Return-Path: <users-return-115394-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 086B9200C57
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sat,  1 Apr 2017 02:59:26 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 06E98160B8C; Sat,  1 Apr 2017 00:59:26 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 4AE01160B80
	for <archive-asf-public@cust-asf.ponee.io>; Sat,  1 Apr 2017 02:59:25 +0200 (CEST)
Received: (qmail 18264 invoked by uid 500); 1 Apr 2017 00:59:23 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 18253 invoked by uid 99); 1 Apr 2017 00:59:23 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 01 Apr 2017 00:59:23 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 6F1C2C06D5
	for <users@httpd.apache.org>; Sat,  1 Apr 2017 00:59:23 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.399
X-Spam-Level: 
X-Spam-Status: No, score=0.399 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	KAM_NUMSUBJECT=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=domblogger.net
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id KWfZaVY0aPxo for <users@httpd.apache.org>;
	Sat,  1 Apr 2017 00:59:22 +0000 (UTC)
Received: from mail.domblogger.net (mail.domblogger.net [104.200.18.67])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id BC7D55FC6F
	for <users@httpd.apache.org>; Sat,  1 Apr 2017 00:59:21 +0000 (UTC)
Received: from localhost.localdomain (68-189-44-253.dhcp.rdng.ca.charter.com [68.189.44.253])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.domblogger.net (Postfix) with ESMTPSA id 094421197
	for <users@httpd.apache.org>; Sat,  1 Apr 2017 00:59:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domblogger.net;
	s=default; t=1491008354;
	bh=QtQ2/sHbdi5ppxK+74BSUEDNMBIMtGlcM/+F20gqV/4=;
	h=Subject:To:References:From:Date:In-Reply-To;
	b=mPDbykYVruN0no8cgtEuY4HhLqZsNqn9Iqju0JL5BdRPigH+vKU5SdEGzRe5LFIjy
	 hSzPhIJNVz8ZJjjGqPybySU7arWlouYr88RZxIbuZtDe/wPk1sNfR6Of4p71uRAWMt
	 ZL2OSXYZriXMavEBDHQWk4zn16XwqxpBvU72HgMQ=
To: users@httpd.apache.org
References: <43a7c089-0143-4707-b7e5-1553d31f9363@christopherschultz.net>
 <4328f97f-dae5-77a4-d8e9-f8ca196d984b@christopherschultz.net>
From: "Michael A. Peters" <mpeters@domblogger.net>
Message-ID: <775f5a54-6f9f-4710-2de4-0db04d5c0125@domblogger.net>
Date: Fri, 31 Mar 2017 17:59:13 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <4328f97f-dae5-77a4-d8e9-f8ca196d984b@christopherschultz.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [users@httpd] DH^H^H EC parameter selection on httpd 2.2
archived-at: Sat, 01 Apr 2017 00:59:26 -0000

On 03/31/2017 07:52 AM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> All,
>
> On 3/30/17 4:32 PM, Christopher Schultz wrote:
>> All,
>>
>> I'm running httpd 2.2.31 on Amazon Linux, and the docs for
>> SSLCertificateFile say:
>>
>> " Beginning with version 2.2.30, mod_ssl makes use of standardized
>> DH parameters with prime lengths of 2048, 3072, 4096, 6144 and 8192
>> bits (from RFC 3526), and hands them out to clients based on the
>> length of the certificate's RSA/DSA key. "
>>
>> I have a 4096-bit RSA key and yet I'm not getting a 100% on SSL
>> Labs' SSL testing tool. That suggests that the DH parameter
>> strength is less than what I was expecting: 4096-bit (or
>> equivalent).
>>
>> How does httpd determine which DH primes to use based upon the RSA
>> key? The server's key is 4096-bit, but the issuer's key (in the
>> chain) is 2048-bit. Is that the reason SSL Test is not giving me
>> full marks?
>>
>> I'm trying to create a 4096-bit parameters file (to attach to the
>> RSA key chain), but it's taking a while so I figured I'd ask in the
>> meantime .
>
> I added my 4096-bit DH parameters to the end of my cert file, like this:
>
> - -----BEGIN CERTIFICATE-----
> [my RSA certificate]
> - -----END CERTIFICATE-----
> - -----BEGIN DH PARAMETERS-----
> [my DH parameters data]
> - -----END DH PARAMETERS-----
>
> and restarted httpd.
>
> When running SSL Labs' test, it tells me the following:
>
> cipher / key-exch / strength / forward-security
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq.
> 3072 bits RSA)   FS
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq.
> 3072 bits RSA)   FS
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 4096 bits   FS
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 4096 bits   FS
>
> So it looks like the DH parameters are okay, but the EC RSA-bit-equiv
> is only 3072.
>
> Does this mean that I'd need to create an ecparam file to raise that
> RSA-bit-equiv even higher?

Do not worry about getting 100% on all four of the SSL Labs tests.

2048-bit DHE primes are not going to cracked anytime soon.

If you want to get 100% in all four of their testing areas it can be 
done but it requires an ECDSA cert with a very limited number of TLS 1.2 
ciphers that only support 256-bit ECDHE.

https://www.ssllabs.com/ssltest/analyze.html?d=leprecoin.org (one of my 
servers)

But in practice 2048-bit RSA cert is secure.

Rather than attempting to get 100% in all four of their metrics, strive 
to get a A+ rating with only a handful (less than 10) ciphers that all 
support forward secrecy.

When all of your ciphers support forward secrecy, then the server 
private/public key is only used for hostname authentication, not 
encryption. 2048-bit RSA most certainly is good enough for that, 
especially if you generate a new private key once a year.

With respect to forward secrecy, make sure your ECDHE ciphers are listed 
first so that clients that support them will use them, and clients that 
don't support ECDHE will still be able to use the DHE ciphers.

I tend to use the following on servers with RSA certs:

SSLHonorCipherOrder on
SSLCipherSuite "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384 
EECDH+AES+SHA256 EECDH+AES EDH+AES256"

It doesn't get me 100% on all four of the checks but I still get an A+ 
rating and know the server is secure, with a 2048-bit RSA cert and 2048 
DH parameters.

Using RSA > 2048-bit and DH params > 2048-bit results in more work for 
the server and the client without any real world benefit.

Yes technically harder to break, but if I can only jump 10 feet then a 
50 foot moat is just as effective as a 100 foot moat.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org