fix(model): Specify a default ssl cipher list

This specifies a default cipher list instead of relying on the defaults
used by openssl, which are not tailored to https and cause issues with
HTTP/2 in Firefox due to poor cipher order.

The defaults are chosen to be secure, fast and compatible with current
clients, but exclude IE6 on XP and Java6 from connecting.

The list was built using current recommendation from the Mozilla Wiki
at https://wiki.mozilla.org/Security/Server_Side_TLS for intermediate
compatibility.

Ciphers are preferred in this order:

- Prefer 128-Bit over 256-Bit encryptions (lower coputational overhead)
- Prefer GCM over EDH over RSA auth (GCM & EDH support Forward Secrecy)
- Fallback to 112-Bit 3DES (mainly for IE 8 compatibility)

Author: felixbuenemann

README.md

@@ -271,7 +271,7 @@ _Note that Kubernetes annotation maps are all of Go type `map[string]string`.  A
 | <a name="http2-enabled"></a>deis-router | RC | [router.deis.io/nginx.http2Enabled](#http2-enabled) | `"true"` | Whether to enable HTTP2 for apps on the SSL ports. |
 | <a name="ssl-enforce"></a>deis-router | RC | [router.deis.io/nginx.ssl.enforce](#ssl-enforce) | `"false"` | Whether to respond with a 301 for all HTTP requests with a permanent redirect to the HTTPS equivalent address. |
 | <a name="ssl-protocols"></a>deis-router | RC | [router.deis.io/nginx.ssl.protocols](#ssl-protocols) | `"TLSv1 TLSv1.1 TLSv1.2"` | nginx `ssl_protocols` setting. |
-| <a name="ssl-ciphers"></a>deis-router | RC | [router.deis.io/nginx.ssl.ciphers](#ssl-ciphers) | `""` | nginx `ssl_ciphers`.  If the value is the empty string, OpenSSL's default ciphers are used.  In _all_ cases, server side cipher preferences (order matters) are used. |
+| <a name="ssl-ciphers"></a>deis-router | RC | [router.deis.io/nginx.ssl.ciphers](#ssl-ciphers) | `"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"` | nginx `ssl_ciphers`.  The default ciphers are taken from the intermediate compatibility section in the [Mozilla Wiki on Security/Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS). If the value is set to the empty string, OpenSSL's default ciphers are used.  In _all_ cases, server side cipher preferences (order matters) are used. |
 | <a name="ssl-sessionCache"></a>deis-router | RC | [router.deis.io/nginx.ssl.sessionCache](#ssl-sessionCache) | `""` | nginx `ssl_session_cache` setting. |
 | <a name="ssl-session-timeout"></a>deis-router | RC | [router.deis.io/nginx.ssl.sessionTimeout](#ssl-session-timeout) | `"10m"` | nginx `ssl_session_timeout` expressed in units `ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `y`. |
 | <a name="ssl-use-session-tickets"></a>deis-router | RC | [router.deis.io/nginx.ssl.useSessionTickets](#ssl-use-session-tickets) | `"true"` | Whether to use [TLS session tickets](http://tools.ietf.org/html/rfc5077) for session resumption without server-side state. |

model/model.go

@@ -166,6 +166,14 @@ func newSSLConfig() *SSLConfig {
 	return &SSLConfig{
 		Enforce:           false,
 		Protocols:         "TLSv1 TLSv1.1 TLSv1.2",
+		// Default cipher suite:
+		//  - Prefer 128-Bit over 256-Bit encryptions (lower overhead)
+		//  - Prefer GCM over EDH over RSA auth (for Forward Secrecy)
+		//  - Fallback to 112-Bit 3DES (mainly for IE 8 compatibility)
+		// Compatible: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
+		// Incompatible: Windows XP IE6, Java 6
+		// Source: https://wiki.mozilla.org/Security/Server_Side_TLS (intermediate compatiblity)
+		Ciphers:           "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS",
 		SessionTimeout:    "10m",
 		UseSessionTickets: true,
 		BufferSize:        "4k",