I got the following error message after compiling apache against the latest OpenSSL version.
Cannot load modules/mod_fcgid.so into server: undefined symbol: ap_unixd_setup_child
It looks like a compiler error that happened, but it isn’t. In fact, there are two options why there is this error message appears.
One mod_unixd isn’t loaded or loaded after mod_fcgid. Two mod_fcgid can’t create a directory for the socket or the socket itself. aka file permissions.
That error message could be much better. It is misleading. This error does not happen on Windows. It comes from the old Unix philosophy: “Everything is a file”. This lead to a ton of code in the kernels. Even more, code exists for block devices in /dev. All that symlinks and magic directories. I wonder when “Everything is a file” will have exceptions everyone agrees on.
Category: apache
Choosing the right cipher / alias crypto wars part twelve
Choosing the right cipher for your server.
The wanted options:
- Only 256 bit
- Only Mac AEAD[1] since in TLS 1.3 that is only allowed.
- Kx (Key exchange) and Au (Authentication) PSK (pre-shared key) is not an option for a webserver
- DSS cipher is for key auth
- Kx=DH without an EC ( Elliptic curves) is not secure enough
- Kx=RSA is weak
- AESCCM is also a Cipher Block Chaining (CBC)
- Aria is for Secure Real-Time Transport Protocol (SRTP)
- DHE-RSA-AES256-GCM-SHA384 and DHE-RSA-CHACHA20-POLY1305 have no EC (elliptic curves)
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \ grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \ grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"
The Output
TLS 1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS 1.2 ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
At last POLY over AES for speed, and ECDSA over RSA also for speed.
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
This was done with the current latest OpenSSL version 1.1.1l
Only for the completeness, GCM is Galois/Counter Mode[2]
[1] https://de.wikipedia.org/wiki/Authenticated_Encryption
[2] https://en.wikipedia.org/wiki/Galois/Counter_Mode
Obsolete key exchange mechanisms alias crypto wars part eleven
Obsolete key exchange mechanisms alias crypto wars part eleven
Especially weak key exchange mechanisms indicated by the cipher suite include those designated as EXPORT or ANON; cipher suites using these key exchange mechanisms should not be used. Even if the cipher suite used in a TLS session is acceptable, a key exchange mechanism may use weak keys that allow exploitation. TLS key exchange methods include RSA key transport and DH or ECDH key establishment. DH and ECDH include static as well as ephemeral mechanisms. NSA recommends RSA key transport and ephemeral DH (DHE) or ECDH (ECDHE) mechanisms, with RSA or DHE key exchange using at least 3072-bit keys and ECDHE key exchanges using the secp384r1 elliptic curve. For RSA key transport and DH/DHE key exchange, keys less than 2048 bits should not be used, and ECDH/ECDHE using custom curves should not be used. The use of custom public key parameters in key exchange messages is deprecated per RFC 8422 Section 5.1.1
The recommended configuration is the following
Header always set Strict-Transport-Security "max-age=15553000; preload" SSLUseStapling On SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000) SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000) SSLOptions +StrictRequire +StdEnvVars -ExportCertData SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 SSLOpenSSLConfCmd ECDHParameters secp521r1 SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1 H2Direct On SSLOpenSSLConfCmd SignatureAlgorithms rsa_pss_rsae_sha512:rsa_pss_rsae_sha256:ECDSA+SHA512:ECDSA+SHA256:RSA+SHA512:RSA+SHA256 SSLOpenSSLConfCmd ClientSignatureAlgorithms rsa_pss_rsae_sha512:rsa_pss_rsae_sha256:ECDSA+SHA512:ECDSA+SHA256:RSA+SHA512:RSA+SHA256
Apache security headers
A good starting point for apache security headers
<IfModule mod_headers.c> Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block" Header always set Expect-CT "max-age=86400, enforce" Header always set Feature-Policy "\ geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; \ magnetometer 'none'; accelerometer 'none'; vr 'none'; \ speaker 'none'; ambient-light-sensor 'none'; gyroscope 'none'; \ microphone 'none'" Header always set Content-Security-Policy "\ default-src 'self' 'unsafe-inline' data:;\ font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; \ style-src 'self' 'unsafe-inline' fonts.googleapis.com; \ script-src 'self' 'unsafe-inline' 'unsafe-eval';" Header always set Access-Control-Allow-Origin "*" Header always set X-Content-Type-Options nosniff </IfModule>
Convert pfx certificate for apache
This is more or less a hint for me how to do it. Maybe it helps you, too.
openssl pkcs12 -in example.com.pfx -clcerts -nokeys -out example.com.crt openssl pkcs12 -in example.com.pfx -nocerts -out example.com-encrypted.key openssl rsa -in cert-encrypted.key -out example.com.key openssl pkcs12 -in example.com.pfx -cacerts -nokeys -out ca-cert.ca
Then in the apache config
SSLCertificateFile certs/example.com.crt SSLCACertificateFile certs/ca-cert.ca SSLCertificateKeyFile certs/example.com.key
Fight CBC ciphers with 256 bit alias crypto wars part ten
Since a few weeks the ssllabs server tests marks three more ciphers as CBC ciphers. Block ciphers are not secure. And flagged orange in the test results.
The candidates are
ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA
Removing them form the configuration also means removing the support for several older browsers.
The new recommended cipher suite is:
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
Thanks to Gregg for showing the other POLY 1305 ciphers that I didn’t know of until today. I saw you post at AL.
Update: I had to remove ECDHE-RSA-CHACHA20-POLY1305 and DHE-RSA-CHACHA20-POLY1305 since they are not HIPAA nor NIST compatible.
The TLS_AES_128_GCM_SHA256 ciphers is mandatory for TLS 1.3, but I kindly ignore that since I want only 256 bit encryption. This is not madness, this is crypto wars.
The whole configuration
<If "%{SERVER_PORT} == '443'"> <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15553000; preload" </IfModule> </If> SSLUseStapling On SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000) SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000) SSLOptions +StrictRequire +StdEnvVars -ExportCertData SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 SSLOpenSSLConfCmd ECDHParameters secp384r1 SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1 H2Direct On
Wild card domain to localhost because development matters
I have an A record for *.local at my test domain to 127.0.0.1
For web development it is often required to have a domain name rather than a subfolder in localhost. A vhost for a (sub)domain is easy to set up on my local apache instllation. I can have even a free, valid SSL certificate for that vhost. Wait, what? How can I have a valid certificate for free for a local domain? I use Let’s encrypt with DNS chalange. Sure every time I have to update the certifacte I have to change a DNS txt record, but that is easy.
Another reason why I have a wild card record to 127.0.0.1 is that I can add as many vhosts for testing to apache and don’t have to add or change the DNS settings. Also I can use it on every computer as long as it can query the DNS server on the internet. I can even give my co worker my vhost config and it works without changes.
So *.local.apachehaus.de is free for development. But you can’t have a SSL certificate. If you want that, you can do the same trick with your domain. Happy development.
Apache log as JSON
It is often required to parse the apache log, but the normal log format requires special handling like: https://github.com/JBlond/apache_log_parser
It is easier to have a direct output like JSON format.
LogFormat "{ \"time\":\"%t\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\" }" json
Now we have an easy to read log file.
Finding the right ciphers with 256 bit alias crypto wars part nine
Finding a good cipher for your web server is not an easy task. openssl ciphers -v ALL:COMPLEMENTOFALL lists all the available ciphers on your system.
What we don’t want
- SSLv3 that is no longer secure.
- 128 bit encryption is too weak
- no encrytion cipther ;)
- DSS cipher for key auth
- DHE-RSA-AES256-SHA is no longer secure
- TLSv1 no longer secure
- PSK ( pre shared key) cipher
- CAMELLIA
- CBC cipher because of the BEAST attack
- RSA because of FREAK and SMACK and ROBOT
- Au=None
- AESCCM it is also a Cipher Block Chaining (CBC)
That gives us:
openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "SSLv3" | grep -v "(128)" | grep -v "Enc=None" | \ grep -v "Au=DSS" | grep -v "DHE-RSA-AES256-SHA" | grep -v "TLSv1 " | grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | \ grep -v "CAMELLIA" | grep -v "CBC" | grep -v "Au=RSA" | grep -v "Au=None" | grep -v "Enc=AESCCM"
now choose your poison.
http/2.0 sslciphersuites with 256 bit alias crypto wars part eight TLSv1.3
Now with the release of Apache 2.4.37 it supports TLSv1.3 (with OpenSSL 1.1.1). Before is was possible to compile Apache against OpenSSL 1.1.1 but it had no effect compared to OpenSSL 1.1.0
There are some advantages using TLS 1.3. it comes with Zero Round Trip Time (0-RTT). Explained simply, with TLS 1.2, two round-trips had been needed to complete the TLS handshake. With TLSv1.3, it requires only one round-trip, which in turn cuts the encryption latency in half. It feels faster.
At the moment only Chrome and Firefox support TLS 1.3. But I think other browser will follow soon.
This requires Apache 2.4.37 or better and OpenSSL 1.1.1 or better. Note that there are now two different directives for SSLCipherSuite. Also new is that the names for the Ciphers for TLS 1.3 are directly taken from the OpenSSL internal naming. This is different compared to the old way in apache. Only two ciphers that are allowed for TLSv1.3 support 256 bit encryption that is why I chose those.
Listen 443 <If "%{SERVER_PORT} == '443'"> <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15553000; preload" </IfModule> </If> ProtocolsHonorOrder On Protocols h2c h2 http/1.1 TraceEnable Off SSLUseStapling On SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000) SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000) SSLOptions +StrictRequire +StdEnvVars -ExportCertData SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 SSLOpenSSLConfCmd DHParameters "/opt/apache2/conf/dh4096.pem" SSLOpenSSLConfCmd ECDHParameters secp384r1 SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1 H2Direct On
Sadly not OS Distributions support the last OpenSSL version or that TLv1.3 version has been backported or it has been patched, but apache shows still an older version number.
Archive for category apache
Archives by Month:
- December 2024
- November 2024
- October 2024
- August 2024
- April 2024
- January 2024
- December 2023
- November 2023
- July 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- October 2022
- September 2022
- August 2022
- July 2022
- May 2022
- March 2022
- February 2022
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- February 2021
- January 2021
- August 2020
- July 2020
- June 2020
- April 2020
- January 2020
- December 2019
- November 2019
- October 2019
- May 2019
- April 2019
- March 2019
- January 2019
- October 2018
- August 2018
- June 2018
- April 2018
- March 2018
- February 2018
- November 2017
- June 2017
- April 2017
- February 2017
- January 2017
- November 2016
- September 2016
- May 2016
- February 2016
- September 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- July 2014
- June 2014
- April 2014
- January 2014
- December 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009