diff options
author | Roman Reiss <me@silverwind.io> | 2015-02-15 18:43:36 +0100 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2015-02-16 12:33:12 +0100 |
commit | 77f35861d0217273b9e478f5d35bd7d8e471e14f (patch) | |
tree | f027b88a1ef22323dd66986f7e89546d2cd8c4f2 /doc | |
parent | 20f8e7f17a931e3852f7c58a25db55bd78943697 (diff) | |
download | node-new-77f35861d0217273b9e478f5d35bd7d8e471e14f.tar.gz |
tls: more secure defaults
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.
Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/tls.markdown | 48 |
1 files changed, 18 insertions, 30 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index c5cfc1562a..63c9649e1b 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -25,8 +25,10 @@ To create a self-signed certificate with the CSR, do this: Alternatively you can send the CSR to a Certificate Authority for signing. -(TODO: docs on creating a CA, for now interested users should just look at -`test/fixtures/keys/Makefile` in the Node source code) +For Perfect Forward Secrecy, it is required to generate Diffie-Hellman +parameters: + + openssl dhparam -outform PEM -out dhparam.pem 2048 To create .pfx or .p12, do this: @@ -136,31 +138,20 @@ automatically set as a listener for the [secureConnection][] event. The - `crl` : Either a string or list of strings of PEM encoded CRLs (Certificate Revocation List) - - `ciphers`: A string describing the ciphers to use or exclude. - - To mitigate [BEAST attacks] it is recommended that you use this option in - conjunction with the `honorCipherOrder` option described below to - prioritize the non-CBC cipher. - - Defaults to - `ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL`. - Consult the [OpenSSL cipher list format documentation] for details - on the format. + - `ciphers`: A string describing the ciphers to use or exclude, seperated by + `:`. The default cipher suite is: - `ECDHE-RSA-AES128-SHA256`, `DHE-RSA-AES128-SHA256` and - `AES128-GCM-SHA256` are TLS v1.2 ciphers and used when io.js is - linked against OpenSSL 1.0.1 or newer, such as the bundled version - of OpenSSL. Note that it is still possible for a TLS v1.2 client - to negotiate a weaker cipher unless `honorCipherOrder` is enabled. + ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256: + DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256: + HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA - `RC4` is used as a fallback for clients that speak on older version of - the TLS protocol. `RC4` has in recent years come under suspicion and - should be considered compromised for anything that is truly sensitive. - It is speculated that state-level actors possess the ability to break it. - - **NOTE**: Previous revisions of this section suggested `AES256-SHA` as an - acceptable cipher. Unfortunately, `AES256-SHA` is a CBC cipher and therefore - susceptible to [BEAST attacks]. Do *not* use it. + The default cipher suite prefers ECDHE and DHE ciphers for Perfect Forward + secrecy, while offering *some* backward compatibiltity. Old clients which + rely on insecure and deprecated RC4 or DES-based ciphers (like Internet + Explorer 6) aren't able to complete the handshake with the default + configuration. If you absolutely must support these clients, the + [TLS recommendations] may offer a compatible cipher suite. For more details + on the format, see the [OpenSSL cipher list format documentation]. - `ecdhCurve`: A string describing a named curve to use for ECDH key agreement or false to disable ECDH. @@ -178,11 +169,7 @@ automatically set as a listener for the [secureConnection][] event. The times out. - `honorCipherOrder` : When choosing a cipher, use the server's preferences - instead of the client preferences. - - Although, this option is disabled by default, it is *recommended* that you - use this option in conjunction with the `ciphers` option to mitigate - BEAST attacks. + instead of the client preferences. Default: `true`. - `requestCert`: If `true` the server will request a certificate from clients that connect and attempt to verify that certificate. Default: @@ -812,3 +799,4 @@ The numeric representation of the local port. [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman [asn1.js]: http://npmjs.org/package/asn1.js [OCSP request]: http://en.wikipedia.org/wiki/OCSP_stapling +[TLS recommendations]: https://wiki.mozilla.org/Security/Server_Side_TLS |