Merge pull request #736 from jzelinskie/fix-sweet32-v2

api: use cockroachdb cipher suite
quay · Mar 8, 2019 · e69ee21 · e69ee21
2 parents d8560e2 + ee4380f
commit e69ee21
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 2 deletions.
diff --git a/api/api.go b/api/api.go
@@ -144,6 +144,49 @@ func tlsClientConfig(caPath string) (*tls.Config, error) {
 	tlsConfig := &tls.Config{
 		ClientCAs:  caCertPool,
 		ClientAuth: tls.RequireAndVerifyClientCert,
+
+		// This is Go's default list of cipher suites (as of go 1.8.3),
+		// with the following differences:
+		//
+		// - 3DES-based cipher suites have been removed. This cipher is
+		//   vulnerable to the Sweet32 attack and is sometimes reported by
+		//   security scanners. (This is arguably a false positive since
+		//   it will never be selected: Any TLS1.2 implementation MUST
+		//   include at least one cipher higher in the priority list, but
+		//   there's also no reason to keep it around)
+		// - AES is always prioritized over ChaCha20. Go makes this decision
+		//   by default based on the presence or absence of hardware AES
+		//   acceleration.
+		//   TODO(bdarnell): do the same detection here. See
+		//   https://github.com/golang/go/issues/21167
+		//
+		// Note that some TLS cipher suite guidance (such as Mozilla's[1])
+		// recommend replacing the CBC_SHA suites below with CBC_SHA384 or
+		// CBC_SHA256 variants. We do not do this because Go does not
+		// currerntly implement the CBC_SHA384 suites, and its CBC_SHA256
+		// implementation is vulnerable to the Lucky13 attack and is disabled
+		// by default.[2]
+		//
+		// [1]: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+		// [2]: https://github.com/golang/go/commit/48d8edb5b21db190f717e035b4d9ab61a077f9d7
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+		},
+
+		MinVersion: tls.VersionTLS12,
 	}
 
 	return tlsConfig, nil

diff --git a/ext/vulnsrc/rhel/rhel.go b/ext/vulnsrc/rhel/rhel.go
@@ -364,7 +364,7 @@ func severity(def definition) database.Severity {
 	case "Critical":
 		return database.CriticalSeverity
 	default:
-		log.Warning("could not determine vulnerability severity from: %s.", def.Title)
+		log.Warningf("could not determine vulnerability severity from: %s.", def.Title)
 		return database.UnknownSeverity
 	}
 }
diff --git a/ext/vulnsrc/ubuntu/ubuntu.go b/ext/vulnsrc/ubuntu/ubuntu.go
@@ -375,7 +375,7 @@ func SeverityFromPriority(priority string) database.Severity {
 	case "critical":
 		return database.CriticalSeverity
 	default:
-		log.Warning("could not determine a vulnerability severity from: %s", priority)
+		log.Warningf("could not determine a vulnerability severity from: %s", priority)
 		return database.UnknownSeverity
 	}
 }