Using TLS 1.3 with Phoenix

TLS 1.3 has been out for a little over a year now, but it has been unavailable in Phoenix due to erlang’s handling of ssl. With the most recent version of erlang released (22.2.3) these issues should now be solved. I’ve spent a bit of time going down the rabbit hole of getting our servers to run the protocol so our end users can get better performance and security. If you’d like to upgrade follow the directions below and let me know in the comments if you run into any issues.

YOU MUST BE RUNNING ERLANG 22.2.3 OR THIS WILL NOT WORK

Within your endpoint configuration copy/paste the following code within the :https keyword

   https: [
     ...
      honor_cipher_order: true,
      ciphers: [
        'TLS_AES_128_GCM_SHA256',
        'TLS_AES_256_GCM_SHA384',
        'TLS_CHACHA20_POLY1305_SHA256',
        'ECDHE-ECDSA-AES128-GCM-SHA256',
        'ECDHE-RSA-AES128-GCM-SHA256',
        'ECDHE-ECDSA-AES256-GCM-SHA384',
        'ECDHE-RSA-AES256-GCM-SHA384',
        'ECDHE-ECDSA-CHACHA20-POLY1305',
        'ECDHE-RSA-CHACHA20-POLY1305',
        'DHE-RSA-AES128-GCM-SHA256',
        'DHE-RSA-AES256-GCM-SHA384'
      ],
      eccs: [
        :x25519,
        :secp256r1,
        :secp384r1
      ],
      secure_renegotiate: true,
      reuse_sessions: true,
      versions: [:"tlsv1.3", :"tlsv1.2"],
      ...
    ]

Cipher and eccs are based off of the work done in OWASP Cipher String Cheat
Sheet
and Mozilla’s Server Side TLS v5.3. This should give you compatibility with almost all modern devices and should lead to an A+ rating in SSL Labs and Immuniweb

Let me know if you have any questions or run into any problems if you use this config for your project.

23 Likes

WARNING

It looks like there are errors if you make a connection using secure websockets. I’m uncertain if this is within phoenix, or erlang but the configuration above shouldn’t have to change for things to work out of the box. I’m going to dig into the errors and will report back in this thread if/when there is news on a fix.

4 Likes

I’m watching this thread with anticipation. ^.^

Thanks for your work on this!

1 Like

Has anyone managed to make a HTTPoison call using TLS1.3 (over nginx)? And using X25519 generated certs?

Ok, so after a few months of waiting and filing bug reports it looks like everything works when using erlang 23.0.0 or greater.

1 Like

Are we likely to see a TLS 1.3 enabled cipher suite soon, or shall one simply copy/paste the settings above?

I can reopen a pull request to plug, but I’m not sure when it will be merged since we require the use of erlang 23.0.0 or greater. To get this working today you would need to copy/paste the above code.

1 Like

Thanks for the response. FYI, with Elrang 23.0.2 and the latest Elixir/Phoenix packages on Debian Stretch I am getting:

Failed to start Ranch listener PrjWeb.Endpoint.HTTPS in :ranch_ssl:listen([cacerts: :…, key: :…, cert: :…, alpn_preferred_protocols: [“h2”, “http/1.1”], next_protocols_advertised: [“h2”, “http/1.1”], dhfile: ‘/home/[…]’, cacertfile: ‘/etc/[…]’, certfile: ‘/etc/[…]’, keyfile: ‘/etc/[…]’, port: 8443, ciphers: […], eccs: [:x25519, :secp256r1, :secp384r1], honor_cipher_order: true, reuse_sessions: true, secure_renegotiate: true, versions: [:“tlsv1.3”, :“tlsv1.2”]]) for reason {:options, {:insufficient_crypto_support, {:“tlsv1.3”, {:versions, [:“tlsv1.3”, :“tlsv1.2”]}}}}

Oh well, I suppose TLS 1.3 can wait a bit longer.

What version of ranch are you using?

I am not using ranch directly, mix deps.tree prints:

|-- plug_cowboy ~> 2.1 (Hex package)
| |-- cowboy ~> 2.7 (Hex package)
| | |-- cowlib ~> 2.9.1 (Hex package)
| | `-- ranch ~> 1.7.1 (Hex package)

Update to cowboy 2.8

This error is coming from Erlang/OTP’s ssl application, not from Ranch or Cowboy. It means OTP was compiled against an OpenSSL version that does not support the necessary primitives to enable TLS 1.3. It seems OTP won’t enable TLS1.3 unless Chacha20-Poly1305 and Curve25519 are both available (even though strictly speaking both are SHOULD requirements in the RFC, not MUST).

1 Like

Adding {:cowboy, “~> 2.8”, override: true} to mix.exs does not seem to make a difference. From my trials, the above settings only work when :“tlsv1.3” is removed from the versions list.