Update default SSL ciphers

[aledbf]

What this PR does / why we need it:

Some of the current default ciphers are weak (now)

Follow https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.4&config=intermediate

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@19d596b). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #4813   +/-   ##
=========================================
  Coverage          ?   58.48%           
=========================================
  Files             ?       88           
  Lines             ?     6714           
  Branches          ?        0           
=========================================
  Hits              ?     3927           
  Misses            ?     2360           
  Partials          ?      427

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 19d596b...cfccc2a. Read the comment docs.

[ElvinEfendi]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, ElvinEfendi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ElvinEfendi,aledbf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rihardsgrislis]

After upgrading to ingress-nginx 0.27.1 from 0.26.1 Safari 10.1.2 on macOS 10.10.5 couldn't establish secure connection to our sites. Reverting back to 0.26.1 fixes this and Safari can establish secure connection to our sites.

Looking at the SSL configuration generator you shared it says it should work for "Safari 9" but appearantly it doesn't even for Safari 10.1.2.

[sslavic]

I suspect that besides desired removal of weak SSL ciphers, problem arose because order of ones which remained has changed unwantedly. Will test and report back.

[rihardsgrislis]

@sslavic I got my hands on that Safari and opened up howsmyssl.com. This is the result:

The cipher suites your client said it supports, in the order it sent them, are: 
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5

None of these is listed in the ssl_ciphers list that https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.4&config=intermediate generates. So the reason isn't the order but rather - none of the client ciphers match with Nginx ciphers.

[aledbf]

@rihardssceredins please use https://www.ssllabs.com/ssltest/analyze.html to check your site. In particular, for Safari (iOS) you can check this https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=9&platform=iOS%209&key=114

[aledbf]

@rihardssceredins you can change the default ciphers using https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#ssl-ciphers

[rihardsgrislis]

@aledbf thank you, will do.

P.S. Adding these 4 ciphers made SSLLabs pass all handshake simulations.

ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384

[sslavic]

Those 4 are exactly ones which were dropped from default ssl ciphers list in nginx config.

Found an article explaining why AES-CBC based ciphers like ECDHE-ECDSA-AES256-SHA384 (i.e. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384) are considered weak compared to AES-GCM equivalents like ECDHE-ECDSA-AES256-GCM-SHA384 (TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384).

So all is good, for wider (older and less secure) client support one can configure nginx with weaker ciphers, and the more secure list is valid default.

[ericsuhong]

Faced the same issue. When I upgrade nginx-ingress controller from 0.26.2 to 0.27.1, we were suddenly flagged by weak TLS cipher suites by ssl scanners.

[ericsuhong]

We are still being flagged for missing following two Cipher Suites in 0.30.0:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

This is preventing us from upgrading nginx ingress controller.

Created an issue here: #5490

[ikogan]

Would it be possible to flag something like this as a breaking change in the future?