Restrict TLS cipher suites to GCM/CHACHA20 and bump Go to 1.26.3 for SHA-1 removal#430
Open
pzeinlinger wants to merge 2 commits into
Open
Restrict TLS cipher suites to GCM/CHACHA20 and bump Go to 1.26.3 for SHA-1 removal#430pzeinlinger wants to merge 2 commits into
pzeinlinger wants to merge 2 commits into
Conversation
The new distroless pebble image runs the binary as its entrypoint and has no shell or netstat. Pass pebble args directly and drop the netstat-based healthcheck; dependents now wait via service_started.
…SHA-1 removal
Internet.nl flagged the mail server as supporting insufficient TLS 1.2 cipher
suites (TLS_ECDHE_ECDSA_WITH_AES_{128,256}_CBC_SHA) and SHA-1 as a key
exchange hash. Explicitly set CipherSuites on the Config, ConfigFallback and
ACMEConfig to only allow GCM and CHACHA20-POLY1305 suites that NCSC-NL rates
as Sufficient. Bump go.mod to 1.26.3, which disables SHA-1 signature
algorithms in TLS 1.2 handshakes by default per RFC 9155.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #409.
Summary
Internet.nl's mail-server check flagged my mox instance for two TLS issues that boil down to Go's default TLS 1.2 configuration:
TLS_ECDHE_ECDSA_WITH_AES_{128,256}_CBC_SHA, which NCSC-NL rates as insufficient (crypto/tls: Disable CBC Ciphers by default golang/go#13385 is open and unplanned).GODEBUG=tlssha1=1.Changes
mox-/config.go: Explicitly setCipherSuitesonConfig,ConfigFallback, andACMEConfig(right whereMinVersionis already set) to only allow GCM and CHACHA20-POLY1305 suites that NCSC-NL rates as Sufficient. TLS 1.3 cipher suites remain non-configurable in Go and are always secure.go.mod: Bump from1.24.0to1.26.3so the SHA-1 signature algorithm change from Go 1.25 takes effect.docker-compose-integration.yml(separate commit): Pebble moved off Docker Hub, so the image reference is updated toghcr.io/letsencrypt/pebble. Pinned tov2.6.0— newer pebble releases contain breaking changes for our integration setup. The v2.6.0 image is distroless (no shell, no netstat), so pebble args are passed directly instead of viash -c, the netstat-based healthcheck is dropped, and dependents now wait viaservice_started.Allowed cipher suites after this change
Test plan
go build ./...succeeds with Go 1.26.3GOOS=linux GOARCH=arm64 go buildand ran./mox versionon Linux/aarch64make test-integrationpasses against the updated pebble imageNotes
Happy to split the pebble change into a separate PR if preferred. Also happy to make the cipher suite list configurable via the
TLSconfig struct rather than hardcoded, if you'd like to give operators an escape hatch.