security: update the TLS cipher suite list

Release note (security update): The list of allowed TLS v1.2 cipher suites has been extended to include tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. Note that CockroachDB recommends using TLS v1.3. TLS v1.2 is deprecated and its supported is likely to be removed in an upcoming version of CockroachDB.
cockroachdb · Apr 25, 2022 · c2f2866 · c2f2866
1 parent 6537583
commit c2f2866
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/pkg/security/tls.go b/pkg/security/tls.go
@@ -148,6 +148,9 @@ func newBaseTLSConfig(settings TLSSettings, caPEM []byte) (*tls.Config, error) {
 
 		VerifyPeerCertificate: makeOCSPVerifier(settings),
 
+		// CipherSuites is a list of enabled TLS 1.0–1.2 cipher suites. The order of
+		// the list is ignored. Note that TLS 1.3 ciphersuites are not configurable.
+		//
 		// This is Go's default list of cipher suites (as of go 1.8.3),
 		// with the following differences:
 		// - 3DES-based cipher suites have been removed. This cipher is
@@ -178,6 +181,8 @@ func newBaseTLSConfig(settings TLSSettings, caPEM []byte) (*tls.Config, error) {
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -186,6 +191,9 @@ func newBaseTLSConfig(settings TLSSettings, caPEM []byte) (*tls.Config, error) {
 			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			// NB: no need to add TLS 1.3 ciphers here. As per the
+			// documentation of CipherSuites, the TLS 1.3 ciphers are not
+			// configurable. Go's predefined list always applies.
 		},
 
 		MinVersion: tls.VersionTLS12,