Transport Encryption
Bareos uses TLS (Transport Layer Security) to provide secure network transport. For data encryption in contrast, please see the Data Encryption chapter. The initial Bacula encryption implementation has been written by Landon Fuller.
With Version >= 18.2.4 the TLS code has been enhanced by the TLS-PSK (Pre Shared Keys) feature which allows the daemons to setup an encrypted connection directly without using certificates. The library used for TLS is openSSL.
TLS Configuration Directives
Additional configuration directives have been added to all the daemons (Director, File daemon, and Storage daemon) as well as the various different Console programs. These directives are defined as follows:
TLS Enable (Dir->Director)Enable TLS support. This is by default enabled. If no certificates are configured PSK (Pre Shared Keys) ciphers will be used. If the other side does not support TLS, or cleartext is configured the connection will be aborted. However, for downward compatibility with clients before Bareos-18.2 the daemons can omit transport encryption and cleartext will be sent.
TLS Require (Dir->Director)Require TLS connection, for downward compatibility. This is by default disabled. However, if TlsRequire=yes, clients with a version before Bareos-18.2 will be denied if configured to use cleartext.
TLS Certificate (Dir->Director)The full path and filename of a PEM encoded TLS certificate. It can be used as either a client or server certificate. It is used because PEM files are base64 encoded and hence ASCII text based rather than binary. They may also contain encrypted information.
TLS Key (Dir->Director)The full path and filename of a PEM encoded TLS private key. It must correspond to the certificate specified in the TLS Certificate configuration directive.
TLS Verify Peer (Dir->Director)Request and verify the peers certificate.
In server context, unless the TLS Allowed CN configuration directive is specified, any client certificate signed by a known-CA will be accepted.
In client context, the server certificate CommonName attribute is checked against the Address and TLS Allowed CN configuration directives.
TLS Allowed CN (Dir->Director)Common name attribute of allowed peer certificates. If TLS Verify Peer=yes, all connection request certificates will be checked against this list.
This directive may be specified more than once as all parameters will we concatenated.
TLS CA Certificate File (Dir->Director)The full path and filename specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file.
In a client context, one of TLS CA Certificate File or TLS CA Certificate Dir is required.
In a server context, it is only required if TLS Verify Peer is used.
TLS CA Certificate Dir (Dir->Director)Full path to TLS CA certificate directory. In the current implementation, certificates must be stored PEM encoded with OpenSSL-compatible hashes, which is the subject name’s hash and an extension of .0.
In a client context, one of TLS CA Certificate File or TLS CA Certificate Dir is required.
In a server context, it is only required if TLS Verify Peer is used.
TLS DH File (Dir->Director)Path to PEM encoded Diffie-Hellman parameter file. If this directive is specified, DH key exchange will be used for the ephemeral keying, allowing for forward secrecy of communications. DH key exchange adds an additional level of security because the key used for encryption/decryption by the server and the client is computed on each end and thus is never passed over the network if Diffie-Hellman key exchange is used. Even if DH key exchange is not used, the encryption/decryption key is always passed encrypted. This directive is only valid within a server context.
To generate the parameter file, you may use openssl:
create DH keyopenssl dhparam -out dh1024.pem -5 1024
Getting TLS Certificates
To get a trusted certificate (CA or Certificate Authority signed certificate), you will either need to purchase certificates signed by a commercial CA or become a CA yourself, and thus you can sign all your own certificates.
Bareos is known to work well with RSA certificates.
You can use programs like xca or TinyCA to easily manage your own CA with a Graphical User Interface.
Example TLS Configuration Files
Examples of the TLS portions of the configuration files are listed below.
Bareos Director
Bareos Storage Daemon
Bareos File Daemon
Compatibility with Bareos File Daemon
Bareos File Daemon connection handshake probing
As from Bareos 18.2 all components by default establish a secure connection with encryption first, followed by the proprietary Bareos protocol. This is accomplished using TLS-PSK. Older components of Bareos than version 18.2 start a connection with a cleartext handshake without encryption.
For downward compatibility Bareos Director Daemons and Bareos Storage Daemons are able to connect to Bareos File Daemons older than version 18.2. In this case Director and Storage switch to the old protocol.
There are two connection modes of a File Daemon, active and passive. In contrast to a connection from an active Bareos File Daemon, the protocol version of a passive File Daemon has to be probed by the Director Daemon initially when a job is initiated. This information is stored in the configuration and immediately submitted to the Storage Daemon when the job is started.
The following sequence is used to figure out the right protocol version and to submit this information to the attached Bareos Storage Daemon:
Sequence diagram of a Bareos File Daemon connection
Bareos File Daemon 18.2 with Bareos before 18.2
Bareos File Daemon >= 18.2 can be used on a Bareos system before Bareos-18.2.
The older Bareos Director and Bareos Storage Daemon connect to Bareos File Daemon using the cleartext Bareos handshake before they can switch to TLS. If you want transport encryption then only TLS with certificates can be used. TLS-PSK is not possible with Bareos Director and Bareos Storage Daemon before Bareos-18.2.
However, it is also possible to disable transport encryption and use cleartext transport using the following configuration changes:
Bareos Director configuration
/etc/bareos/bareos-dir.d/client/bareos-fd.confClient {
...
TlsEnable = no
TlsRequire = no
...
}
/etc/bareos/bareos-dir.d/storage/bareos-sd.confStorage {
...
TlsEnable = no
TlsRequire = no
...
}
Bareos Storage Daemon configuration
/etc/bareos/bareos-sd.d/storage/bareos-sd.confStorage {
...
TlsEnable = no
TlsRequire = no
...
}
Bareos File Daemon configuration before 18.2
/etc/bareos/bareos-fd.d/client/bareos-fd.confClient {
...
TlsEnable = no
TlsRequire = no
...
}
/etc/bareos/bareos-fd.d/director/bareos-dir.confDirector {
...
TlsEnable = no
TlsRequire = no
...
}
Bareos File Daemon before 18.2 with Bareos 18.2
Bareos File Daemon before 18.2 can be used on a Bareos system 18.2 onwards.
The newer Bareos Director and Bareos Storage Daemon connect to Bareos File Daemon using the cleartext Bareos handshake before they switch to TLS. If you want transport encryption only TLS with certificates can be used, not PSK as it is possible with Bareos 18.2.
However, it is also possible to disable transport encryption and use cleartext transport using the following configuration changes:
Bareos File Daemon configuration
/etc/bareos/bareos-fd.d/client/bareos-fd.confClient {
...
TlsEnable = no
TlsRequire = no
...
}
/etc/bareos/bareos-fd.d/director/bareos-dir.confDirector {
...
TlsEnable = no
TlsRequire = no
...
}
Bareos Webui
Transport encryption between Bareos Webui and a Bareos Director can be configured on a per restricted named console basis.
TLS-PSK is not available between the Bareos WebUI and the Bareos Director, in the following you will set up TLS with certificates.
Please check the following configuration examples. A complete table of the directives in the directors.ini file see: Overview of the settings in the Bareos Webui directors.ini file
Note
For Bareos Webui the certificate file given by configuration parameter cert_file in directors.ini has to contain the certificate and the key in PEM encoding.
Configuration example
Changed in version 18.2.
Warning
In Bareos version 18.2, the global certificates configured in the director resource in the director configuration need to be used. Before, the certificates configured in the console resource of the director configuration were used.
/etc/bareos-webui/directors.ini;------------------------------------------------------------------------------
; Section backup.example.com
;------------------------------------------------------------------------------
[backup.example.com]
enabled = "yes"
diraddress = "backup.example.com"
dirport = 9101
;catalog = "MyCatalog"
tls_verify_peer = false
server_can_do_tls = true
server_requires_tls = false
client_can_do_tls = true
client_requires_tls = true
ca_file = "/etc/bareos-webui/tls/ca.crt"
cert_file = "/etc/bareos-webui/tls/client.pem"
;cert_file_passphrase = ""
;allowed_cns = ""
/etc/bareos/bareos-dir.d/director/bareos-dir.confDirector {
Name = bareos-dir
QueryFile = "/usr/lib/bareos/scripts/query.sql"
Maximum Concurrent Jobs = 10
Password = "654321"
Messages = Daemon
Auditing = yes
# Enable the Heartbeat if you experience connection losses
# (eg. because of your router or firewall configuration).
# Additionally the Heartbeat can be enabled in bareos-sd and bareos-fd.
#
# Heartbeat Interval = 1 min
# remove comment from "Plugin Directory" to load plugins from specified directory.
# if "Plugin Names" is defined, only the specified plugins will be loaded,
# otherwise all director plugins (*-dir.so) from the "Plugin Directory".
#
# Plugin Directory = "/usr/lib64/bareos/plugins"
# Plugin Names = ""
TLS Enable = yes
TLS Require = no
TLS Verify Peer = no
TLS CA Certificate File = /etc/bareos/tls/ca.crt
TLS Certificate = /etc/bareos/tls/server.crt
TLS Key = /etc/bareos/tls/server.pem
}
Overview of the settings in the Bareos Webui directors.ini file
Directive |
Type |
Default value |
Remark |
Description |
|---|---|---|---|---|
tls_verify_peer |
boolean |
false |
Optional |
TLS verif peer |
server_can_do_tls |
boolean |
false |
Required |
Server (Bareos Director) can do TLS |
server_requires_tls |
boolean |
false |
Required |
Server (Bareos Director) requires TLS |
client_can_do_tls |
boolean |
false |
Required |
Client can do TLS |
client_requires_tls |
boolean |
false |
Required |
Client requires TLS |
ca_file |
string |
Required |
Certificate authority file |
|
cert_file |
string |
Required |
Path to the certificate file which needs to contain the client certificate and the key in PEM encoding |
|
cert_file_passphrase |
string |
Optional |
Passphrase to unlock the certificate file given by cert_file |
|
allowed_cns |
string |
Optional |
Allowed common names |
TLS Configuration Reference
To be able to communicate via TLS, TLS needs to be configured on both sides. In Bareos certain directives are used to set up TLS.
The following table explains the location of the relevant TLS configuration directives for all possible Bareos TCP connections. Each resource is referred to as <component>-<resource> to identify the exact configuration location. Refer to chapter Customizing the Configuration for more details about configuration.
In Bareos Version 18.2 the relevant resources for some connections had to be changed. Affected directives are marked with the applicable version and the respective resource is written in bold letters.
Remark: TLS-PSK is not available on Bareos components before Version 18.2.
TLS Configuration Reference Config Directive / Connection No. [1]
TCP-Client
TCP-Server
Default Console
→
Director
Name [2]
*UserAgent* [4]
*UserAgent* [4]
Password [3]
Console-Director
Director-Director
Certificate directives
Console-Director
Director-Director
Tls Enable / Tls Require
Console-Director
Director-Director
Named Console
→
Director
Name [2]
Console-Console
Director-Console
Password [3]
Console-Console
Director-Console
Certificate directives [5], Version 17.2:
Console-Console
Director-Console
Certificate directives [5], Version 18.2:
Console-Console
Director-Director
Tls Enable / Tls Require
Console-Console
Director-Console
Director
→
File Daemon
Name, Version 17.2:
Director-Client
Client-Director
Name [2], Version 18.2:
Director-Director
Client-Director
Password [3]
Director-Client
Client-Director
Certificate directives [5], Version 17.2:
Director-Client
Client-Director
Certificate directives [5], Version 18.2:
Director-Client
Client-Client
Tls Enable / Tls Require
Director-Client
Client-Director
File Daemon
→
Director
Name, Version 17.2:
Client-Director
Director-Client
Name [2], Version 18.2:
Client-Client
Director-Client
Password [3]
Client-Director
Director-Client
Certificate directives [5], Version 17.2:
Client-Director
Director-Client
Certificate directives [5], Version 18.2:
Client-Director
Director-Director
Tls Enable / Tls Require
Client-Director
Director-Client
Director
→
Storage Daemon
Name, Version 17.2:
Director-Storage
Storage-Director
Name [2], Version 18.2:
Director-Director
Storage-Director
Password [3]
Director-Storage
Storage-Director
Certificate directives [5], Version 17.2:
Director-Storage
Storage-Director
Certificate directives [5], Version 18.2:
Director-Storage
Storage-Storage
Tls Enable / Tls Require
Director-Storage
Storage-Director
File Daemon
→
Storage Daemon
Name, Version 17.2:
not defined
not defined
Name [2], Version 18.2:
job name
job name
Password [3]
job session key
job session key
Certificate directives [5], Version 17.2:
Director-Storage
Storage-Director
Certificate directives [5], Version 18.2:
Director-Storage
Storage-Storage
Tls Enable / Tls Require
Director-Storage
Storage-Director
Storage Daemon
→
File Daemon
Name, Version 17.2:
not defined
not defined
Name [2], Version 18.2:
job name
job name
Password [3]
job session key
job session key
Certificate directives [5], Version 17.2:
Certificate directives [5], Version 18.2:
Storage-Storage
Client-Client
Tls Enable / Tls Require
Director-Client
Client-Client
Storage Daemon
→
Storage Daemon
Name, Version 17.2:
not defined
not defined
Name [2], Version 18.2:
job name
job name
Password [3]
job session key
job session key
Certificate directives [5]
Storage-Storage
Storage-Storage
Tls Enable / Tls Require
Director-W Storage
Director-W Storage
Traymon
→
Director
Name [2]
Traymon-Traymon
Director-Console
Password [3]
Traymon-Traymon
Director-Console
Certificate directives [5]
Traymon-Director
Director-Director
Tls Enable / Tls Require
Traymon-Director
Director-Console
Traymon
→
FD
Name [2]
Traymon-Traymon
Client-Director
Password [3]
Traymon-Client
Client-Director
Certificate directives [5]
Traymon-Client
Client-Client
Tls Enable / Tls Require
Traymon-Client
Client-Director
Traymon
→
SD
Name [2]
Traymon-Traymon
Storage-Director
Password [3]
Traymon-Storage
Storage-Director
Certificate directives [5]
Traymon-Storage
Storage-Storage
Tls Enable / Tls Require
Traymon-Storage
Storage-Director
Footnotes
Enabling Kernel TLS
Kernel TLS is a feature of some operating systems in which the application may pass data directly to the kernel, so that it performs the necessary encryption in kernel space.
Warning
If Kernel TLS is used then the data is written unencrypted to the socket.
This allows the kernel to offload this work to dedicated hardware to speed up the connection.
You may set the following options to Yes so that the respective daemon announces to the operating system that it wants to make use of Kernel TLS.
Enable kTLS (Dir->Director)
Enable kTLS (Fd->Client)
Enable kTLS (Sd->Storage)
Note
In the end the SSL implementation and the operating system itself will decide whether Kernel TLS will be used or not. Bareos cannot influence this decision directly.
To make it more likely that Kernel TLS is used, you may consult your operating system vendors manual to see which TLS ciphers it supports and configure bareos to use those.
Warning
Some SSL implementations do not correctly report whether Kernel TLS is used or not. In that case Bareos may send data completely unencrypted! Make sure to study the respective manuals.
If EnableKtls was set to Yes then Bareos will emit a debug message saying whether it thinks that Kernel TLS is enabled or not.
Note
On some operating systems you have to prepare Kernel TLS before bareos can take advantage of it. For example on Linux you have to load the tls kernel module.
bin/bconsole -d150
[...]
bconsole (100): lib/tls_openssl_private.cc:58-0 Construct TlsOpenSslPrivate
bconsole (100): lib/tls_openssl_private.cc:614-0 Set tcp filedescriptor: <3>
bconsole (100): lib/tls_openssl_private.cc:632-0 Set protocol: <>
bconsole (100): lib/tls_openssl_private.cc:554-0 Set ca_certfile: <>
bconsole (100): lib/tls_openssl_private.cc:560-0 Set ca_certdir: <>
bconsole (100): lib/tls_openssl_private.cc:566-0 Set crlfile_: <>
bconsole (100): lib/tls_openssl_private.cc:572-0 Set certfile_: <>
bconsole (100): lib/tls_openssl_private.cc:578-0 Set keyfile_: <>
bconsole (100): lib/tls_openssl_private.cc:596-0 Set dhfile_: <>
bconsole (100): lib/tls_openssl_private.cc:620-0 Set cipherlist: <>
bconsole (100): lib/tls_openssl_private.cc:626-0 Set ciphersuites: <>
bconsole (100): lib/tls_openssl_private.cc:602-0 Set Verify Peer: <false>
bconsole (100): lib/tls_openssl_private.cc:608-0 Set ktls: <true>
bconsole (50): lib/tls_openssl.cc:63-0 Preparing TLS_PSK CLIENT context for identity R_CONSOLE *UserAgent*
bconsole (100): lib/tls_openssl_private.cc:541-0 psk_client_cb. identity: R_CONSOLE *UserAgent*.
bconsole (150): lib/tls_openssl_private.cc:436-0 Ktls used for Recv: no
bconsole (150): lib/tls_openssl_private.cc:437-0 Ktls used for Send: yes
[...]
TLS Restricting Protocol and Cipher
With TLS/PSK activated by default in Bareos since version 18, it is sometimes mandatory to achieve better performance and increase the throughput of backups and restores. To do so, you need to fine-tune the configuration, selecting wisely the protocol and ciphers used. Syntax and parameter usage is far from evident. To do that, we only need to change two parameters into bareos configuration files, but their syntax and the location are a bit complex.
This chapter will show you how to do that.
Note
Since TLS protocols below 1.2 are considered weak, we will concentrate efforts on restricting cipher usage to protocol version 1.2 and above.
Determine available ciphers for TLSv1.2
The following command openssl helps to determine which ciphers are available for protocol 1.2 with the needed PSK extensions.
openssl ciphers -tls1_2 -psk -s
Adding -v option will give you an output list in column mode.
Example of column output excluding SSLv3 and SHA1.
openssl ciphers -v -tls1_2 -psk -s | grep -v SSLv3 | grep -v Mac=SHA1
Example output list of ciphers:
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
From that list we propose to use the following ciphers list:
Note
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 PSK-AES128-GCM-SHA256 AES128-GCM-SHA256 PSK-AES256-GCM-SHA384 AES256-GCM-SHA384
Order is done by level of “most secure” label done by [ciphersuite.info](https://ciphersuite.info/) website, then by ascending strength of digest to minimize cpu impact. Note the importance to have some cipher with PSK in its name to support the TLS/PSK mechanism.
Just be sure they are present on all hosts you want to use with Bareos.
Determine available ciphers for TLSv1.3
Similar to TLSv1.2 we can list the supported ciphers with
openssl ciphers -tls1_3 -psk -s
Currently only SHA256 ciphers are supported by bareos.
openssl ciphers -v -tls1_3 -psk -s | grep SHA256
Example output list of ciphers:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
Since all available TLSv1.3 ciphers are fairly strong, we recommend to not set the ciphersuites manually unless needed; for example to enable Kernel TLS.
Resources parameters to configure
We will modify the following options
On Bareos Director
TLS Cipher List (Dir->Director)
TLS Cipher List (Dir->Console)
TLS Cipher List (Dir->Storage)
On Bareos File Daemon
TLS Cipher List (Fd->Director)
On Bareos Storage Daemon
TLS Cipher List (Sd->Director)
For bconsole
TLS Protocol (Console->Console)
TLS Cipher List (Console->Console)
In the following example, we will remove all protocols below 1.2 and 1.3, and activate specifically 1.2 if it is not by default.
The order of the list of ciphers that should normally be hardware accelerated and usable by kernel Kernel TLS, is important.
Both values need to be set as strings enclosed by double quotes.
Those parameters have to be included in each resource located at (filenames in default installation).
bareos-dir.d/director/bareos-dir.conf
bareos-dir.d/client/bareos-fd.conf
bareos-dir.d/storage/File.conf
bareos-fd.d/client/myself.conf
bareos-fd.d/director/bareos-dir.conf
bareos-sd.d/storage/bareos-sd.conf
bareos-sd.d/director/bareos-dir.conf
bconsole.conf
How to test protocol and ciphers
Testing the protocol in use and supported ciphers can be done with the nmap tool.
# director
nmap --script ssl-enum-ciphers -p 9101 -n localhost
# fd
nmap --script ssl-enum-ciphers -p 9102 -n localhost
# sd
nmap --script ssl-enum-ciphers -p 9103 -n localhost
If your daemons are using exclusively ipv6 you have to use the nmap -6 option.
nmap --script ssl-enum-ciphers -p 9102 -n localhost
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-22 14:25 CET
Nmap scan report for localhost (::1)
Host is up (0.000095s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
9102/tcp open jetdirect
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
| TLS_PSK_WITH_AES_128_CBC_SHA - unknown
| TLS_PSK_WITH_AES_128_CBC_SHA256 - unknown
| TLS_PSK_WITH_AES_256_CBC_SHA - unknown
| TLS_PSK_WITH_AES_256_CBC_SHA384 - unknown
| TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - unknown
| TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - unknown
| compressors:
| NULL
| cipher preference: client
| TLSv1.1:
| ciphers:
| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
| TLS_PSK_WITH_AES_128_CBC_SHA - unknown
| TLS_PSK_WITH_AES_128_CBC_SHA256 - unknown
| TLS_PSK_WITH_AES_256_CBC_SHA - unknown
| TLS_PSK_WITH_AES_256_CBC_SHA384 - unknown
| TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - unknown
| TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - unknown
| compressors:
| NULL
| cipher preference: client
| TLSv1.2:
| ciphers:
| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| TLS_PSK_WITH_AES_128_CBC_SHA - unknown
| TLS_PSK_WITH_AES_128_CBC_SHA256 - unknown
| TLS_PSK_WITH_AES_128_CCM - unknown
| TLS_PSK_WITH_AES_128_CCM_8 - unknown
| TLS_PSK_WITH_AES_128_GCM_SHA256 - unknown
| TLS_PSK_WITH_AES_256_CBC_SHA - unknown
| TLS_PSK_WITH_AES_256_CBC_SHA384 - unknown
| TLS_PSK_WITH_AES_256_CCM - unknown
| TLS_PSK_WITH_AES_256_CCM_8 - unknown
| TLS_PSK_WITH_AES_256_GCM_SHA384 - unknown
| TLS_PSK_WITH_ARIA_128_GCM_SHA256 - unknown
| TLS_PSK_WITH_ARIA_256_GCM_SHA384 - unknown
| TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - unknown
| TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - unknown
| TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - unknown
| compressors:
| NULL
| cipher preference: client
|_ least strength: unknown
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
To be compared to the following output when restricted protocol and cipher are in place.
nmap --script ssl-enum-ciphers -p 9102 -n localhost
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-22 14:50 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000057s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
9101/tcp open jetdirect
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_PSK_WITH_AES_128_GCM_SHA256 - unknown
| TLS_PSK_WITH_AES_256_GCM_SHA384 - unknown
| compressors:
| NULL
| cipher preference: client
| warnings:
| Forward Secrecy not supported by any cipher
|_ least strength: unknown
Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
With the restricted configuration in place, the signature in bconsole will reflect the changes.
bconsole
Connecting to Director localhost:9101
Encryption: PSK-AES128-GCM-SHA256 TLSv1.2
1000 OK: bareos-dir Version: 21.1.5 (09 November 2022)
Conclusion
You are now able to configure TLS Protocol and cipher list to match your needs. Once this is in place we highly recommend comparing with real jobs the gain or loss of performance.