Hardened tls cipher suits and added option for tls min version (#315)

* handlers.go: Added parameter for TLS min version rest-server/main.go: Added parameter handling for TLS min version rest-server/main.go: Added crypto.tls, implemented and configured tlsConfig object * tls min version parameter documentation * Added changelog documentation * README.md: Fixed typo main.go: Added error for unknown TLS min versions main.go: Changed CurvePreferences in TLS config to Go default main.go: Removed handling for TLS min versions 1.0 and 1.1 Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch> * main.go: Improved TLSMinVer parameter documentation * README.md: Improved --tls-min-ver parameter documentation * main.go: Changed --tls-min-ver parameter documentation again * main.go: Added allowed versions in Error Unsupported TLS min version * update rest-server help output in readme --------- Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch> Co-authored-by: Michael Eischer <michael.eischer@fau.de>
2025-10-19 07:33:21 +00:00 · 2025-04-14 19:09:57 +00:00 · 2025-04-14 19:09:57 +00:00 · 2b6f0b39fc
commit 2b6f0b39fc
parent dbf5253ac2
4 changed files with 56 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -35,10 +35,11 @@ Flags:
      --append-only                  enable append only mode
      --cpu-profile string           write CPU profile to file
      --debug                        output debug messages
+      --group-accessible-repos       let filesystem group be able to access repo files
  -h, --help                         help for rest-server
-      --htpasswd-file string   location of .htpasswd file (default: "<data directory>/.htpasswd")
+      --htpasswd-file string         location of .htpasswd file (default: "<data directory>/.htpasswd)"
      --listen string                listen address (default ":8000")
-      --log filename           write HTTP requests in the combined log format to the specified filename
+      --log filename                 write HTTP requests in the combined log format to the specified filename (use "-" for logging to stdout)
      --max-size int                 the maximum size of the repository in bytes
      --no-auth                      disable .htpasswd authentication
      --no-verify-upload             do not verify the integrity of uploaded data. DO NOT enable unless the rest-server runs on a very low-power device
@ -46,9 +47,11 @@ Flags:
      --private-repos                users can only access their private repo
      --prometheus                   enable Prometheus metrics
      --prometheus-no-auth           disable auth for Prometheus /metrics endpoint
+      --proxy-auth-username string   specifies the HTTP header containing the username for proxy-based authentication
      --tls                          turn on TLS support
      --tls-cert string              TLS certificate path
      --tls-key string               TLS key path
+      --tls-min-ver string           TLS min version, one of (1.2|1.3) (default "1.2")
  -v, --version                      version for rest-server
 ```

@ -68,7 +71,7 @@ If you want to disable authentication, you must add the `--no-auth` flag. If thi

 NOTE: In older versions of rest-server (up to 0.9.7), this flag does not exist and the server disables authentication if `.htpasswd` is missing or cannot be opened.

-By default the server uses HTTP protocol.  This is not very secure since with Basic Authentication, user name and passwords will be sent in clear text in every request.  In order to enable TLS support just add the `--tls` argument and add a private and public key at the root of your persistence directory. You may also specify private and public keys by `--tls-cert` and `--tls-key`.
+By default the server uses HTTP protocol.  This is not very secure since with Basic Authentication, user name and passwords will be sent in clear text in every request.  In order to enable TLS support just add the `--tls` argument and add a private and public key at the root of your persistence directory. You may also specify private and public keys by `--tls-cert` and `--tls-key` and set the minimum TLS version to 1.3 using `--tls-min-ver 1.3`.

 Signed certificate is normally required by the restic backend, but if you just want to test the feature you can generate password-less unsigned keys with the following command:

--- a/changelog/unreleased/pull-315
+++ b/changelog/unreleased/pull-315
@ -0,0 +1,6 @@
+Enhancement: Hardened tls settings
+
+rest-server now uses a secure tls cipher suit set and the minimal TLS version
+can be set with the option `--tls-min-ver`
+
+https://github.com/restic/rest-server/pull/315
--- a/cmd/rest-server/main.go
+++ b/cmd/rest-server/main.go
@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"log"
@ -47,6 +48,7 @@ func newRestServerApp() *restServerApp {
 		Server: restserver.Server{
 			Path:      filepath.Join(os.TempDir(), "restic"),
 			Listen:    ":8000",
+			TLSMinVer: "1.2",
 		},
 	}
 	rv.CmdRoot.RunE = rv.runRoot
@ -61,6 +63,7 @@ func newRestServerApp() *restServerApp {
 	flags.BoolVar(&rv.Server.TLS, "tls", rv.Server.TLS, "turn on TLS support")
 	flags.StringVar(&rv.Server.TLSCert, "tls-cert", rv.Server.TLSCert, "TLS certificate path")
 	flags.StringVar(&rv.Server.TLSKey, "tls-key", rv.Server.TLSKey, "TLS key path")
+	flags.StringVar(&rv.Server.TLSMinVer, "tls-min-ver", rv.Server.TLSMinVer, "TLS min version, one of (1.2|1.3)")
 	flags.BoolVar(&rv.Server.NoAuth, "no-auth", rv.Server.NoAuth, "disable authentication")
 	flags.StringVar(&rv.Server.HtpasswdPath, "htpasswd-file", rv.Server.HtpasswdPath, "location of .htpasswd file (default: \"<data directory>/.htpasswd)\"")
 	flags.StringVar(&rv.Server.ProxyAuthUsername, "proxy-auth-username", rv.Server.ProxyAuthUsername, "specifies the HTTP header containing the username for proxy-based authentication")
@ -176,8 +179,29 @@ func (app *restServerApp) runRoot(_ *cobra.Command, _ []string) error {
 	app.listenerAddress = listener.Addr()
 	app.listenerAddressMu.Unlock()

+	tlscfg := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+		},
+	}
+	switch app.Server.TLSMinVer {
+	case "1.2":
+		tlscfg.MinVersion = tls.VersionTLS12
+	case "1.3":
+		tlscfg.MinVersion = tls.VersionTLS13
+	default:
+		return fmt.Errorf("Unsupported TLS min version: %s. Allowed versions are 1.2 or 1.3", app.Server.TLSMinVer)
+	}
+
 	srv := &http.Server{
 		Handler:   handler,
+		TLSConfig: tlscfg,
 	}

 	// run server in background
--- a/handlers.go
+++ b/handlers.go
@ -22,6 +22,7 @@ type Server struct {
 	CPUProfile           string
 	TLSKey               string
 	TLSCert              string
+	TLSMinVer            string
 	TLS                  bool
 	NoAuth               bool
 	ProxyAuthUsername    string