From d2531ac605516e8cbda2e6ee23f69bb825875c0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Colombaro?= <git@colombaro.fr>
Date: Fri, 1 Feb 2019 16:10:06 +0100
Subject: [PATCH] Rotate ssl policies to modernize protocols recommendations

Closes #210
---
 h5bp/ssl/policy_deprecated.conf   | 30 +++++++++++++++++++++
 h5bp/ssl/policy_future.conf       | 45 -------------------------------
 h5bp/ssl/policy_intermediate.conf | 30 +++++++++------------
 h5bp/ssl/policy_modern.conf       | 41 +++++++++++++++++++++-------
 4 files changed, 73 insertions(+), 73 deletions(-)
 create mode 100644 h5bp/ssl/policy_deprecated.conf
 delete mode 100644 h5bp/ssl/policy_future.conf

diff --git a/h5bp/ssl/policy_deprecated.conf b/h5bp/ssl/policy_deprecated.conf
new file mode 100644
index 0000000..1ec96e2
--- /dev/null
+++ b/h5bp/ssl/policy_deprecated.conf
@@ -0,0 +1,30 @@
+# ----------------------------------------------------------------------
+# | SSL policy - Deprecated                                            |
+# ----------------------------------------------------------------------
+
+# For services that don't need compatibility with legacy clients
+# (mostly WinXP), but still need to support a wide range of clients,
+# this configuration is recommended.
+#
+# Protect against the BEAST and POODLE attacks by not using SSLv3 at all.
+# If you need to support older browsers (IE6) you may need to add
+# SSLv3 to the list of protocols.
+#
+# Based on intermediate profile recommended by Mozilla.
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+#
+# (1) Diffie-Hellman parameter for DHE cipher suites
+#     A 4096 bits or more DH parameter is recommended.
+#     (!) A DH parameter generation is required to enable this directive.
+#         openssl dhparam -out /etc/nginx/dhparam.pem 4096
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA;
+ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
+
+# (1)
+# ssl_dhparam /etc/nginx/dhparam.pem;
diff --git a/h5bp/ssl/policy_future.conf b/h5bp/ssl/policy_future.conf
deleted file mode 100644
index 60799fb..0000000
--- a/h5bp/ssl/policy_future.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-# ----------------------------------------------------------------------
-# | SSL policy - Future                                                |
-# ----------------------------------------------------------------------
-
-# For services that want to be on the bleeding edge, the parameters
-# below sacrifice compatibility for the highest level of security & performance
-#
-# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
-#     to be installed.
-#
-# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
-#     subject to replay attacks.
-#
-# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
-#     and potentially vulnerable.
-#
-#     Add them back to the parameter `ssl_ecdh_curve` below to support
-#     Microsoft Edge and Safari.
-#
-#     https://safecurves.cr.yp.to/
-#
-# (2) Enables TLS 1.3 0-RTT, allows for faster resumption of TLS sessions.
-#
-# (!) Requests sent within early data are subject to replay attacks.
-#     To protect against such attacks at the application layer, the
-#     $ssl_early_data variable should be used:
-#       proxy_set_header Early-Data $ssl_early_data;
-#
-#     The application should return response code 425 for anything that
-#     could contain user supplied data.
-#
-#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425
-#
-# https://github.com/certbot/certbot/issues/6367
-# https://github.com/mozilla/server-side-tls/issues/217
-# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
-
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers EECDH+CHACHA20:EECDH+AES;
-
-# (1)
-ssl_ecdh_curve X25519;
-
-# (2)
-#ssl_early_data on;
diff --git a/h5bp/ssl/policy_intermediate.conf b/h5bp/ssl/policy_intermediate.conf
index ee3befc..e9e2a22 100644
--- a/h5bp/ssl/policy_intermediate.conf
+++ b/h5bp/ssl/policy_intermediate.conf
@@ -2,29 +2,23 @@
 # | SSL policy - Intermediate                                          |
 # ----------------------------------------------------------------------
 
-# For services that don't need compatibility with legacy clients
-# (mostly WinXP), but still need to support a wide range of clients,
-# this configuration is recommended.
+# For services that don't need backward compatibility, the parameters
+# below provide a higher level of security.
 #
-# Protect against the BEAST and POODLE attacks by not using SSLv3 at all.
-# If you need to support older browsers (IE6) you may need to add
-# SSLv3 to the list of protocols.
+# (!) This policy enfore a strong SSL configuration, which may raise
+#     errors with old clients.
+#     If a more compatible profile is required, use intermediate policy.
 #
-# Based on intermediate profile recommended by Mozilla.
-# https://mozilla.github.io/server-side-tls/ssl-config-generator/
-#
-# (1) Diffie-Hellman parameter for DHE cipher suites
-#     A 4096 bits or more DH parameter is recommended.
-#     (!) A DH parameter generation is required to enable this directive.
-#         openssl dhparam -out /etc/nginx/dhparam.pem 4096
-#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known
+#     to be weak and potentially vulnerable but are required to support
+#     Microsoft Edge and Safari.
+#     https://safecurves.cr.yp.to/
 #
 # https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
 # https://nginx.org/en/docs/http/ngx_http_ssl_module.html
 
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA;
-ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
+ssl_protocols TLSv1.2;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES;
 
 # (1)
-# ssl_dhparam /etc/nginx/dhparam.pem;
+ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
diff --git a/h5bp/ssl/policy_modern.conf b/h5bp/ssl/policy_modern.conf
index 4073313..615f3c9 100644
--- a/h5bp/ssl/policy_modern.conf
+++ b/h5bp/ssl/policy_modern.conf
@@ -2,23 +2,44 @@
 # | SSL policy - Modern                                                |
 # ----------------------------------------------------------------------
 
-# For services that don't need backward compatibility, the parameters
-# below provide a higher level of security.
+# For services that want to be on the bleeding edge, the parameters
+# below sacrifice compatibility for the highest level of security & performance
 #
-# (!) This policy enfore a strong SSL configuration, which may raise
-#     errors with old clients.
-#     If a more compatible profile is required, use intermediate policy.
+# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+#     to be installed.
 #
-# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known
-#     to be weak and potentially vulnerable but are required to support
+# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
+#     subject to replay attacks.
+#
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
+#     and potentially vulnerable.
+#
+#     Add them back to the parameter `ssl_ecdh_curve` below to support
 #     Microsoft Edge and Safari.
+#
 #     https://safecurves.cr.yp.to/
 #
-# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+# (2) Enables TLS 1.3 0-RTT, allows for faster resumption of TLS sessions.
+#
+# (!) Requests sent within early data are subject to replay attacks.
+#     To protect against such attacks at the application layer, the
+#     $ssl_early_data variable should be used:
+#       proxy_set_header Early-Data $ssl_early_data;
+#
+#     The application should return response code 425 for anything that
+#     could contain user supplied data.
+#
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425
+#
+# https://github.com/certbot/certbot/issues/6367
+# https://github.com/mozilla/server-side-tls/issues/217
 # https://nginx.org/en/docs/http/ngx_http_ssl_module.html
 
-ssl_protocols TLSv1.2;
+ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers EECDH+CHACHA20:EECDH+AES;
 
 # (1)
-ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
+ssl_ecdh_curve X25519;
+
+# (2)
+#ssl_early_data on;