httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jchamp...@apache.org
Subject svn commit: r1757281 - /httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en
Date Mon, 22 Aug 2016 21:27:20 GMT
Author: jchampion
Date: Mon Aug 22 21:27:19 2016
New Revision: 1757281

URL: http://svn.apache.org/viewvc?rev=1757281&view=rev
Log:
docs: rebuild

Modified:
    httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en

Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en?rev=1757281&r1=1757280&r2=1757281&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en Mon Aug 22 21:27:19 2016
@@ -34,7 +34,7 @@ documentation, and arrive at a deeper un
 before progressing to the advanced techniques.</p>
 </div>
 <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif"
/> <a href="#configexample">Basic Configuration Example</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher
Suites and Enforcing Strong Security</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher
Suites and Enforcing Strong Encryption</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ocspstapling">OCSP
Stapling</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#accesscontrol">Client
Authentication and Access Control</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
@@ -58,33 +58,91 @@ following directives.</p>
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="section">
-<h2><a name="ciphersuites" id="ciphersuites">Cipher Suites and Enforcing Strong
Security</a></h2>
+<h2><a name="ciphersuites" id="ciphersuites">Cipher Suites and Enforcing Strong
Encryption</a></h2>
+
+
+<div class="warning">
+<p>"Strong encryption" is, and has always been, a moving target. Furthermore,
+the definition of "strong" depends on your desired use cases, your threat
+models, and your acceptable levels of risk. The Apache HTTP Server team cannot
+determine these things for you.</p>
+<p>For the purposes of this document, which was last updated in mid-2016,
+"strong encryption" refers to a TLS implementation which provides all of the
+following, in addition to the basic confidentiality, integrity, and authenticity
+protection that most users already expect:</p>
+<ul>
+<li>Perfect Forward Secrecy, which ensures that a compromise to a server's
+private key in the present does not compromise the confidentiality of past TLS
+communication.</li>
+<li>Protection from known attacks on older SSL and TLS implementations, such
+as <a href="https://en.wikipedia.org/wiki/POODLE">POODLE</a> and
+<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack">BEAST</a>.</li>
+<li>Support for the strongest ciphers available to modern (and up-to-date) web
+browsers and other HTTP clients.</li>
+<li><strong>Rejection</strong> of clients that cannot meet these requirements.
+In other words, "strong encryption" requires that out-of-date clients be
+completely unable to connect to the server, to prevent them from endangering
+their users. Whether or not this is appropriate for your situation is a decision
+that only you can make.</li>
+</ul>
+<p>Please note that strong <em>encryption</em> does not, by itself, ensure
+strong <em>security</em>. (As an example, HTTP compression oracle attacks such
+as <a href="https://en.wikipedia.org/wiki/BREACH_(security_exploit)">BREACH</a>
+may require further steps to mitigate.)</p>
+</div>
 
 <ul>
 <li><a href="#onlystrong">How can I create an SSL server which accepts strong
encryption only?</a></li>
-<li><a href="#strongurl">How can I create an SSL server which accepts all types
of ciphers in general, but
+<li><a href="#strongurl">How can I create an SSL server which accepts many types
of ciphers in general, but
 requires a strong cipher for access to a particular URL?</a></li>
 </ul>
 
 <h3><a name="onlystrong" id="onlystrong">How can I create an SSL server which
accepts strong encryption
 only?</a></h3>
 
-    <p>The following enables only the strongest ciphers:</p>
-    <pre class="prettyprint lang-config">SSLCipherSuite HIGH:!aNULL:!MD5</pre>
-
-
-    <p>While with the following configuration you specify a preference
-    for specific speed-optimized ciphers (which will be selected by
-    mod_ssl, provided that they are supported by the client):</p>
-
-    <pre class="prettyprint lang-config">SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
-SSLHonorCipherOrder on</pre>
-
+    <p>The following configuration enables "strong encryption", as defined
+    above, and is derived from the Mozilla Foundation's
+    <a href="https://wiki.mozilla.org/Security/Server_Side_TLS">Server Side
+    TLS</a> requirements:</p>
+
+    <pre class="prettyprint lang-config"># "Modern" configuration, defined by the Mozilla
Foundation's SSL Configuration
+# Generator as of August 2016. This tool is available at
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
+# Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some
+# require OpenSSL 1.1.0, which as of this writing was in pre-release.
+SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder on
+SSLCompression      off
+SSLSessionTickets   off</pre>
+
+
+    <ul>
+    <li>SSL 3.0 and TLS 1.0 are susceptible to known attacks on the protocol;
+    they are disabled entirely.</li>
+    <li>Disabling TLS 1.1 is (as of August 2016) mostly optional; TLS 1.2
+    provides stronger encryption options, but 1.1 is not yet known to be broken.
+    Disabling 1.1 may mitigate attacks against some broken TLS
+    implementations.</li>
+    <li>Enabling <code class="directive"><a href="../mod/mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></code>
+    ensures that the server's cipher preferences are followed instead of the
+    client's.</li>
+    <li>Disabling <code class="directive"><a href="../mod/mod_ssl.html#sslcompression">SSLCompression</a></code>
+    prevents TLS compression oracle attacks (e.g.
+    <a href="https://en.wikipedia.org/wiki/CRIME">CRIME</a>).</li>
+    <li>Disabling <code class="directive"><a href="../mod/mod_ssl.html#sslsessiontickets">SSLSessionTickets</a></code>
+    ensures Perfect Forward Secrecy is not compromised if the server is not
+    restarted regularly.</li>
+    </ul>
+
+    <p>The exact ciphersuites supported in the
+    <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>
line are determined
+    by your OpenSSL installation, not the server. You may need to upgrade to a
+    modern version of OpenSSL in order to use them.</p>
 
 
-<h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts
all types of ciphers
-in general, but requires a strong ciphers for access to a particular
-URL?</a></h3>
+<h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts
many types of ciphers
+in general, but requires a strong cipher for access to a particular URL?</a></h3>
 
     <p>Obviously, a server-wide <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>
which restricts
     ciphers to the strong variants, isn't the answer here. However,
@@ -92,13 +150,13 @@ URL?</a></h3>
     blocks, to give a per-directory solution, and can automatically force
     a renegotiation of the SSL parameters to meet the new configuration.
     This can be done as follows:</p>
-    <pre class="prettyprint lang-config"># be liberal in general
-SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
+    <pre class="prettyprint lang-config"># be liberal in general -- use Mozilla's "Intermediate"
ciphersuites (weaker
+# ciphersuites may also be used, but will not be documented here)
+SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 
 &lt;Location "/strong/area"&gt;
-# but https://hostname/strong/area/ and below
-# requires strong ciphers
-SSLCipherSuite HIGH:!aNULL:!MD5
+# but https://hostname/strong/area/ and below requires strong ciphersuites
+SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
 &lt;/Location&gt;</pre>
 
 



Mime
View raw message