From 6716183a6894ddeeb789aaaccd97fc7b5ef8e642 Mon Sep 17 00:00:00 2001
From: daurnimator <quae@daurnimator.com>
Date: Mon, 28 Aug 2023 21:30:21 +1000
Subject: [PATCH] http/tls: update to new mozilla recommendations

This updates to the Mozilla page (https://wiki.mozilla.org/Security/Server_Side_TLS) v5.7
---
 http/tls.lua | 86 ++++++++++++++++++----------------------------------
 1 file changed, 30 insertions(+), 56 deletions(-)

diff --git a/http/tls.lua b/http/tls.lua
index 9d8fceb2..2c1700c9 100644
--- a/http/tls.lua
+++ b/http/tls.lua
@@ -19,91 +19,52 @@ end
 
 -- "Modern" cipher list
 local modern_cipher_list = cipher_list {
-	"ECDHE-ECDSA-AES256-GCM-SHA384";
-	"ECDHE-RSA-AES256-GCM-SHA384";
-	"ECDHE-ECDSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-CHACHA20-POLY1305";
-	"ECDHE-ECDSA-AES128-GCM-SHA256";
-	"ECDHE-RSA-AES128-GCM-SHA256";
-	"ECDHE-ECDSA-AES256-SHA384";
-	"ECDHE-RSA-AES256-SHA384";
-	"ECDHE-ECDSA-AES128-SHA256";
-	"ECDHE-RSA-AES128-SHA256";
+	"TLS_AES_128_GCM_SHA256";
+	"TLS_AES_256_GCM_SHA384";
+	"TLS_CHACHA20_POLY1305_SHA256";
 }
 
 -- "Intermediate" cipher list
 local intermediate_cipher_list = cipher_list {
-	"ECDHE-ECDSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-CHACHA20-POLY1305";
 	"ECDHE-ECDSA-AES128-GCM-SHA256";
 	"ECDHE-RSA-AES128-GCM-SHA256";
 	"ECDHE-ECDSA-AES256-GCM-SHA384";
 	"ECDHE-RSA-AES256-GCM-SHA384";
+	"ECDHE-ECDSA-CHACHA20-POLY1305";
+	"ECDHE-RSA-CHACHA20-POLY1305";
 	"DHE-RSA-AES128-GCM-SHA256";
 	"DHE-RSA-AES256-GCM-SHA384";
-	"ECDHE-ECDSA-AES128-SHA256";
-	"ECDHE-RSA-AES128-SHA256";
-	"ECDHE-ECDSA-AES128-SHA";
-	"ECDHE-RSA-AES256-SHA384";
-	"ECDHE-RSA-AES128-SHA";
-	"ECDHE-ECDSA-AES256-SHA384";
-	"ECDHE-ECDSA-AES256-SHA";
-	"ECDHE-RSA-AES256-SHA";
-	"DHE-RSA-AES128-SHA256";
-	"DHE-RSA-AES128-SHA";
-	"DHE-RSA-AES256-SHA256";
-	"DHE-RSA-AES256-SHA";
-	"ECDHE-ECDSA-DES-CBC3-SHA";
-	"ECDHE-RSA-DES-CBC3-SHA";
-	"EDH-RSA-DES-CBC3-SHA";
-	"AES128-GCM-SHA256";
-	"AES256-GCM-SHA384";
-	"AES128-SHA256";
-	"AES256-SHA256";
-	"AES128-SHA";
-	"AES256-SHA";
-	"DES-CBC3-SHA";
-	"!DSS";
+	"DHE-RSA-CHACHA20-POLY1305";
 }
 
 -- "Old" cipher list
 local old_cipher_list = cipher_list {
-	"ECDHE-ECDSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-AES128-GCM-SHA256";
 	"ECDHE-ECDSA-AES128-GCM-SHA256";
-	"ECDHE-RSA-AES256-GCM-SHA384";
+	"ECDHE-RSA-AES128-GCM-SHA256";
 	"ECDHE-ECDSA-AES256-GCM-SHA384";
+	"ECDHE-RSA-AES256-GCM-SHA384";
+	"ECDHE-ECDSA-CHACHA20-POLY1305";
+	"ECDHE-RSA-CHACHA20-POLY1305";
 	"DHE-RSA-AES128-GCM-SHA256";
-	"DHE-DSS-AES128-GCM-SHA256";
-	"kEDH+AESGCM";
-	"ECDHE-RSA-AES128-SHA256";
+	"DHE-RSA-AES256-GCM-SHA384";
+	"DHE-RSA-CHACHA20-POLY1305";
 	"ECDHE-ECDSA-AES128-SHA256";
-	"ECDHE-RSA-AES128-SHA";
+	"ECDHE-RSA-AES128-SHA256";
 	"ECDHE-ECDSA-AES128-SHA";
-	"ECDHE-RSA-AES256-SHA384";
+	"ECDHE-RSA-AES128-SHA";
 	"ECDHE-ECDSA-AES256-SHA384";
-	"ECDHE-RSA-AES256-SHA";
+	"ECDHE-RSA-AES256-SHA384";
 	"ECDHE-ECDSA-AES256-SHA";
+	"ECDHE-RSA-AES256-SHA";
 	"DHE-RSA-AES128-SHA256";
-	"DHE-RSA-AES128-SHA";
-	"DHE-DSS-AES128-SHA256";
 	"DHE-RSA-AES256-SHA256";
-	"DHE-DSS-AES256-SHA";
-	"DHE-RSA-AES256-SHA";
-	"ECDHE-RSA-DES-CBC3-SHA";
-	"ECDHE-ECDSA-DES-CBC3-SHA";
-	"EDH-RSA-DES-CBC3-SHA";
 	"AES128-GCM-SHA256";
 	"AES256-GCM-SHA384";
 	"AES128-SHA256";
 	"AES256-SHA256";
 	"AES128-SHA";
 	"AES256-SHA";
-	"AES";
 	"DES-CBC3-SHA";
-	"HIGH";
-	"SEED";
 	"!aNULL";
 	"!eNULL";
 	"!EXPORT";
@@ -458,6 +419,15 @@ local spec_to_openssl = {
 	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   = "ECDHE-PSK-CHACHA20-POLY1305";
 	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     = "DHE-PSK-CHACHA20-POLY1305";
 	TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     = "RSA-PSK-CHACHA20-POLY1305";
+
+
+	-- TLS v1.3 cipher suites
+
+	TLS_AES_128_GCM_SHA256       = "TLS_AES_128_GCM_SHA256";
+	TLS_AES_256_GCM_SHA384       = "TLS_AES_256_GCM_SHA384";
+	TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
+	TLS_AES_128_CCM_SHA256       = "TLS_AES_128_CCM_SHA256";
+	TLS_AES_128_CCM_8_SHA256     = "TLS_AES_128_CCM_8_SHA256";
 }
 
 -- Banned ciphers from https://http2.github.io/http2-spec/#BadCipherSuites
@@ -750,13 +720,17 @@ local default_tls_options = openssl_ctx.OP_NO_COMPRESSION
 	+ openssl_ctx.OP_SINGLE_ECDH_USE
 	+ openssl_ctx.OP_NO_SSLv2
 	+ openssl_ctx.OP_NO_SSLv3
+	+ openssl_ctx.OP_NO_SSLv3
+	+ openssl_ctx.OP_NO_TLSv1
+	+ openssl_ctx.OP_NO_TLSv1_1
+	+ openssl_ctx.OP_NO_TICKET
 
 local function new_client_context()
 	local ctx = openssl_ctx.new("TLS", false)
 	ctx:setCipherList(intermediate_cipher_list)
 	ctx:setOptions(default_tls_options)
 	if ctx.setGroups then
-		ctx:setGroups("P-521:P-384:P-256")
+		ctx:setGroups("P-521:P-384:P-256:X25519")
 	else
 		ctx:setEphemeralKey(openssl_pkey.new{ type = "EC", curve = "prime256v1" })
 	end