Added flag for user configurable cipher suites

[d-luu]

Configuration of list of cipher suites allows a user to disable use
of weak ciphers or continue to support them for legacy usage if they
so choose.

List of available cipher suites at:
https://golang.org/pkg/crypto/tls/#pkg-constants

Default cipher suites have been updated to:

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_AES_128_GCM_SHA256
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_256_GCM_SHA384

MinimumTLS has also been updated to include TLS 1.3 as an option
and now defaults to TLS 1.2 since 1.0 and 1.1 have been deprecated.

Also updated install-dev-tools to use recommended golangci-lint
install to fix CI pipeline.

Signed-off-by: David Luu david@davidluu.info

[d-luu]

regarding the golangci-lint installation method, they mention that go get isn't guaranteed to work:
https://golangci-lint.run/usage/install/#install-from-source

in regards to cipher suites:

before:

# for v in ssl2 ssl3 tls1 tls1_1 tls1_2; do
>  for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
>  openssl s_client -connect ${SERVER} \
>  -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c"
>  done
> done
tls1:	ECDHE-RSA-AES256-SHA
tls1:	AES256-SHA
tls1:	ECDHE-RSA-AES128-SHA
tls1:	AES128-SHA
tls1_1:	ECDHE-RSA-AES256-SHA
tls1_1:	AES256-SHA
tls1_1:	ECDHE-RSA-AES128-SHA
tls1_1:	AES128-SHA
tls1_2:	ECDHE-RSA-AES256-SHA
tls1_2:	AES256-SHA
tls1_2:	ECDHE-RSA-AES128-GCM-SHA256
tls1_2:	ECDHE-RSA-AES128-SHA
tls1_2:	AES128-SHA

after

# for v in ssl2 ssl3 tls1 tls1_1 tls1_2; do
>  for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
>  openssl s_client -connect ${SERVER} \
>  -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c"
>  done
> done
tls1_2:	ECDHE-RSA-AES256-GCM-SHA384
tls1_2:	ECDHE-RSA-AES128-GCM-SHA256

[huornlmj]

When is this going to go through? TLS 1.0 in this day is wrong.

[gaby]

Any plans to merge this? This is way overdue.

[milosgajdos]

@d-luu can you rebase, please? Thanks.

[d-luu]

let me verify something before merging

[d-luu]

@milosgajdos
I was checking to see if by using the registry docker image we can set the cipher suite via the indexed environment variable REGISTRY_HTTL_TLS_CIPHERSUITES_0=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 rather than REGISTRY_HTTL_TLS_CIPHERSUITES=' - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 but it doesn't look to be the case. The former doesn't work, the latter does.

I recall awhile back being able to pass ClientCAs via the list index _0 env var and I don't see anything that stands out at the moment that would cause it to be treated differently: https://github.com/distribution/distribution/blob/main/configuration/parser.go

[milosgajdos]

Thanks for the awesome work on this, @d-luu

I'm planning on setting this up locally over this weekend and having a proper look.

[milosgajdos]

I made a small style suggestion, but this PR looks nice. Thanks for putting it together.

[waynr]

All I've got are nits, otherwise 🙈

[waynr]

I was initially a little confused since for these last two 1.0 - 1.2 cipher suites the string name doesn't match the constant name. I looked it up here: https://golang.org/pkg/crypto/tls/#pkg-constants and see that you are using the legacy constant name which ultimately has the same value as the corresponding _SHA256-suffixed constant. I think it'd be less confusing just to use the matching constant name here.

[d-luu]

I can remove those

[waynr]

I know it probably doesn't matter much, but I would prefer to be consistent in the usage of cipher suite names by using TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

[waynr]

super nit:

cipherSuiteConsts := make([]uint16, len(names))

[waynr]

nit: in getCipherSuites you use a different style of slice initialization, it'd be nice to be consistent within the same commit

[codecov-io]

Codecov Report

Merging #3169 (7fff010) into main (22c0748) will increase coverage by 0.38%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3169      +/-   ##
==========================================
+ Coverage   55.84%   56.22%   +0.38%     
==========================================
  Files         102      102              
  Lines        7222     7224       +2     
==========================================
+ Hits         4033     4062      +29     
+ Misses       2552     2520      -32     
- Partials      637      642       +5     

Impacted Files	Coverage Δ
...bution/distribution/configuration/configuration.go	62.03% <0.00%> (ø)
...com/distribution/distribution/registry/registry.go	43.39% <0.00%> (+13.39%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 22c0748...7fff010. Read the comment docs.

[d-luu]

squashed/rebased only

[gaby]

Any plans to make a new released? Docker Registry is still using TLS 1.0 see #3333

[lefranco6910]

I ran the registry image from the development branch (2.7.0-272-gc63b5805) and TLS 1.0 and 1.1 are deprecated as indicated by d-luu. I think it's just a matter to get the modifications in the next release. You can always do like I did and get the development registry image in the mean time.