Merge pull request #3214 from smerkviladze/remove-weak-tls-ciphers

dperny · web-flow · commit 3a23580599a4 · 2025-10-07T17:20:46.000Z
Remove weak TLS cipher suites
diff --git a/ca/config.go b/ca/config.go
@@ -9,6 +9,7 @@ import (
 	"math/big"
 	"math/rand"
 	"path/filepath"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@@ -60,6 +61,17 @@ var (
 	errInvalidJoinToken = errors.New("invalid join token")
 )
 
+// strongTLSCiphers defines a secure, modern set of TLS cipher suites
+// with known weak algorithms removed.
+var strongTLSCiphers = []uint16{
+	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+}
+
 // SecurityConfig is used to represent a node's security configuration. It includes information about
 // the RootCA and ServerTLSCreds/ClientTLSCreds transport authenticators to be used for MTLS
 type SecurityConfig struct {
@@ -649,6 +661,7 @@ func NewServerTLSConfig(certs []tls.Certificate, rootCAPool *x509.CertPool) (*tl
 		RootCAs:                  rootCAPool,
 		ClientCAs:                rootCAPool,
 		PreferServerCipherSuites: true,
+		CipherSuites:             slices.Clone(strongTLSCiphers),
 		MinVersion:               tls.VersionTLS12,
 		NextProtos:               alpnProtoStr,
 	}, nil
@@ -665,6 +678,7 @@ func NewClientTLSConfig(certs []tls.Certificate, rootCAPool *x509.CertPool, serv
 		ServerName:   serverName,
 		Certificates: certs,
 		RootCAs:      rootCAPool,
+		CipherSuites: slices.Clone(strongTLSCiphers),
 		MinVersion:   tls.VersionTLS12,
 	}, nil
 }
