I'm trying to get A+ 100% ssl labs ranking on my server. When I had Nginx I could set Diffie Hellman key in the config (ssl_dhparam).
Now I migrated to EnvoyProxy but I could not find a way to specify the Diffie Hellman Key.
Envoy uses BoringSSL not OpenSSL. I dig in the code of BoringSSL and it have references of Diffie Hellman, but envoy don't.
What you think ? Is envoy less secure that other reverse proxies ?
After further investigation, I found that BoringSSL does not implement chippers that uses the Diffie Hellman (DH), but that does not mean it is less secure or whatever.
I could not get 100% SSL rating because currently there are only a few chippers that are "secure" and they are not implemented on all old reference browsers, so, I have to deal with the true story.
All CBC-mode ciphers in TLS are vulnerable to the Lucky 13 attack, due to a flaw in the ordering between encryption and MAC. ECDHE-ECDSA-AES256-SHA384 and ECDHE-RSA-AES256-SHA384 (standard names are TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) switched HMAC-SHA-1 to HMAC-SHA-384, but SHA-1 was not the main problem with those ciphers.
The only strong cipher suites in TLS 1.2 are ECDHE paired with an AEAD bulk cipher (one based on AES-GCM or ChaCha20-Poly1305). Everything else is legacy and should be phased out over time.
Here is my config:
tls_params:
tls_maximum_protocol_version: TLSv1_3
tls_minimum_protocol_version: TLSv1_2
cipher_suites: [
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-SHA"
]
ecdh_curves: [
"P-256"
]
Where I keep ECDHE-RSA-AES256-SHA for compatibility purposes.