2

I have been attempting to configure my site to have http/2 support, but I kept having to remove cipher suites because of the blacklist. Eventually, I got the list whittled down sufficiently.

The problem, however, is that I only have a cipher suite compatible with TLS 1.2 now. I'd love to use this, but it's not practical as it breaks Safari versions as new as shipping with OS X 10.10 because those only support CBC suites.

Any thoughts as to what to do to have reasonable compatibility, yet support HTTP/2?

Presently, the list is AESGCM+EECDH:AESGCM+EDH:!SHA1:!DSS:!DSA:!ECDSA:!aNULL

Yet Another User
  • 121
  • 1
  • 4
  • 2
    There is no special cipher suite needed for HTTP/2 but your server but support the HTTP/2 protocol. See https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations for useful configuration examples regarding ciphers. – Steffen Ullrich Mar 20 '16 at 07:25
  • @SteffenUllrich Yes, but there's a giant blacklist that makes the *page not load* in compliant browsers. This has very minimal overlap with the pre-tls 1.2 suites. – Yet Another User Mar 20 '16 at 15:59
  • You need an overlap of a single cipher suite between client and server. It is not a problem if the server offers lots of (secure) cipher suites so that it can pick one which is offered by the client. The server can also support ciphers which are not offered by the client. Don't restrict yourself unnecessarily at the server side. – Steffen Ullrich Mar 20 '16 at 16:47
  • @SteffenUllrich I realised I misread the spec. It doesn't prohibit offering insecure ciphers... it just doesn't allow negotiation of one. So, basically, I need to find the least insecure one supported by clients. – Yet Another User Mar 20 '16 at 22:06
  • The way the TLS handshake works you don't need to find it because it will find itself if you just allow enough secure ciphers on the server side. – Steffen Ullrich Mar 21 '16 at 06:01
  • @SteffenUllrich ssl_prefer_server_ciphers says otherwise AFAIK. – Yet Another User Mar 21 '16 at 13:51

2 Answers2

1

Have a look to the list of suites (and the order) supported by https://www.shimmercat.com , I'm pretty sure the site works in Mac OX X and iOS. You can use qualys SSL tools to get the list.

dsign
  • 403
  • 2
  • 8
1

The most widely used and accepted cipher specification, or cipher suite set designed for HTTP/2 was originally provided by the industry leading CDN and web giant CloudFlare who posted the SSL cipher and protocol setup from their nginx conf:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;

From What-cipher-suites-does-CloudFlare-use-for-SSL I have seen this referenced in multiple locations as a good starting point, or a default set designed for HTTP/2 which is then tweaked to your servers/clients needs. Right away many may choose not to support TLS 1.0 any longer due to the BEAST attack vulnerability.

B Seven
  • 413
  • 5
  • 14
DIYGUY
  • 11
  • 1