httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: svn commit: r1679428 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Date Thu, 14 May 2015 22:58:11 GMT
Looks good to me, thanks!

I committed r1679470 in trunk and proposed a backport to 2.4.x (will
propose a v2 for my 2.2.x patch which is also concerned), since
SSL_DEFAULT_CIPHER_LIST (default when no SSL[Proxy]CipherSuite is
configured) does not include "!aNULL:!eNULL" for older OpenSSL
versions (though still supported).

On Thu, May 14, 2015 at 10:20 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> Proposed for backport on both 2.2 and 2.4 branches.
>
>
> On Thu, May 14, 2015 at 1:44 PM, <wrowe@apache.org> wrote:
>>
>> Author: wrowe
>> Date: Thu May 14 18:44:52 2015
>> New Revision: 1679428
>>
>> URL: http://svn.apache.org/r1679428
>> Log:
>> Conform to RFC 7525, with additional suggestion to drop RSA Kx ciphers
>>
>> Modified:
>>     httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
>>
>> Modified: httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?rev=1679428&r1=1679427&r2=1679428&view=diff
>>
>> ==============================================================================
>> --- httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in (original)
>> +++ httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in Thu May 14
>> 18:44:52 2015
>> @@ -43,22 +43,39 @@ Listen @@SSLPort@@
>>  ##
>>
>>  #   SSL Cipher Suite:
>> -#   List the ciphers that the client is permitted to negotiate.
>> -#   See the mod_ssl documentation for a complete list.
>> -SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
>> +#   List the ciphers that the client is permitted to negotiate,
>> +#   and that httpd will negotiate as the client of a proxied server.
>> +#   See the OpenSSL documentation for a complete list of ciphers, and
>> +#   ensure these follow appropriate best practices for this deployment.
>> +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
>> +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
>
>
> Here we simply drop RC4 as mentioned in RFC7525 (a MUST NOT), and extend the
> default list out to the proxy client behavior.
>
> The defaults for httpd-2.2 rely on ylavic's proposed 'mod_ssl: Improve
> handling of ephemeral DH and ECDH keys'... backport which addresses eNULL,
> aNULL and EXP in an unambiguous way.
>
>> -#   Speed-optimized SSL Cipher configuration:
>> -#   If speed is your main concern (on busy HTTPS servers e.g.),
>> -#   you might want to force clients to specific, performance
>> -#   optimized ciphers. In this case, prepend those ciphers
>> -#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
>> -#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
>> -#   (as in the example below), most connections will no longer
>> -#   have perfect forward secrecy - if the server's key is
>> -#   compromised, captures of past or future traffic must be
>> -#   considered compromised, too.
>> -#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
>> -#SSLHonorCipherOrder on
>
>
> This is, as we discussed, simply eliminating the speed-optimized
> suggestions, let the user look elsewhere for [frequently updated] guidance.
>
>>
>> +#  By the end of 2016, only TLSv1.2 ciphers should remain in use.
>> +#  Older ciphers should be disallowed as soon as possible, while the
>> +#  kRSA ciphers do not offer forward secrecy.  These changes inhibit
>> +#  older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
>> +#  non-browser tooling) from successfully connecting.
>> +#
>> +#  To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
>> +#  those protocols which do not support forward secrecy, replace
>> +#  the SSLCipherSuite and SSLProxyCipherSuite directives above with
>> +#  the following two directives, as soon as practical.
>> +# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
>> +# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
>
>
> I used the !SSLv3 logic rather than explicitly calling out TLSv1.2 so we
> enjoy a better transition to TLSv1.3+.
>
> Since the proposal to suggest !kRSA is new, it deserves a brief word of
> explanation.  RSA cipher negotiation remains valid.  But signed RSA
> certificates must be exchanged using the ECDHE or ECDH in order to provide
> forward secrecy.  This was proposed by Mark Thomas after evaluating how the
> Qualys SSL test behaved, resulting in upgrading from an A- to an A (where he
> enabled only HIGH grade ciphers and omitted MEDIUM).  It is interesting that
> this wasn't part of their Dec '14 v1.4 guidance whitepaper, but I'm sure it
> will be clarified in future revisions.  Only IE8 on XP is called out as
> requiring Kx=RSA with TLSv1.2 by default.
>
> in httpd-2.2, we may also wish to explicitly disable SSLv2 - notably for
> 3DES ciphers, but at the moment this is accomplished with !EXP:!kRSA (and by
> not including LOW grade ciphers).  Just thinking that if the user enables
> kRSA they also may inadvertently re-allow 3DES which has only 112 effective
> bits of key strength, not the 168 claimed.
>
>> +#   User agents such as web browsers are not configured for the user's
>> +#   own preference of either security or performance, therefore this
>> +#   must be the prerogative of the web server administrator who manages
>> +#   cpu load versus confidentiality, so enforce the server's cipher
>> order.
>> +SSLHonorCipherOrder on
>
>
> This also relies on guidance from RFC7525
>
>>
>> +#   SSL Protocol support:
>> +#   List the protocol versions which clients are allowed to connect with.
>> +#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
>> +#   disabled as quickly as practical.  By the end of 2016, only the
>> TLSv1.2
>> +#   protocol or later should remain in use.
>> +SSLProtocol all -SSLv3
>> +SSLProxyProtocol all -SSLv3
>
>
> The httpd 2.2 proposal already committed drops SSLv2 as well.
>
> I am all on board to now start ripping SSLv3 protocol and default to only
> TLSv1.2 ciphers, on trunk, once this config backport has been reviewed and
> committed.
>
>

Mime
View raw message