 Kx=DH       Au=RSA   Enc=AESCCM8(128)           Mac=AEAD
DHE-RSA-AES128-CCM             TLSv1.2 Kx=DH       Au=RSA   Enc=AESCCM(128)            Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(128)           Mac=AEAD
ECDHE-ARIA128-GCM-SHA256       TLSv1.2 Kx=ECDH     Au=RSA   Enc=ARIAGCM(128)           Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256     TLSv1.2 Kx=DH       Au=DSS   Enc=ARIAGCM(128)           Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256     TLSv1.2 Kx=DH       Au=RSA   Enc=ARIAGCM(128)           Mac=AEAD
ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
DHE-RSA-AES256-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA256
DHE-DSS-AES256-SHA256          TLSv1.2 Kx=DH       Au=DSS   Enc=AES(256)               Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256)          Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384   TLSv1.2 Kx=ECDH     Au=RSA   Enc=Camellia(256)          Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256     TLSv1.2 Kx=DH       Au=RSA   Enc=Camellia(256)          Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256     TLSv1.2 Kx=DH       Au=DSS   Enc=Camellia(256)          Mac=SHA256
ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256
DHE-RSA-AES128-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA256
DHE-DSS-AES128-SHA256          TLSv1.2 Kx=DH       Au=DSS   Enc=AES(128)               Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128)          Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256   TLSv1.2 Kx=ECDH     Au=RSA   Enc=Camellia(128)          Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256     TLSv1.2 Kx=DH       Au=RSA   Enc=Camellia(128)          Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256     TLSv1.2 Kx=DH       Au=DSS   Enc=Camellia(128)          Mac=SHA256
...
RSA-PSK-AES256-GCM-SHA384      TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=AESGCM(256)            Mac=AEAD
DHE-PSK-AES256-GCM-SHA384      TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESGCM(256)            Mac=AEAD
RSA-PSK-CHACHA20-POLY1305      TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305      TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305    TLSv1.2 Kx=ECDHEPSK Au=PSK   Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8            TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESCCM8(256)           Mac=AEAD
DHE-PSK-AES256-CCM             TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESCCM(256)            Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384     TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=ARIAGCM(256)           Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384     TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=ARIAGCM(256)           Mac=AEAD
AES256-GCM-SHA384              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(256)            Mac=AEAD
AES256-CCM8                    TLSv1.2 Kx=RSA      Au=RSA   Enc=AESCCM8(256)           Mac=AEAD
AES256-CCM                     TLSv1.2 Kx=RSA      Au=RSA   Enc=AESCCM(256)            Mac=AEAD
ARIA256-GCM-SHA384             TLSv1.2 Kx=RSA      Au=RSA   Enc=ARIAGCM(256)           Mac=AEAD
PSK-AES256-GCM-SHA384          TLSv1.2 Kx=PSK      Au=PSK   Enc=AESGCM(256)            Mac=AEAD
PSK-CHACHA20-POLY1305          TLSv1.2 Kx=PSK      Au=PSK   Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8                TLSv1.2 Kx=PSK      Au=PSK   Enc=AESCCM8(256)           Mac=AEAD
PSK-AES256-CCM                 TLSv1.2 Kx=PSK      Au=PSK   Enc=AESCCM(256)            Mac=AEAD
PSK-ARIA256-GCM-SHA384         TLSv1.2 Kx=PSK      Au=PSK   Enc=ARIAGCM(256)           Mac=AEAD
RSA-PSK-AES128-GCM-SHA256      TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=AESGCM(128)            Mac=AEAD
DHE-PSK-AES128-GCM-SHA256      TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESGCM(128)            Mac=AEAD
DHE-PSK-AES128-CCM8            TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESCCM8(128)           Mac=AEAD
DHE-PSK-AES128-CCM             TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESCCM(128)            Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256     TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=ARIAGCM(128)           Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256     TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=ARIAGCM(128)           Mac=AEAD
AES128-GCM-SHA256              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(128)            Mac=AEAD
AES128-CCM8                    TLSv1.2 Kx=RSA      Au=RSA   Enc=AESCCM8(128)           Mac=AEAD
AES128-CCM                     TLSv1.2 Kx=RSA      Au=RSA   Enc=AESCCM(128)            Mac=AEAD
ARIA128-GCM-SHA256             TLSv1.2 Kx=RSA      Au=RSA   Enc=ARIAGCM(128)           Mac=AEAD
PSK-AES128-GCM-SHA256          TLSv1.2 Kx=PSK      Au=PSK   Enc=AESGCM(128)            Mac=AEAD
PSK-AES128-CCM8                TLSv1.2 Kx=PSK      Au=PSK   Enc=AESCCM8(128)           Mac=AEAD
PSK-AES128-CCM                 TLSv1.2 Kx=PSK      Au=PSK   Enc=AESCCM(128)            Mac=AEAD
PSK-ARIA128-GCM-SHA256         TLSv1.2 Kx=PSK      Au=PSK   Enc=ARIAGCM(128)           Mac=AEAD
AES256-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA256
CAMELLIA256-SHA256             TLSv1.2 Kx=RSA      Au=RSA   Enc=Camellia(256)          Mac=SHA256
AES128-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA256
CAMELLIA128-SHA256             TLSv1.2 Kx=RSA      Au=RSA   Enc=Camellia(128)          Mac=SHA256
...
Enter fullscreen mode Exit fullscreen mode

Use Generator

I can generate the configurations by SSL Configuration Generator.

I will change the TLS configurations

webrtcapp.conf

...
server {
    listen 4444 ssl http2;
    server_name localhost;
    proxy_buffering off;
    proxy_cache off;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    proxy_read_timeout 24h;
    chunked_transfer_encoding off;

    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;

    ssl_certificate /home/example/local_cert.pem;
    ssl_certificate_key /home/example/local_key.pem;
    location / {
...
        proxy_pass http://localhost:8080;
    }
}
Enter fullscreen mode Exit fullscreen mode

ssl_ciphers

All of the selected ciphers are for TLS ver.1.2.

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
Enter fullscreen mode Exit fullscreen mode

How about the TLS ver.1.3?

According to the issue below, it seems that TLS ver.1.3 ciphers cannot be specified in Nginx's ssl_ciphers due to OpenSSL.

Resources

Top comments (0)