Hardening TLS configuration

samuel · 12 July 2024 11:41

ThinLinc uses GnuTLS for Web Access and Web Admin. By default, it allows TLS versions 1.0, 1.1, 1.2 and 1.3:

https://www.cendio.com/resources/docs/tag/gnutls-priorities-standard.html

In some cases, you might want to harden your configuration by, for example, only allowing TLS 1.2 and TLS 1.3. This can be achieved by modifying ThinLinc configuration. The configuration parameters are called /webaccess/gnutls_priority and /tlwebadm/gnutls_priority and all protocol versions apart from TLS 1.2 and TLS 1.3 can be removed like this:

$ sudo tl-config 
/webaccess/gnutls_priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3
$ sudo tl-config 
/tlwebadm/gnutls_priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3
$ sudo systemctl restart tlwebaccess.service tlwebadm.service

The change can then be verified, for example, for Web Access by using nmap like this:

$ nmap --script ssl-enum-ciphers -p 300 <hostname_of_thinlinc_server>

And for Web Admin:

$ nmap --script ssl-enum-ciphers -p 1010 <hostname_of_thinlinc_server>

Below is example output when only TLS 1.2 and TLS 1.3 is allowed:

Starting Nmap 7.95 ( https://nmap.org ) at 2024-07-12 13:37 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000078s latency).
Other addresses for localhost (not scanned): ::1

PORT    STATE SERVICE
300/tcp open  unknown
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|   TLSv1.3: 
|     ciphers: 
|       TLS_AKE_WITH_AES_128_CCM_SHA256 (secp256r1) - A
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|     cipher preference: client
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

Note that, ThinLinc will always prefer the most secure version of TLS when there is a choice.

aaron · 4 April 2025 00:15

A note regarding TLS renegotiation.

Some security standards prohibit TLS renegotiation. Since renegotiation has been completely removed from the TLS 1.3 specification, restricting connections to this version can be used to prevent renegotiation from occurring in ThinLinc. To achieve this, you can set the relevant priority string(s) as referenced above to something like the following:

NORMAL:-VERS-ALL:+VERS-TLS1.3

You should verify first that this will not have any negative impacts, i.e. that all connecting clients are likely to support TLS 1.3.