tlsconfig: align client and server defaults, remove weak CBC ciphers

thaJeztah · thaJeztah · commit 9022a5438d2f · 2025-05-13T17:00:07.000+02:00
These ciphers were split between server and client in [docker/go-connections@9b43f5a] (Docker v1.8.0, Jun 11, 2015); > removing the CBC ciphers from the client preferred TLS cipher suites. > This will allow a future version of the server to also remove the CBC > ciphers from the accepted list. > > This changes the server default to client + additional CBC cipher list, > and client default to the non-CBC ciphers. That change allowed phasing out the use of these ciphers in the client, but (for backward-compatibility with older clients) the daemon to still accept old ones. Given that no current client versions should still be using these, we should be able to remove them from the list of ciphers that are supported by the daemon. Now that client and server are the same, we can also use a single implementation for both. [docker/go-connections@9b43f5a]: moby/moby@9b43f5a Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/tlsconfig/config.go b/tlsconfig/config.go
@@ -36,40 +36,33 @@ type Options struct {
 	MinVersion         uint16
 }
 
-// Extra (server-side) accepted CBC cipher suites - will phase out in the future
-var acceptedCBCCiphers = []uint16{
-	tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-}
-
 // DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls
 // options struct but wants to use a commonly accepted set of TLS cipher suites, with
 // known weak algorithms removed.
-var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
+var DefaultServerAcceptedCiphers = defaultCipherSuites
+
+var defaultCipherSuites = []uint16{
+	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+}
 
 // ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.
 func ServerDefault(ops ...func(*tls.Config)) *tls.Config {
-	tlsConfig := &tls.Config{
-		// Avoid fallback by default to SSL protocols < TLS1.2
-		MinVersion:   tls.VersionTLS12,
-		CipherSuites: DefaultServerAcceptedCiphers,
-	}
-
-	for _, op := range ops {
-		op(tlsConfig)
-	}
-
-	return tlsConfig
+	return defaultConfig(ops...)
 }
 
 // ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.
 func ClientDefault(ops ...func(*tls.Config)) *tls.Config {
+	return defaultConfig(ops...)
+}
+
+func defaultConfig(ops ...func(*tls.Config)) *tls.Config {
 	tlsConfig := &tls.Config{
-		// Prefer TLS1.2 as the client minimum
+		// Avoid fallback by default to SSL protocols < TLS1.2
 		MinVersion:   tls.VersionTLS12,
-		CipherSuites: clientCipherSuites,
+		CipherSuites: defaultCipherSuites,
 	}
 
 	for _, op := range ops {
@@ -199,7 +192,7 @@ func getCert(options Options) ([]tls.Certificate, error) {
 
 // Client returns a TLS configuration meant to be used by a client.
 func Client(options Options) (*tls.Config, error) {
-	tlsConfig := ClientDefault()
+	tlsConfig := defaultConfig()
 	tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
 	if !options.InsecureSkipVerify && options.CAFile != "" {
 		CAs, err := certPool(options.CAFile, options.ExclusiveRootPools)
@@ -224,7 +217,7 @@ func Client(options Options) (*tls.Config, error) {
 
 // Server returns a TLS configuration meant to be used by a server.
 func Server(options Options) (*tls.Config, error) {
-	tlsConfig := ServerDefault()
+	tlsConfig := defaultConfig()
 	tlsConfig.ClientAuth = options.ClientAuth
 	tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
 	if err != nil {
diff --git a/tlsconfig/config_client_ciphers.go b/tlsconfig/config_client_ciphers.go
diff --git a/tlsconfig/config_test.go b/tlsconfig/config_test.go
@@ -395,7 +395,7 @@ func TestConfigClientTLSNoVerify(t *testing.T) {
 		t.Fatal("Should not have set Root CAs", err)
 	}
 
-	if !reflect.DeepEqual(tlsConfig.CipherSuites, clientCipherSuites) {
+	if !reflect.DeepEqual(tlsConfig.CipherSuites, defaultCipherSuites) {
 		t.Fatal("Unexpected client cipher suites")
 	}
 	if tlsConfig.MinVersion != tls.VersionTLS12 {
@@ -420,7 +420,7 @@ func TestConfigClientTLSNoRoot(t *testing.T) {
 		t.Fatal("Should not have set Root CAs", err)
 	}
 
-	if !reflect.DeepEqual(tlsConfig.CipherSuites, clientCipherSuites) {
+	if !reflect.DeepEqual(tlsConfig.CipherSuites, defaultCipherSuites) {
 		t.Fatal("Unexpected client cipher suites")
 	}
 	if tlsConfig.MinVersion != tls.VersionTLS12 {

Original file line number	Diff line number	Diff line change
`@@ -395,7 +395,7 @@ func TestConfigClientTLSNoVerify(t *testing.T) {`
`395`	`395`	`t.Fatal("Should not have set Root CAs", err)`
`396`	`396`	`}`
`397`	`397`
`398`		`- if !reflect.DeepEqual(tlsConfig.CipherSuites, clientCipherSuites) {`
	`398`	`+ if !reflect.DeepEqual(tlsConfig.CipherSuites, defaultCipherSuites) {`
`399`	`399`	`t.Fatal("Unexpected client cipher suites")`
`400`	`400`	`}`
`401`	`401`	`if tlsConfig.MinVersion != tls.VersionTLS12 {`
`@@ -420,7 +420,7 @@ func TestConfigClientTLSNoRoot(t *testing.T) {`
`420`	`420`	`t.Fatal("Should not have set Root CAs", err)`
`421`	`421`	`}`
`422`	`422`
`423`		`- if !reflect.DeepEqual(tlsConfig.CipherSuites, clientCipherSuites) {`
	`423`	`+ if !reflect.DeepEqual(tlsConfig.CipherSuites, defaultCipherSuites) {`
`424`	`424`	`t.Fatal("Unexpected client cipher suites")`
`425`	`425`	`}`
`426`	`426`	`if tlsConfig.MinVersion != tls.VersionTLS12 {`