caddytls: Update cipher suite names and curve names

Now using IANA-compliant names and Go 1.14's CipherSuites() function so
we don't have to maintain our own mapping of currently-secure cipher
suites.

caddyconfig/httpcaddyfile/builtins.go

@@ -166,7 +166,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 
 			case "ciphers":
 				for h.NextArg() {
-					if _, ok := caddytls.SupportedCipherSuites[h.Val()]; !ok {
+					if !caddytls.CipherSuiteNameSupported(h.Val()) {
 						return nil, h.Errf("Wrong cipher suite name or cipher suite not supported: '%s'", h.Val())
 					}
 					cp.CipherSuites = append(cp.CipherSuites, h.Val())

modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go

@@ -274,9 +274,9 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) {
 			env["SSL_PROTOCOL"] = v
 		}
 		// and pass the cipher suite in a manner compatible with apache's mod_ssl
-		for k, v := range caddytls.SupportedCipherSuites {
+		for _, cs := range caddytls.SupportedCipherSuites() {
-			if v == r.TLS.CipherSuite {
+			if cs.ID == r.TLS.CipherSuite {
-				env["SSL_CIPHER"] = k
+				env["SSL_CIPHER"] = cs.Name
 				break
 			}
 		}

modules/caddytls/connpolicy.go

@@ -214,7 +214,10 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
 	// add all the cipher suites in order, without duplicates
 	cipherSuitesAdded := make(map[uint16]struct{})
 	for _, csName := range p.CipherSuites {
-		csID := SupportedCipherSuites[csName]
+		csID := CipherSuiteID(csName)
+		if csID == 0 {
+			return fmt.Errorf("unsupported cipher suite: %s", csName)
+		}
 		if _, ok := cipherSuitesAdded[csID]; !ok {
 			cipherSuitesAdded[csID] = struct{}{}
 			cfg.CipherSuites = append(cfg.CipherSuites, csID)

modules/caddytls/values.go

@@ -23,35 +23,27 @@ import (
 	"github.com/klauspost/cpuid"
 )
 
-// SupportedCipherSuites is the unordered map of cipher suite
+// CipherSuiteNameSupported returns true if name is
-// string names to their definition in crypto/tls. All values
+// a supported cipher suite.
-// should be IANA-reserved names. See
+func CipherSuiteNameSupported(name string) bool {
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
+	return CipherSuiteID(name) != 0
-// Two of the cipher suite constants in the standard lib do not use the
+}
-// full IANA name, but we do; see:
+
-// https://github.com/golang/go/issues/32061 and
+// CipherSuiteID returns the ID of the cipher suite associated with
-// https://github.com/golang/go/issues/30325#issuecomment-512862374.
+// the given name, or 0 if the name is not recognized/supported.
-// TODO: might not be needed much longer: https://github.com/golang/go/issues/30325
+func CipherSuiteID(name string) uint16 {
-var SupportedCipherSuites = map[string]uint16{
+	for _, cs := range SupportedCipherSuites() {
-	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		if cs.Name == name {
-	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			return cs.ID
-	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		}
-	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	}
-	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+	return 0
-	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+}
-	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+
-	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+// SupportedCipherSuites returns a list of all the cipher suites
-	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+// Caddy supports. The list is NOT ordered by security preference.
-	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+func SupportedCipherSuites() []*tls.CipherSuite {
-	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+	return tls.CipherSuites()
-	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	"TLS_RSA_WITH_AES_128_GCM_SHA256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-	"TLS_RSA_WITH_AES_256_GCM_SHA384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-	"TLS_RSA_WITH_AES_256_CBC_SHA":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-	"TLS_RSA_WITH_AES_128_CBC_SHA256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-	"TLS_RSA_WITH_AES_128_CBC_SHA":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-	"TLS_RSA_WITH_3DES_EDE_CBC_SHA":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
 }
 
 // defaultCipherSuites is the ordered list of all the cipher
@@ -92,12 +84,10 @@ func getOptimalDefaultCipherSuites() []uint16 {
 // SupportedCurves is the unordered map of supported curves.
 // https://golang.org/pkg/crypto/tls/#CurveID
 var SupportedCurves = map[string]tls.CurveID{
-	// TODO: Use IANA names, probably? see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+	"x25519":    tls.X25519,
-	// All named crypto/elliptic curves have secpXXXr1 IANA names.
+	"secp256r1": tls.CurveP256,
-	"x25519": tls.X25519,    // x25519, 29
+	"secp384r1": tls.CurveP384,
-	"p256":   tls.CurveP256, // secp256r1, 23
+	"secp521r1": tls.CurveP521,
-	"p384":   tls.CurveP384, // secp384r1, 24
-	"p521":   tls.CurveP521, // secp521r1, 25
 }
 
 // supportedCertKeyTypes is all the key types that are supported