added stronger TLS ciphers default

CHANGELOG.md

@@ -7,6 +7,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Added
 
 ### Changed
+- **Breaking change:** Default TLS protocol list no longer includes TLSv1.1. New default is `["TLSv1.3", "TLSv1.2"]`, aligned with Mozilla Intermediate TLS profile. Operators connecting to legacy endpoints may still explicitly configure `enabled_protocols` ([#6003](https://github.com/opensearch-project/security/pull/6003))
+- **Breaking change:** Default TLS cipher list updated to GCM/ChaCha20 ECDHE-only suites. CBC-mode, DHE_DSS, SHA-1 MAC, and IBM `SSL_`-prefix ciphers removed from defaults. Explicitly configured cipher lists are unaffected ([#6003](https://github.com/opensearch-project/security/pull/6003))
+- All outbound TLS connectors (LDAP, external audit log, HTTP client) now share the same default protocol list as the inbound server TLS configuration ([#6003](https://github.com/opensearch-project/security/pull/6003))
+- Configuring TLSv1 or TLSv1.1 explicitly now causes a startup failure instead of a deprecation warning ([#6003](https://github.com/opensearch-project/security/pull/6003))
 
 ### Features
 

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java

@@ -522,10 +522,9 @@ public OpenSearchSecurityPlugin(final Settings settings, final Path configPath)
     private void verifyTLSVersion(final String settings, final List<String> configuredProtocols) {
         for (final var tls : configuredProtocols) {
             if (tls.equalsIgnoreCase("TLSv1") || tls.equalsIgnoreCase("TLSv1.1")) {
-                deprecationLogger.deprecate(
-                    settings,
-                    "The '{}' setting contains {} protocol version which was deprecated since 2021 (RFC 8996). "
-                        + "Support for it will be removed in the next major release.",
+                throw new OpenSearchException(
+                    "The '{}' setting contains {} protocol version which has been removed in OpenSearch 3.0 (RFC 8996). "
+                        + "Please remove this protocol from your configuration.",
                     settings,
                     tls
                 );

src/main/java/org/opensearch/security/auditlog/sink/ExternalOpenSearchSink.java

@@ -16,7 +16,6 @@
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
@@ -36,7 +35,7 @@
 
 public final class ExternalOpenSearchSink extends AuditLogSink {
 
-    private static final List<String> DEFAULT_TLS_PROTOCOLS = Arrays.asList(new String[] { "TLSv1.2", "TLSv1.1" });
+    private static final List<String> DEFAULT_TLS_PROTOCOLS = SSLConfigConstants.DEFAULT_SSL_PROTOCOLS;
     // config in opensearch.yml
     private final String index;
     private final String type;

src/main/java/org/opensearch/security/auth/ldap/backend/LDAPAuthorizationBackend.java

@@ -86,7 +86,7 @@ public class LDAPAuthorizationBackend implements AuthorizationBackend {
     private static final AtomicInteger CONNECTION_COUNTER = new AtomicInteger();
     private static final String COM_SUN_JNDI_LDAP_OBJECT_DISABLE_ENDPOINT_IDENTIFICATION =
         "com.sun.jndi.ldap.object.disableEndpointIdentification";
-    private static final List<String> DEFAULT_TLS_PROTOCOLS = Arrays.asList("TLSv1.2", "TLSv1.1");
+    private static final List<String> DEFAULT_TLS_PROTOCOLS = SSLConfigConstants.DEFAULT_SSL_PROTOCOLS;
     static final int ONE_PLACEHOLDER = 1;
     static final int TWO_PLACEHOLDER = 2;
     static final String DEFAULT_ROLEBASE = "";

src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java

@@ -34,7 +34,8 @@ public final class SSLConfigConstants {
      */
     public static final String DEFAULT_STORE_PASSWORD = "changeit"; // #16
     public static final String JDK_TLS_REJECT_CLIENT_INITIATED_RENEGOTIATION = "jdk.tls.rejectClientInitiatedRenegotiation";
-    public static final String[] ALLOWED_SSL_PROTOCOLS = { "TLSv1.3", "TLSv1.2", "TLSv1.1" };
+    public static final String[] ALLOWED_SSL_PROTOCOLS = { "TLSv1.3", "TLSv1.2" };
+    public static final List<String> DEFAULT_SSL_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(ALLOWED_SSL_PROTOCOLS));
 
     /**
      * Shared settings prefixes/postfixes
@@ -259,117 +260,23 @@ public static String[] getSecureSSLProtocols(Settings settings, CertType certTyp
     }
 
     // @formatter:off
+    // Based on Mozilla Intermediate TLS profile (https://wiki.mozilla.org/Security/Server_Side_TLS).
+    // CBC-mode, DHE_DSS, SHA-1 MAC, and IBM SSL_-prefix entries removed in OpenSearch 3.0.
     public static final String[] ALLOWED_SSL_CIPHERS = {
-        // TLS_<key exchange and authentication algorithms>_WITH_<bulk cipher and message authentication algorithms>
-
-        // Example (including unsafe ones)
-        // Protocol: TLS, SSL
-        // Key Exchange RSA, Diffie-Hellman, ECDH, SRP, PSK
-        // Authentication RSA, DSA, ECDSA
-        // Bulk Ciphers RC4, 3DES, AES
-        // Message Authentication HMAC-SHA256, HMAC-SHA1, HMAC-MD5
-
-        // thats what chrome 48 supports (https://cc.dcsec.uni-hannover.de/)
-        // (c0,2b)ECDHE-ECDSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
-        // (c0,2f)ECDHE-RSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
-        // (00,9e)DHE-RSA-AES128-GCM-SHA256128 BitKey exchange: DH, encryption: AES, MAC: SHA256.
-        // (cc,14)ECDHE-ECDSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256.
-        // (cc,13)ECDHE-RSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256.
-        // (c0,0a)ECDHE-ECDSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
-        // (c0,14)ECDHE-RSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
-        // (00,39)DHE-RSA-AES256-SHA256 BitKey exchange: DH, encryption: AES, MAC: SHA1.
-        // (c0,09)ECDHE-ECDSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
-        // (c0,13)ECDHE-RSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
-        // (00,33)DHE-RSA-AES128-SHA128 BitKey exchange: DH, encryption: AES, MAC: SHA1.
-        // (00,9c)RSA-AES128-GCM-SHA256128 BitKey exchange: RSA, encryption: AES, MAC: SHA256.
-        // (00,35)RSA-AES256-SHA256 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
-        // (00,2f)RSA-AES128-SHA128 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
-        // (00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
-
-        // thats what firefox 42 supports (https://cc.dcsec.uni-hannover.de/)
-        // (c0,2b) ECDHE-ECDSA-AES128-GCM-SHA256
-        // (c0,2f) ECDHE-RSA-AES128-GCM-SHA256
-        // (c0,0a) ECDHE-ECDSA-AES256-SHA
-        // (c0,09) ECDHE-ECDSA-AES128-SHA
-        // (c0,13) ECDHE-RSA-AES128-SHA
-        // (c0,14) ECDHE-RSA-AES256-SHA
-        // (00,33) DHE-RSA-AES128-SHA
-        // (00,39) DHE-RSA-AES256-SHA
-        // (00,2f) RSA-AES128-SHA
-        // (00,35) RSA-AES256-SHA
-        // (00,0a) RSA-3DES-EDE-SHA
-
-        // Mozilla modern browsers
-        // https://wiki.mozilla.org/Security/Server_Side_TLS
-        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-        "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
-        "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
-        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
-        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
-        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
-        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-
-        // TLS 1.3
+        // TLS 1.3 suites
         "TLS_AES_128_GCM_SHA256",
         "TLS_AES_256_GCM_SHA384",
-        "TLS_CHACHA20_POLY1305_SHA256", // Open SSL >= 1.1.1 and Java >= 12
+        "TLS_CHACHA20_POLY1305_SHA256",   // OpenSSL >= 1.1.1 and Java >= 12
+
+        // TLS 1.2 ECDHE-GCM suites (Mozilla Intermediate)
+        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 
-        // TLS 1.2 CHACHA20 POLY1305 supported by Java >= 12 and
-        // OpenSSL >= 1.1.0
+        // TLS 1.2 ECDHE-ChaCha20 suites (Java >= 12 / OpenSSL >= 1.1.0)
         "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-        "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-
-        // IBM
-        "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-        "SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        "SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        "SSL_DHE_RSA_WITH_AES_128_GCM_SHA256",
-        "SSL_DHE_DSS_WITH_AES_128_GCM_SHA256",
-        "SSL_DHE_DSS_WITH_AES_256_GCM_SHA384",
-        "SSL_DHE_RSA_WITH_AES_256_GCM_SHA384",
-        "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-        "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-        "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-        "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-        "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-        "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-        "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-        "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-        "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256",
-        "SSL_DHE_RSA_WITH_AES_128_CBC_SHA",
-        "SSL_DHE_DSS_WITH_AES_128_CBC_SHA256",
-        "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256",
-        "SSL_DHE_DSS_WITH_AES_256_CBC_SHA",
-        "SSL_DHE_RSA_WITH_AES_256_CBC_SHA"
-
-        // some others
-        // "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-        // "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        // "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-        // "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-        // "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        // "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-        // "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-        // "TLS_RSA_WITH_AES_128_CBC_SHA256",
-        // "TLS_RSA_WITH_AES_128_GCM_SHA256",
-        // "TLS_RSA_WITH_AES_128_CBC_SHA",
-        // "TLS_RSA_WITH_AES_256_CBC_SHA",
-    };
+        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", };
     // @formatter:on
 
     private SSLConfigConstants() {}

src/main/java/org/opensearch/security/util/SettingsBasedSSLConfigurator.java

@@ -32,7 +32,6 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
-import com.google.common.collect.ImmutableList;
 import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
 import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
@@ -78,7 +77,7 @@ public class SettingsBasedSSLConfigurator {
     public static final String VERIFY_HOSTNAMES = "verify_hostnames";
     public static final String TRUST_ALL = "trust_all";
 
-    private static final List<String> DEFAULT_TLS_PROTOCOLS = ImmutableList.of("TLSv1.2", "TLSv1.1");
+    private static final List<String> DEFAULT_TLS_PROTOCOLS = SSLConfigConstants.DEFAULT_SSL_PROTOCOLS;
 
     private SSLContextBuilder sslContextBuilder;
     private final Settings settings;

src/main/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4.java

@@ -32,7 +32,6 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
-import com.google.common.collect.ImmutableList;
 import org.apache.http.conn.ssl.DefaultHostnameVerifier;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
@@ -79,7 +78,7 @@ public class SettingsBasedSSLConfiguratorV4 {
     public static final String VERIFY_HOSTNAMES = "verify_hostnames";
     public static final String TRUST_ALL = "trust_all";
 
-    private static final List<String> DEFAULT_TLS_PROTOCOLS = ImmutableList.of("TLSv1.2", "TLSv1.1");
+    private static final List<String> DEFAULT_TLS_PROTOCOLS = SSLConfigConstants.DEFAULT_SSL_PROTOCOLS;
 
     private SSLContextBuilder sslContextBuilder;
     private final Settings settings;

src/test/java/org/opensearch/security/ssl/util/SSLConfigConstantsTest.java

@@ -26,13 +26,13 @@ public class SSLConfigConstantsTest {
     @Test
     public void testDefaultTLSProtocols() {
         final var tlsDefaultProtocols = SSLConfigConstants.getSecureSSLProtocols(Settings.EMPTY, CertType.TRANSPORT);
-        assertArrayEquals(new String[] { "TLSv1.3", "TLSv1.2", "TLSv1.1" }, tlsDefaultProtocols);
+        assertArrayEquals(new String[] { "TLSv1.3", "TLSv1.2" }, tlsDefaultProtocols);
     }
 
     @Test
     public void testDefaultSSLProtocols() {
         final var sslDefaultProtocols = SSLConfigConstants.getSecureSSLProtocols(Settings.EMPTY, CertType.HTTP);
-        assertArrayEquals(new String[] { "TLSv1.3", "TLSv1.2", "TLSv1.1" }, sslDefaultProtocols);
+        assertArrayEquals(new String[] { "TLSv1.3", "TLSv1.2" }, sslDefaultProtocols);
     }
 
     @Test