http/tls: update to new mozilla recommendations

This updates to the Mozilla page (https://wiki.mozilla.org/Security/Server_Side_TLS) v5.7

Author: daurnimator

http/tls.lua

@@ -19,91 +19,52 @@ end
 
 -- "Modern" cipher list
 local modern_cipher_list = cipher_list {
-	"ECDHE-ECDSA-AES256-GCM-SHA384";
-	"ECDHE-RSA-AES256-GCM-SHA384";
-	"ECDHE-ECDSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-CHACHA20-POLY1305";
-	"ECDHE-ECDSA-AES128-GCM-SHA256";
-	"ECDHE-RSA-AES128-GCM-SHA256";
-	"ECDHE-ECDSA-AES256-SHA384";
-	"ECDHE-RSA-AES256-SHA384";
-	"ECDHE-ECDSA-AES128-SHA256";
-	"ECDHE-RSA-AES128-SHA256";
+	"TLS_AES_128_GCM_SHA256";
+	"TLS_AES_256_GCM_SHA384";
+	"TLS_CHACHA20_POLY1305_SHA256";
 }
 
 -- "Intermediate" cipher list
 local intermediate_cipher_list = cipher_list {
-	"ECDHE-ECDSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-CHACHA20-POLY1305";
 	"ECDHE-ECDSA-AES128-GCM-SHA256";
 	"ECDHE-RSA-AES128-GCM-SHA256";
 	"ECDHE-ECDSA-AES256-GCM-SHA384";
 	"ECDHE-RSA-AES256-GCM-SHA384";
+	"ECDHE-ECDSA-CHACHA20-POLY1305";
+	"ECDHE-RSA-CHACHA20-POLY1305";
 	"DHE-RSA-AES128-GCM-SHA256";
 	"DHE-RSA-AES256-GCM-SHA384";
-	"ECDHE-ECDSA-AES128-SHA256";
-	"ECDHE-RSA-AES128-SHA256";
-	"ECDHE-ECDSA-AES128-SHA";
-	"ECDHE-RSA-AES256-SHA384";
-	"ECDHE-RSA-AES128-SHA";
-	"ECDHE-ECDSA-AES256-SHA384";
-	"ECDHE-ECDSA-AES256-SHA";
-	"ECDHE-RSA-AES256-SHA";
-	"DHE-RSA-AES128-SHA256";
-	"DHE-RSA-AES128-SHA";
-	"DHE-RSA-AES256-SHA256";
-	"DHE-RSA-AES256-SHA";
-	"ECDHE-ECDSA-DES-CBC3-SHA";
-	"ECDHE-RSA-DES-CBC3-SHA";
-	"EDH-RSA-DES-CBC3-SHA";
-	"AES128-GCM-SHA256";
-	"AES256-GCM-SHA384";
-	"AES128-SHA256";
-	"AES256-SHA256";
-	"AES128-SHA";
-	"AES256-SHA";
-	"DES-CBC3-SHA";
-	"!DSS";
+	"DHE-RSA-CHACHA20-POLY1305";
 }
 
 -- "Old" cipher list
 local old_cipher_list = cipher_list {
-	"ECDHE-ECDSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-CHACHA20-POLY1305";
-	"ECDHE-RSA-AES128-GCM-SHA256";
 	"ECDHE-ECDSA-AES128-GCM-SHA256";
-	"ECDHE-RSA-AES256-GCM-SHA384";
+	"ECDHE-RSA-AES128-GCM-SHA256";
 	"ECDHE-ECDSA-AES256-GCM-SHA384";
+	"ECDHE-RSA-AES256-GCM-SHA384";
+	"ECDHE-ECDSA-CHACHA20-POLY1305";
+	"ECDHE-RSA-CHACHA20-POLY1305";
 	"DHE-RSA-AES128-GCM-SHA256";
-	"DHE-DSS-AES128-GCM-SHA256";
-	"kEDH+AESGCM";
-	"ECDHE-RSA-AES128-SHA256";
+	"DHE-RSA-AES256-GCM-SHA384";
+	"DHE-RSA-CHACHA20-POLY1305";
 	"ECDHE-ECDSA-AES128-SHA256";
-	"ECDHE-RSA-AES128-SHA";
+	"ECDHE-RSA-AES128-SHA256";
 	"ECDHE-ECDSA-AES128-SHA";
-	"ECDHE-RSA-AES256-SHA384";
+	"ECDHE-RSA-AES128-SHA";
 	"ECDHE-ECDSA-AES256-SHA384";
-	"ECDHE-RSA-AES256-SHA";
+	"ECDHE-RSA-AES256-SHA384";
 	"ECDHE-ECDSA-AES256-SHA";
+	"ECDHE-RSA-AES256-SHA";
 	"DHE-RSA-AES128-SHA256";
-	"DHE-RSA-AES128-SHA";
-	"DHE-DSS-AES128-SHA256";
 	"DHE-RSA-AES256-SHA256";
-	"DHE-DSS-AES256-SHA";
-	"DHE-RSA-AES256-SHA";
-	"ECDHE-RSA-DES-CBC3-SHA";
-	"ECDHE-ECDSA-DES-CBC3-SHA";
-	"EDH-RSA-DES-CBC3-SHA";
 	"AES128-GCM-SHA256";
 	"AES256-GCM-SHA384";
 	"AES128-SHA256";
 	"AES256-SHA256";
 	"AES128-SHA";
 	"AES256-SHA";
-	"AES";
 	"DES-CBC3-SHA";
-	"HIGH";
-	"SEED";
 	"!aNULL";
 	"!eNULL";
 	"!EXPORT";
@@ -458,6 +419,15 @@ local spec_to_openssl = {
 	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   = "ECDHE-PSK-CHACHA20-POLY1305";
 	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     = "DHE-PSK-CHACHA20-POLY1305";
 	TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     = "RSA-PSK-CHACHA20-POLY1305";
+
+
+	-- TLS v1.3 cipher suites
+
+	TLS_AES_128_GCM_SHA256       = "TLS_AES_128_GCM_SHA256";
+	TLS_AES_256_GCM_SHA384       = "TLS_AES_256_GCM_SHA384";
+	TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
+	TLS_AES_128_CCM_SHA256       = "TLS_AES_128_CCM_SHA256";
+	TLS_AES_128_CCM_8_SHA256     = "TLS_AES_128_CCM_8_SHA256";
 }
 
 -- Banned ciphers from https://http2.github.io/http2-spec/#BadCipherSuites
@@ -750,13 +720,17 @@ local default_tls_options = openssl_ctx.OP_NO_COMPRESSION
 	+ openssl_ctx.OP_SINGLE_ECDH_USE
 	+ openssl_ctx.OP_NO_SSLv2
 	+ openssl_ctx.OP_NO_SSLv3
+	+ openssl_ctx.OP_NO_SSLv3
+	+ openssl_ctx.OP_NO_TLSv1
+	+ openssl_ctx.OP_NO_TLSv1_1
+	+ openssl_ctx.OP_NO_TICKET
 
 local function new_client_context()
 	local ctx = openssl_ctx.new("TLS", false)
 	ctx:setCipherList(intermediate_cipher_list)
 	ctx:setOptions(default_tls_options)
 	if ctx.setGroups then
-		ctx:setGroups("P-521:P-384:P-256")
+		ctx:setGroups("P-521:P-384:P-256:X25519")
 	else
 		ctx:setEphemeralKey(openssl_pkey.new{ type = "EC", curve = "prime256v1" })
 	end
@@ -771,7 +745,7 @@ local function new_server_context()
 	ctx:setCipherList(intermediate_cipher_list)
 	ctx:setOptions(default_tls_options)
 	if ctx.setGroups then
-		ctx:setGroups("P-521:P-384:P-256")
+		ctx:setGroups("P-521:P-384:P-256:X25519")
 	else
 		ctx:setEphemeralKey(openssl_pkey.new{ type = "EC", curve = "prime256v1" })
 	end