openvpn -- enforce certain cipher choices on the server

1 files changed, 66 insertions, 1 deletions

diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 482c6ab7..6fc3a3c2 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -1,3 +1,57 @@
+#
+# Cipher discussion
+# ================================
+#
+# We want to specify explicit values for the crypto options to prevent a MiTM from forcing
+# a weaker cipher. These should be set in both the server and the client ('auth' and 'cipher'
+# MUST be the same on both ends or no data will get transmitted).
+#
+# tls-cipher DHE-RSA-AES128-SHA
+#
+#   dkg: For the TLS control channel, we want to make sure we choose a
+#   key exchange mechanism that has PFS (meaning probably some form of ephemeral
+#   Diffie-Hellman key exchange), and that uses a standard, well-tested cipher
+#   (I recommend AES, and 128 bits is probably fine, since there are some known
+#   weaknesses in the 192- and 256-bit key schedules). That leaves us with the
+#   choice of public key algorithms: /usr/sbin/openvpn --show-tls | grep DHE |
+#   grep AES128 | grep GCM.
+#
+#   elijah:
+#   I could not get any of these working:
+#     * openvpn --show-tls | grep GCM
+#     * openvpn --show-tls | grep DHE | grep AES128 | grep SHA256
+#   so, i went with this:
+#     * openvpn --show-tls | grep DHE | grep AES128 | grep -v SHA256 | grep -v GCM
+#   Also, i couldn't get any of the elliptical curve algorithms to work. Not sure how
+#   our cert generation interacts with the tls-cipher algorithms.
+#
+#   note: in my tests, DHE-RSA-AES256-SHA is the one it negotiates if no value is set.
+#
+# auth SHA1
+#
+#   dkg: For HMAC digest to authenticate packets, we just want SHA256. OpenVPN lists
+#   a number of “digest” with names like “RSA-SHA256”, but this are legacy and
+#   should be avoided.
+#
+#   elijah: i am not so sure that the digest algo matters for 'auth' option, because
+#   i think an attacker would have to forge the digest in real time, which is still far from
+#   a possibility for SHA1. So, i am leaving the default for now (SHA1).
+#
+# cipher AES-128-CBC
+#
+#   dkg: For the choice of cipher, we need to select an algorithm and a
+#   cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm — but
+#   our control channel is already relying on AES not being broken; if the
+#   control channel is cracked, then the key material for the tunnel is exposed,
+#   and the choice of algorithm is moot. So it makes more sense to me to rely on
+#   the same cipher here: AES128. As for the cipher mode, OFB seems cleaner to
+#   me, but CBC is more well-tested, and the OpenVPN man page (at least as of
+#   version 2.2.1) says “CBC is recommended and CFB and OFB should be considered
+#   advanced modes.”
+#
+#   note: the default is BF-CBC (blowfish)
+#
+
 define site_openvpn::server_config ($port, $proto, $local, $server, $push, $management ) {
 
   $openvpn_configname = $name
@@ -29,7 +83,18 @@ define site_openvpn::server_config ($port, $proto, $local, $server, $push, $mana
         key     => 'dh',
         value   => '/etc/openvpn/keys/dh.pem',
         server  => $openvpn_configname;
-
+    "tls-cipher $openvpn_configname":
+        key     => 'tls-cipher',
+        value   => 'DHE-RSA-AES128-SHA',
+        server  => $openvpn_configname;
+    "auth $openvpn_configname":
+        key     => 'auth',
+        value   => 'SHA1',
+        server  => $openvpn_configname;
+    "cipher $openvpn_configname":
+        key     => 'cipher',
+        value   => 'AES-128-CBC',
+        server  => $openvpn_configname;
     "dev $openvpn_configname":
         key    => 'dev',
         value  => 'tun',