Merge pull request #1102 from syncthing/gui-poodle

Protect GUI HTTPS from some attacks

cmd/syncthing/gui.go

@@ -70,7 +70,15 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
 	if err != nil {
 		l.Infoln("Loading HTTPS certificate:", err)
 		l.Infoln("Creating new HTTPS certificate")
-		newCertificate(confDir, "https-")
+
+		// When generating the HTTPS certificate, use the system host name per
+		// default. If that isn't available, use the "syncthing" default.
+		name, err := os.Hostname()
+		if err != nil {
+			name = tlsDefaultCommonName
+		}
+
+		newCertificate(confDir, "https-", name)
 		cert, err = loadCert(confDir, "https-")
 	}
 	if err != nil {
@@ -78,7 +86,20 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
 	}
 	tlsCfg := &tls.Config{
 		Certificates: []tls.Certificate{cert},
-		ServerName:   "syncthing",
+		MinVersion:   tls.VersionTLS10, // No SSLv3
+		CipherSuites: []uint16{
+			// No RC4
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+		},
 	}
 
 	rawListener, err := net.Listen("tcp", cfg.Address)

cmd/syncthing/main.go

@@ -273,7 +273,7 @@ func main() {
 			l.Warnln("Key exists; will not overwrite.")
 			l.Infoln("Device ID:", protocol.NewDeviceID(cert.Certificate[0]))
 		} else {
-			newCertificate(dir, "")
+			newCertificate(dir, "", tlsDefaultCommonName)
 			cert, err = loadCert(dir, "")
 			myID = protocol.NewDeviceID(cert.Certificate[0])
 			if err != nil {
@@ -370,7 +370,7 @@ func syncthingMain() {
 	// Ensure that that we have a certificate and key.
 	cert, err = loadCert(confDir, "")
 	if err != nil {
-		newCertificate(confDir, "")
+		newCertificate(confDir, "", tlsDefaultCommonName)
 		cert, err = loadCert(confDir, "")
 		if err != nil {
 			l.Fatalln("load cert:", err)
@@ -909,7 +909,7 @@ next:
 				// the certificate and used another name.
 				certName := deviceCfg.CertName
 				if certName == "" {
-					certName = "syncthing"
+					certName = tlsDefaultCommonName
 				}
 				err := remoteCert.VerifyHostname(certName)
 				if err != nil {

cmd/syncthing/tls.go

@@ -33,8 +33,8 @@ import (
 )
 
 const (
-	tlsRSABits = 3072
-	tlsName    = "syncthing"
+	tlsRSABits           = 3072
+	tlsDefaultCommonName = "syncthing"
 )
 
 func loadCert(dir string, prefix string) (tls.Certificate, error) {
@@ -43,8 +43,8 @@ func loadCert(dir string, prefix string) (tls.Certificate, error) {
 	return tls.LoadX509KeyPair(cf, kf)
 }
 
-func newCertificate(dir string, prefix string) {
-	l.Infoln("Generating RSA key and certificate...")
+func newCertificate(dir, prefix, name string) {
+	l.Infof("Generating RSA key and certificate for %s...", name)
 
 	priv, err := rsa.GenerateKey(rand.Reader, tlsRSABits)
 	if err != nil {
@@ -57,7 +57,7 @@ func newCertificate(dir string, prefix string) {
 	template := x509.Certificate{
 		SerialNumber: new(big.Int).SetInt64(mr.Int63()),
 		Subject: pkix.Name{
-			CommonName: tlsName,
+			CommonName: name,
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,