WL#12524: TLS for HTTP Component
Authentication Methods like Basic and Bearer need an encrypted connection to not expose the security tokens.
- TLSv1.2 and later are currently considered secure, all older versions are either broken (SSLv3 ...) and considered weak.
- Perfect Forward Security is required
- Provide TLS support for the HTTP Component
- Allow to specify the Certificates at configuration time
- Pre-TLSv1.2 connections MUST fail with TLS errors.
- Unacceptable cipher MUST NOT be allowed to be negotiated between HTTPS client and HTTPS server.
- Ciphers that allow Perfect Forward Security MUST be enabled by default.
- User MUST be able to replace DH params.
- TLS compression MUST be disabled.
- RSA keys shorter than 2048 bit MUST be denied.
- DH keys shorter than 1024 bit MUST be denied.
- TLS support MUST be configurable per port
SSLv3, TLSv1.0 and TLSv1.1
Connections from TLS clients not supporting TLSv1.2 and later MUST fail as those protocols are weak or broken.
TLSv1.2 and later are currently considered secure.
Connections from clients supporting TLSv1.3 and TLSv1.2 will negotiate TLSv1.2.
If support for TLSv1.3 is available (if linked against openssl 1.1.1 and later) clients supporting TLSv1.3 and TLSv1.2 should negotiate TLSv1.3.
If the configuration doesn't overwrite the cipher list, a known good list of ciphers is used:
// TLSv1.2 with PFS using SHA2, encrypted by AES in GCM or CBC mode "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256" // TLSv1.2+ with PFS using SHA2, encrypted by AES in GCM or CBC mode // TLSv1.3 "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_CCM_SHA256", "TLS_AES_128_CCM_8_SHA256", // TLSv1.2 "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-DSS-AES128-GCM-SHA256", "DHE-RSA-AES128-SHA256", "DHE-DSS-AES128-SHA256", "DHE-DSS-AES256-GCM-SHA384", "DHE-RSA-AES256-SHA256", "DHE-DSS-AES256-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305" // TLSv1.2+ with DH, ECDH, RSA using SHA2 // encrypted by AES in GCM or CBC mode "DH-DSS-AES128-GCM-SHA256", "ECDH-ECDSA-AES128-GCM-SHA256", "DH-DSS-AES256-GCM-SHA384", "ECDH-ECDSA-AES256-GCM-SHA384", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "DH-DSS-AES128-SHA256", "ECDH-ECDSA-AES128-SHA256", "AES256-SHA256", "DH-DSS-AES256-SHA256", "ECDH-ECDSA-AES256-SHA384", "DH-RSA-AES128-GCM-SHA256", "ECDH-RSA-AES128-GCM-SHA256", "DH-RSA-AES256-GCM-SHA384", "ECDH-RSA-AES256-GCM-SHA384", "DH-RSA-AES128-SHA256", "ECDH-RSA-AES128-SHA256", "DH-RSA-AES256-SHA256", "ECDH-RSA-AES256-SHA384",
If the user overwrites the cipher list with
ssl_cipher any unacceptable ciphers are filtered out (if linked against openssl):
Ciphers with PFS
Ciphers with PFS require DH params being setup. Either by providing good defaults or by letting the user specify them at startup.
If ssh_dh_params is not set, and the application is linked against openssl 1.1.0-and-later the "2048-bit MODP Group with 256-bit Prime Order Subgroup" from IETF RFC 5114 is used.
If link against an older version of openssl the same 2048-bit DH group that's used by the MySQL Server as default is used.
minimum key length
RSA keys less than 2048 are denied as too weak.
Not support due to possible attacks vectors.
[http_server] port=8443 ssl=1 ssl_cert=cert.pem ssl_key=key.pem # ssl_cipher=... # ssl_dh_param=...
- ssl <0|1>
- 0 == SSL disabled, 1 == SSL enabled
- filename of the cert and its chain-certificates in PEM-format, required if ssl=1
- filename of the key in PEM-format, required if ssl=1
- cipher-spec (see openssl's 'ciphers'). All Default: a long list of approved ciphers. Unknown ciphers are silently ignored. Failure if list of ciphers is empty and ssl=1.
- read DH parameter from filename in PEM format. Default: use dh-param from RFC 5114, if ssl=1
Use libevent bufferevent_ssl APIs.