ZDDC/zddc/internal/tlsutil at d5ce4e123013af9af852ef0789f40fd5dcc6bea1 - VARASYS/ZDDC

History

ZDDC 460d5fdada feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS The TLS configuration was using Go stdlib defaults — secure for typical commercial use, but federal evaluators need an explicit cipher allowlist they can map to a FIPS-validated implementation. Pin the cipher and curve lists to NIST SP 800-52 Rev. 2 § 3.3 conformant values: Ciphers (TLS 1.2): TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 Curves: X25519, P-256, P-384 MinVersion: TLS 1.2 (already set; 1.3 used when negotiated) TLS 1.3 cipher selection is not operator-controllable in Go stdlib (the runtime picks from a fixed AEAD-only set); all of those already meet the federal bar so no change needed there. Also adds HSTSMiddleware emitting `Strict-Transport-Security: max-age=31536000; includeSubDomains` when zddc-server is itself terminating TLS (ZDDC_TLS_CERT != none). Behind an upstream proxy terminating TLS the proxy is responsible for HSTS, so the middleware only wraps the chain when useTLS=true. Test coverage: * TLSConfig(none) returns nil + useTLS=false * TLSConfig(selfsigned) sets the exact NIST allowlist * Negative test asserting weak ciphers (CBC, RC4, 3DES, RSA-key- exchange) are NOT in the list — guardrail against regressions Federal-readiness gap analysis updated: this control is now partially complete. OCSP stapling and CT-log inclusion remain on the list for full DoD STIG conformance. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 17:55:52 -05:00
..
selfsigned.go	feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS	2026-05-04 17:55:52 -05:00
selfsigned_test.go	feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS	2026-05-04 17:55:52 -05:00

ZDDC 460d5fdada feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS

The TLS configuration was using Go stdlib defaults — secure for typical
commercial use, but federal evaluators need an explicit cipher
allowlist they can map to a FIPS-validated implementation. Pin the
cipher and curve lists to NIST SP 800-52 Rev. 2 § 3.3 conformant
values:

  Ciphers (TLS 1.2):
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

  Curves: X25519, P-256, P-384

  MinVersion: TLS 1.2 (already set; 1.3 used when negotiated)

TLS 1.3 cipher selection is not operator-controllable in Go stdlib
(the runtime picks from a fixed AEAD-only set); all of those
already meet the federal bar so no change needed there.

Also adds HSTSMiddleware emitting `Strict-Transport-Security:
max-age=31536000; includeSubDomains` when zddc-server is itself
terminating TLS (ZDDC_TLS_CERT != none). Behind an upstream proxy
terminating TLS the proxy is responsible for HSTS, so the middleware
only wraps the chain when useTLS=true.

Test coverage:
  * TLSConfig(none) returns nil + useTLS=false
  * TLSConfig(selfsigned) sets the exact NIST allowlist
  * Negative test asserting weak ciphers (CBC, RC4, 3DES, RSA-key-
    exchange) are NOT in the list — guardrail against regressions

Federal-readiness gap analysis updated: this control is now partially
complete. OCSP stapling and CT-log inclusion remain on the list for
full DoD STIG conformance.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-04 17:55:52 -05:00

selfsigned.go

feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS

2026-05-04 17:55:52 -05:00

selfsigned_test.go

feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS

2026-05-04 17:55:52 -05:00