Traefik: Tr忙fik does not use all configured CipherSuites

Created on 6 Feb 2018  路  1Comment  路  Source: traefik/traefik

Do you want to request a feature or report a bug?

Bug.

See https://traefik.slack.com/messages/C0CDT22PJ/convo/C0CDT22PJ-1517933961.000614/ with @dtomcej.

What did you do?

I'm using the docker image traefik:1.5.1. I tried to configure traefik to use only ciphers recommened by https://cipherli.st/:

  [entryPoints.https.tls]
    CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]

What did you expect to see?

Traefic should accept all given ciphers.

What did you see instead?

... but only the TLS_ECDHE_RSA_WITH_AES* ciphers are offered (see https://www.ssllabs.com/ssltest/analyze.html?d=mail.svengo.net for example) and accepted. I tested it with nmap locally:

sven@arnor:~/src/nmap$ nmap --script ssl-enum-ciphers -p 443 mail.svengo.net
Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-06 18:19 CET
Nmap scan report for mail.svengo.net (91.121.84.137)
Host is up (0.00013s latency).
rDNS record for 91.121.84.137: arnor.svengo.net
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       Key exchange parameters of lower strength than certificate key
|_  least strength: A

Tried ECDHE-ECDSA-AES256-GCM-SHA384 (= TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384):

sven@arnor:~$ openssl s_client -cipher 'ECDHE-ECDSA-AES256-GCM-SHA384' -connect mail.svengo.net:443
CONNECTED(00000003)
140485972207256:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 139 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1517935920
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

The corresponding RSA-cipher works:

sven@arnor:~$ openssl s_client -cipher 'ECDHE-RSA-AES256-GCM-SHA384' -connect mail.svengo.net:443
CONNECTED(00000003)
depth=0 CN = TRAEFIK DEFAULT CERT
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = TRAEFIK DEFAULT CERT
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=TRAEFIK DEFAULT CERT
   i:/CN=TRAEFIK DEFAULT CERT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIRAN1FNL2SBl+dzzCzbzoCg5wwDQYJKoZIhvcNAQELBQAw
HzEdMBsGA1UEAxMUVFJBRUZJSyBERUZBVUxUIENFUlQwHhcNMTgwMjA2MTY0NDQ5
WhcNMTgwMjA2MTY0NDQ5WjAfMR0wGwYDVQQDExRUUkFFRklLIERFRkFVTFQgQ0VS
VDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkWKMnIVHM0/r/IBcGM
eXYRetKZiSckI7shoXHky2OJ+54/E7stZqSvRNkYhI3YFcdQjk9Q76EOfCXPj7IS
FGdPSHwHyxMv+t+oCqA1ctrz1scImxy+NqNyYt7E4GSr/+LTsfHZ4gjEDyFkiy5V
xmo3Tkn9AH97HERHnuYVT8ACRyQbMMndQSLFNE51uAk7dvmYr5u4pCbkNq31y2qr
U+LC7fLlm1jvlz9WygRK9t5O5wJqPr1Kirstl1W8TX5wHp1rLdmJlBdcA5kvnZn0
our1lyui3uuwG9XjffPYlCy2nqW4a2aOefYsmSPBeTgSIsHuRuyJiHj9/JxA3kWN
Tu8CAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgUgMAwGA1UdEwEB/wQCMAAwXAYDVR0R
BFUwU4JRODA2MWQzZDMyZWQzNGRlMWU5N2YzZTVkOGE4N2VlM2IuNWYyZTlhOGQx
NDI0YjkyN2ZlNGQ0MWRiMGU4ODU5YWEudHJhZWZpay5kZWZhdWx0MA0GCSqGSIb3
DQEBCwUAA4IBAQBTtKFpb3/55qTea2kUDj19bmfnZtQwjSwS6rHxsGtfDGhJ4Y4f
5rviHxtfLZLmxqmZQCjEzjHmwaEwyDGITfnewSlpb2hlOqvekeHXIFi1RJ1JV5qz
CgLEzscpLylpmehyw1QjFRAYX+5iNgDHZ6H0mgUeD5QctjmeDWAmWiUmPCzg6Hsa
A2xJmgLT9dtN75Upc0YPNElAhGUkWQp/3W14Uz7pg17xgFDq7OfMTWNgC/CdAzC/
yH5OOU8IEAXA06C+RvILHgVX0dkH8e05h9/WsvEMWDbrmnLJOeJRKmKdWHgtoPZA
kfIkp/vWHc9gJFlp9AnWsiLsJEWC5fDgSkJ5
-----END CERTIFICATE-----
subject=/CN=TRAEFIK DEFAULT CERT
issuer=/CN=TRAEFIK DEFAULT CERT
---
No client certificate CA names sent
Peer signing digest: SHA384
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1449 bytes and written 265 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 1EEA59236B19526E0C75FC3CD07E45EEDDEF3464BEAA76192F09675FD0397EF1
    Session-ID-ctx:
    Master-Key: 8D7FD9670A542B8F3339F3E903CEF3E6F5954401DDCEF8E5A8F448175D1C3ECFA6D7363E2C92D7D07136A20F8C06D0B9
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - 15 14 8e ab c9 57 10 0d-27 04 bf 6c ab 47 20 98   .....W..'..l.G .
    0010 - c5 38 3d 77 e9 eb fa 9e-b8 13 f4 de 06 0a 01 af   .8=w............
    0020 - 61 bf 4e dc f1 c0 91 da-1f cf 12 4b 20 11 d5 16   a.N........K ...
    0030 - 40 56 0d 63 3d 90 1a 19-a4 5e c4 0e f8 6c 30 4e   @V.c=....^...l0N
    0040 - 4c 9a 8e 5f 98 11 39 87-39 dc 96 08 08 84 fe b1   L.._..9.9.......
    0050 - f8 4a a9 15 78 4e e6 75-90 85 ba 83 46 41 64 7a   .J..xN.u....FAdz
    0060 - b6 d1 bd 13 a5 fe d1 2e-26 8f 24 5f 6e 12 bd 10   ........&.$_n...
    0070 - 61 04 fd c4 52 8e c3 7b-                          a...R..{

    Start Time: 1517936100
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
DONE

Output of traefik version: (_What version of Traefik are you using?_)

sven@arnor:~/docker/traefik$ docker-compose exec traefik /traefik version
Version:      v1.5.1
Codename:     cancoillotte
Go version:   go1.9.3
Built:        2018-01-29_02:14:02PM
OS/Arch:      linux/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

DEBug = false
checkNewVersion = true
logLevel = "INFO"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    # https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table
    # https://cipherli.st/
    CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
#    CipherSuites = ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
    # unsupported: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"


[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "svengo.net"
watch = true
exposedbydefault = false

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
#caServer = "https://acme-staging.api.letsencrypt.org/directory"
  [acme.httpChallenge]
  entryPoint = "http"

[web]
address = ":8080"

[web.statistics]
recentErrors = 20

If applicable, please paste the log output in debug mode (--debug switch)

(paste your output here)
aretls kinquestion statu5-frozen-due-to-age
Source
picture svengo

Most helpful comment

Hello @svengo.

Many thanks for your interest in the project.

After analyzing your issue, it appears that there is no problem with the CipherSuitesin Tr忙fik.
Indeed, when Tr忙fik starts with a TLS EntryPoint which has no certificate attached, it generates a default RSA self-signed certificate.

This certificate is used when you executed your commands, that's why only RSA algorithms seems to be allowed : the connection cannot accept an algorithm which is not allowed by the certificate served.

If your initialized your TLS EntryPoint with a ECDSA certificates, your commands should work fine.

It's possible to reproduce the test by following these steps :

  • Create a ECDSA key and certificate as described here.
  • Configure Tr忙fik with the certificates attached to the TLS EntryPoint :
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":5002"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":5001"
  [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
    [[entryPoints.https.tls.certificates]]
        certFile = "certificate.pem"
        keyFile = "key.pem"
  • Launch Tr忙fik
  • Execute the command nmap --script ssl-enum-ciphers -p 5001 127.0.0.1 :

Result :

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-09 09:30 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000067s latency).

PORT     STATE SERVICE
5001/tcp open  commplex-link
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (prime256v1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (prime256v1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (prime256v1) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

Note that the certificates added dynamicaly (thanks to the [acme] option for example) cannot be tested by the nmap and openssl commands.
But you can test the allowed ciphers thanks to a curl command : curl -k https://localhost.com:5001 --ciphers ECDHE-ECDSA-AES256-GCM-SHA384.

I hope I answered your question.
I close the issue but feel free to re-open it if necessary.

EDIT : The openssl command can work with -servername option.

picture nmengin on 9 Feb 2018
👍2

>All comments

Hello @svengo.

Many thanks for your interest in the project.

After analyzing your issue, it appears that there is no problem with the CipherSuitesin Tr忙fik.
Indeed, when Tr忙fik starts with a TLS EntryPoint which has no certificate attached, it generates a default RSA self-signed certificate.

This certificate is used when you executed your commands, that's why only RSA algorithms seems to be allowed : the connection cannot accept an algorithm which is not allowed by the certificate served.

If your initialized your TLS EntryPoint with a ECDSA certificates, your commands should work fine.

It's possible to reproduce the test by following these steps :

  • Create a ECDSA key and certificate as described here.
  • Configure Tr忙fik with the certificates attached to the TLS EntryPoint :
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":5002"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":5001"
  [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
    [[entryPoints.https.tls.certificates]]
        certFile = "certificate.pem"
        keyFile = "key.pem"
  • Launch Tr忙fik
  • Execute the command nmap --script ssl-enum-ciphers -p 5001 127.0.0.1 :

Result :

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-09 09:30 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000067s latency).

PORT     STATE SERVICE
5001/tcp open  commplex-link
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (prime256v1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (prime256v1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (prime256v1) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

Note that the certificates added dynamicaly (thanks to the [acme] option for example) cannot be tested by the nmap and openssl commands.
But you can test the allowed ciphers thanks to a curl command : curl -k https://localhost.com:5001 --ciphers ECDHE-ECDSA-AES256-GCM-SHA384.

I hope I answered your question.
I close the issue but feel free to re-open it if necessary.

EDIT : The openssl command can work with -servername option.

nmengin picture nmengin on 9 Feb 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

aximo picture aximo  路  3Comments
danielh1989 picture danielh1989  路  3Comments
f3l1x picture f3l1x  路  3Comments
ulm0 picture ulm0  路  3Comments
bitsofinfo picture bitsofinfo  路  3Comments