random musings on ssl/tls configuration
DESCRIPTION
Few notes I collected while trying to figure out proper SSL/TLS configurationTRANSCRIPT
Random musings onSSL/TLS by Cyrus Dasadia (@ExtremeUnix)
Reason for configuring SSL
Identity
Confidentiality/Privacy
Integrity
Secure my application
Step 1: Create CSR
Secure my application
Step 1: Create CSR
Step 2: Buy / Self-sign a SSL Certificate
Secure my application
Step 1: Create CSR
Step 2: Buy / Self-sign a SSL Certificate
Step 3: Configure Apache/Nginx web-server
Secure my application
Step 1: Create CSR
Step 2: Buy / Self-sign a SSL Certificate
Step 3: Configure Apache/Nginx web-server
Step 4: Security Accomplished!!
Thank you! Questions?
You were mostly wrong
Cipher suites ?OpenSSL on system/application?Certificate Key?TLS version supported?
SSL == TLS
SSL ≠ TLS or is it ?
Netscape created SSL as a product
SSL v1.0 - ??SSL v2.0 - 1995SSL v3.0 - 1996
SSL ≠ TLS or is it ?
Netscape created SSL as a product
SSL v1.0 - ??SSL v2.0 - 1995SSL v3.0 - 1996
TLS came as a standard.
TLS v1.0 - 1999TLS v1.1 - 2006TLS v1.2 - 2008TLS v1.3 - draft
SSL/TLS connection
X.509
Hostname validation certs
Extended validation certs
Protocol Versions
● Disable SSL v2.0● Avoid SSL v3.0 ● Disable TLS compression (removed in
TLS 1.3)● Highest priority to TLS 1.2
Ciphers
Plain text
Key
SupaCipher EncryptedText
Ciphers: TLS
Symmetric
Block chaining
Recommended AES128 with GCM (Galois/Counter Mode)
Ciphers: TLS
Avoid these ciphers:DESEXP-*RC4
KeyExchange
RSA: Fast but no forward secrecy.
DHE: Forward secrecy but not fast enough.
ECDHE: Fast and forward secrecy
Lets see them in action
https://www.ssllabs.com/ssltest
Few takeaways: Keys
● 1024 bits is asking for trouble● 2048 bits minimal viable● 4096 good standard● Switch to ECDSA in future!
Few takeaways: Keys
Generating ECDSA keys:256 bit key:openssl ecparam -name prime256v1 -genkey -out my.key
512 bit key:openssl ecparam -name secp521r1 -genkey -out my.key
Few takeaways: Choosing a CA
● At least Supports Certificate Revocation List (CRL)
● Supports Online Certificate Status Protocol (OCSP)
● Accept trustiness of your Country/Corp CA
Few takeaways: Renegotiation
Disable Client Initiated Renegotiation
Apache:
Nginx:
Few takeaways: Performance
● Enable session resumption● Keep-Alive is your friend● Cache-Control: public
Few takeaways: Security bits
● Ensure 3rd party CDN’s use SSL● Do not mix connection types
Few takeaways: Security bits
Enable HSTS (HTTP Strict Transport Security) if possible.
Apache: (mod_headers) Header add Strict-Transport-Security "max-age=15768000;includeSubDomains"
nginx: (mod_headers) add_header Strict-Transport-Security "max-age=15768000;includeSubDomains"
Few takeaway: Security bits
Apache :SSLProtocol ALL -SSLv2SSLHonorCipherOrder onSSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
courtesy: @hynek
Few takeaway: Security bits
nginx :ssl_prefer_server_ciphers on;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
courtesy: @hynek
STARTTLS ≠ TLS
STARTTLS ≠ TLS
Plain text communications viz. IMAP, POP, SMTP needed support for encrypted connections
STARTTLS ≠ TLS
Simple solution, use a different port
IMAP uses port 143, SSL/TLS port 993.POP uses port 110, SSL/TLS port 995.SMTP uses port 25, SSL/TLS port 465.and LDAP, XMPP, etc.
STARTTLS ≠ TLS
Simple solution, use a different port
IMAP uses port 143, SSL/TLS port 993.POP uses port 110, SSL/TLS port 995.SMTP uses port 25, SSL/TLS port 465.and LDAP, XMPP, etc.
But having 2 ports is just waste of resources....
STARTTLS ≠ TLS
STARTTLS can simply be called to upgrade a plaintextconnection to TLS.
Summary
Disable SSL v2.0
Summary
Disable SSL v2.0
Use ECDHE wherever possible
Summary
Disable SSL v2.0
Use ECDHE wherever possible
Summary
Disable SSL v2.0
Use ECDHE wherever possible
Do not trust default pkgs
< Thank you >