Configure TLS ciphers

The following table lists recommended ciphers for TLS server setups, which should be used in wire deployments.

Cipher

Version

Wire default

BSI TR-02102-2

Mozilla TLS Guideline

ECDHE-ECDSA-AES128-GCM-SHA256

TLSv1.2

no

yes

intermediate

ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2

no

yes

intermediate

ECDHE-ECDSA-AES256-GCM-SHA384

TLSv1.2

yes

yes

intermediate

ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2

yes

yes

intermediate

ECDHE-ECDSA-CHACHA20-POLY1305

TLSv1.2

no

no

intermediate

ECDHE-RSA-CHACHA20-POLY1305

TLSv1.2

no

no

intermediate

TLS_AES_128_GCM_SHA256

TLSv1.3

yes

yes

modern

TLS_AES_256_GCM_SHA384

TLSv1.3

yes

yes

modern

TLS_CHACHA20_POLY1305_SHA256

TLSv1.3

no

no

modern

Note

If you enable TLSv1.3, OpenSSL does always enable the three default cipher suites for TLSv1.3. Therefore it is not necessary to add them to OpenSSL based configurations.

Ingress Traffic (wire-server)

TLS ciphers for incoming requests is by default configured as a limted set of ciphers (for general server-certificates, both for federation and client API), and can be overridden on your installation if needed.

../charts/ingress-nginx-controller/values.yaml
      ssl-protocols: "TLSv1.2 TLSv1.3"
      # override cipher suites used in TLS 1.2 (only, if TLS 1.2 is used)
      ssl-ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
      # override cipher suites used in TLS 1.3 (only, if TLS 1.3 is used)
      server-snippet: "ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384;"

Egress Traffic (wire-server/federation)

The list of ciphers for outgoing federation requests is currently restricted to a subset of “Wire default” TLSv1.2 ciphers in accordance with BSI recommendations. TLSv1.3 is not supported as of yet.

../services/federator/src/Federator/Monitor/Internal.hs
blessedTLS12Ciphers =
  intercalate
    ":"
    [ -- For TLS 1.2 (copied from nginx ingress config):
      "ECDHE-ECDSA-AES256-GCM-SHA384",
      "ECDHE-RSA-AES256-GCM-SHA384"
    ]

SFTD (ansible)

The list of TLS ciphers for incoming SFT requests (and metrics) are defined in ansible templates sftd.vhost.conf.j2 and metrics.vhost.conf.j2.

SFTD (kubernetes)

SFTD deployed via kubernetes uses kubernetes.io/ingress for ingress traffic, configured in ingress.yaml. Kubernetes based deployments make use of the settings from Ingress Traffic (wire-server).

Coturn (kubernetes)

The list of TLS ciphers for “TLS over TCP” TURN are defined in the coturn helm chart

../charts/coturn/values.yaml
tls:
  enabled: false
  # compliant with BSI TR-02102-2
  ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384'

Restund (ansible)

The list of TLS ciphers for “TLS over TCP” TURN (and metrics) are defined in ansible templates nginx-stream.conf.j2 and nginx-metrics.conf.j2.

Restund (kubernetes)

Kubernetes restund deployment does not provide TLS connectivity.