Confirmed users, Bureaucrats and Sysops emeriti
882
edits
Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
Fix a few typos
No edit summary |
(Fix a few typos) |
||
| Line 133: | Line 133: | ||
= Mandatory discards = | = Mandatory discards = | ||
* | * aNULL contains non-authenticated Diffie-Hellman key exchanges, that are subject to Man-In-The-Middle (MITM) attacks | ||
* | * eNULL contains null-encryption ciphers (cleartext) | ||
* EXPORT are legacy weak ciphers that were marked as exportable by US law | * EXPORT are legacy weak ciphers that were marked as exportable by US law | ||
* DES and 3DES contains all legacy ciphers that used the deprecated Data Encryption Standard | * DES and 3DES contains all legacy ciphers that used the deprecated Data Encryption Standard | ||
| Line 169: | Line 169: | ||
The size of the prime number ''p'' constrains the size of the pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key. | The size of the prime number ''p'' constrains the size of the pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key. | ||
<source lang="bash"> | <source lang="bash"> | ||
$ openssl dhparam | $ openssl dhparam 2048 | ||
Generating DH parameters, 2048 bit long safe prime, generator 2 | Generating DH parameters, 2048 bit long safe prime, generator 2 | ||
..+..+...............+ | ..+..+...............+ | ||
| Line 193: | Line 193: | ||
== Nginx == | == Nginx == | ||
Nginx provides the best | Nginx provides the best TLS support at the moment. It is the only daemon that provides OCSP Stapling, custom DH parameters, and the full flavor of TLS versions (from OpenSSL). | ||
The detail of each configuration parameter, and how to build a recent Nginx with OpenSSL, is [[#Nginx_configuration_details|at the end of this document]]. | The detail of each configuration parameter, and how to build a recent Nginx with OpenSSL, is [[#Nginx_configuration_details|at the end of this document]]. | ||
| Line 207: | Line 207: | ||
ssl_dhparam /path/to/dhparam.pem; | ssl_dhparam /path/to/dhparam.pem; | ||
ssl_session_timeout 5m; | ssl_session_timeout 5m; | ||
ssl_protocols | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
ssl_ciphers '<recommended ciphersuite from top of this page>'; | ssl_ciphers '<recommended ciphersuite from top of this page>'; | ||
ssl_prefer_server_ciphers on; | ssl_prefer_server_ciphers on; | ||
ssl_session_cache shared: | ssl_session_cache shared:SSL:50m; | ||
# Enable this if your want HSTS (recommended, but be careful) | # Enable this if your want HSTS (recommended, but be careful) | ||
| Line 309: | Line 309: | ||
== Zeus (Riverbed Stingray) == | == Zeus (Riverbed Stingray) == | ||
Zeus lacks support for | Zeus lacks support for TLS 1.2, Elliptic Curves, AES-GCM and OCSP Stapling. | ||
The recommended prioritization is: | The recommended prioritization is: | ||
| Line 435: | Line 435: | ||
Available here: https://www.ssllabs.com/ssltest/ | Available here: https://www.ssllabs.com/ssltest/ | ||
Qualys | Qualys SSL Labs provides a very nice and comprehensive SSL testing suite. | ||
GlobalSign has a modified interface of SSL Labs with a few more bells and whistles: https://sslcheck.globalsign.com/ | |||
= Appendices = | = Appendices = | ||
| Line 607: | Line 609: | ||
==== ssl_dhparam ==== | ==== ssl_dhparam ==== | ||
When DHE ciphers are used, a prime number is shared between server and client to perform the Diffie-Hellman Key Exchange. I won't get into the details of Perfect Forward Secrecy here, but do know that the larger the prime is, the better the security. Nginx lets you specify the prime number you want the server to send to the client in the ssl_dhparam directive. The prime number is sent by the server to the client in the Server Key Exchange message of the handshake. To generate the dhparam, use ''openssl dhparam | When DHE ciphers are used, a prime number is shared between server and client to perform the Diffie-Hellman Key Exchange. I won't get into the details of Perfect Forward Secrecy here, but do know that the larger the prime is, the better the security. Nginx lets you specify the prime number you want the server to send to the client in the ssl_dhparam directive. The prime number is sent by the server to the client in the Server Key Exchange message of the handshake. To generate the dhparam, use ''openssl dhparam 4096'' | ||
A word of warning though, it appears that Java 6 does not support dhparam larger than 1024 bits. Clients that use Java 6 won't be able to connect to your site if you use a larger dhparam. (there might be issues with other libraries as well, I only know about the java one). | A word of warning though, it appears that Java 6 does not support dhparam larger than 1024 bits. Clients that use Java 6 won't be able to connect to your site if you use a larger dhparam. (there might be issues with other libraries as well, I only know about the java one). | ||
| Line 645: | Line 647: | ||
==== ssl_trusted_certificate ==== | ==== ssl_trusted_certificate ==== | ||
This is a path to a file where CA certificates are concatenated. For ssl_stapling_verify to work, this file must contain the Root CA cert and the Intermediate CA certificates. In the case of StartSSL, the Root CA and Intermediate I use are here: | This is a path to a file where CA certificates are concatenated. For ssl_stapling_verify to work, this file must contain the Root CA cert and the Intermediate CA certificates. In the case of StartSSL, the Root CA and Intermediate I use are here: https://jve.linuxwall.info/ressources/code/startssl_trust_chain.txt | ||
==== resolver ==== | ==== resolver ==== | ||
Nginx needs a DNS resolver to obtain the IP address of the OCSP responder. | Nginx needs a DNS resolver to obtain the IP address of the OCSP responder. | ||