httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: SSLPolicy
Date Sat, 05 Aug 2017 19:11:40 GMT

> Am 04.08.2017 um 23:28 schrieb William A Rowe Jr <wrowe@rowe-clan.net>:
> 
> On Fri, Aug 4, 2017 at 4:26 AM, Stefan Eissing
> <stefan.eissing@greenbytes.de> wrote:
>> I talked about some kind of SSL Policy definition in httpd's configuration
>> in the past and am now about to get serious about it. Here is what I wan to
>> do:
>> 
>> Recap: the general idea is
>> 2. Provide a set of already defined policies that either follow a public
>>   definition (like the Mozilla security classes) or express our idea of
>>   how configuration should look like.
> 
> I read this aspect at this as more of a weakness than a benefit.
> 
> OpenSSL is more likely to be promptly updated by our users than httpd
> itself. Where ever httpd is overriding OpenSSL preferences, we will
> simply be prolonging the use of discouraged policy.
> 
> If a cipher is changed upstream in OpenSSL from HIGH to MEDIUM
> strength (or dropped entirely), due to the discovery of a weakness in
> the cipher, I believe it is important for httpd to pick up on that signal
> without upgrade or recompilation.

That is not a matter of SSLPolicy or not, but how one uses SSLCipherSuite,
inside or outside SSLPolicy. 

If someone configures nowadays an explicit cipher list (and not something 
like HIGH, MEDIUM), she does also not benefit from any OpenSSL updates in 
this regards.

I talked with the OpenSSL team during the HTTP/2 development, why they
do not take the Browser cipher requirements into their keyword definitions.
At that time, the answer basically was that they see HTTP as just one
layer up (among others) with which they are not directly concerned about 
and, if one wanted, one could add such definitions into the ssl config 
files.

So, not their problem. 

Yikes! Let's check what people search for secure httpd ssl configs
actually might find (this got a bit long, but bear with me):


A duckduckgo search for "httpd secure ssl config" has as first hit for me
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html
which talks about how to get a certificate and install that into httpd but
says *nothing* about protocols or ciphers. The "additional resources" links
to our website (good) and to http://www.modssl.org which says:
"Current Version: mod_ssl 2.8.31 for Apache 1.3.41"

This might mean
* duckduckgo thinks I am old fashioned
* there are no better descriptions on the web (not true, I know)
* many sites refer to this centos doc and many people use it

DoubleYikes!

Back to our site: http://httpd.apache.org/docs/current/en/ssl/ssl_howto.html#onlystrong
Our "only strong" recommendation for good performance is:

SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5

Now, I am not the ultimate expert on this, but as I read Ivan Ristić this
is not really recommended nowadays any more. (Here is SSLLabs doc on
SSL config advice 
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
which is generic for all servers).

Then, more interesting, people might stumble on the "Mozilla SSL Configuration Generator"
at https://mozilla.github.io/server-side-tls/ssl-config-generator/ 
which gives a complete Apache configuration where you select version and
your security policy (ahem) and people will get:

SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

I would guess that this is what people *copy* into their server configs
and which then will get never, or only sporadically updated. 

TripleYikes!

So, the question is: what do we want this generator actually to say?
My idea is that when people select Apache httpd 2.4.28, they will see

SSLPolicy modern

instead. And I do not see how that can work with mod_macro as well as
with a mod_ssl config directive. But I am listening.

Thanks for the patience,

-Stefan








Mime
View raw message