Category: apache

Finding the right ciphers with 256 bit alias crypto wars part nine

Posted on by mario

Finding a good cipher for your web server is not an easy task. openssl ciphers -v ALL:COMPLEMENTOFALL lists all the available ciphers on your system.
What we don’t want

  • SSLv3 that is no longer secure.
  • 128 bit encryption is too weak
  • no encrytion cipther ;)
  • DSS cipher for key auth
  • DHE-RSA-AES256-SHA is no longer secure
  • TLSv1 no longer secure
  • PSK ( pre shared key) cipher
  • CAMELLIA
  • CBC cipher because of the BEAST attack
  • RSA because of FREAK and SMACK and ROBOT
  • Au=None
  • AESCCM it is also a Cipher Block Chaining (CBC)

That gives us:

openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "SSLv3" | grep -v "(128)" | grep -v "Enc=None" | \
 grep -v "Au=DSS" | grep -v "DHE-RSA-AES256-SHA" | grep -v "TLSv1 " | grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | \
 grep -v "CAMELLIA" | grep -v "CBC" | grep -v "Au=RSA" | grep -v "Au=None" | grep -v "Enc=AESCCM"

now choose your poison.

http/2.0 sslciphersuites with 256 bit alias crypto wars part eight TLSv1.3

Posted on by mario

Now with the release of Apache 2.4.37 it supports TLSv1.3 (with OpenSSL 1.1.1). Before is was possible to compile Apache against OpenSSL 1.1.1 but it had no effect compared to OpenSSL 1.1.0

There are some advantages using TLS 1.3. it comes with Zero Round Trip Time (0-RTT). Explained simply, with TLS 1.2, two round-trips had been needed to complete the TLS handshake. With TLSv1.3, it requires only one round-trip, which in turn cuts the encryption latency in half. It feels faster.

At the moment only Chrome and Firefox support TLS 1.3. But I think other browser will follow soon.

This requires Apache 2.4.37 or better and OpenSSL 1.1.1 or better. Note that there are now two different directives for SSLCipherSuite. Also new is that the names for the Ciphers for TLS 1.3 are  directly taken from the OpenSSL internal naming. This is different compared to the old way in apache. Only two ciphers that are allowed for TLSv1.3 support 256 bit encryption that is why I chose those.

Listen 443
<If "%{SERVER_PORT} == '443'">
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; preload"
</IfModule>
</If>

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

TraceEnable Off

SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

SSLOpenSSLConfCmd DHParameters "/opt/apache2/conf/dh4096.pem"
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

H2Direct On

Sadly not OS Distributions support the last OpenSSL version or that TLv1.3 version has been backported or it has been patched, but apache shows still an older version number.

http/2.0 sslciphersuites with 256 bit alias crypto wars part seven meeting Canada

Posted on by mario

Some weeks ago canada released a document for offical / public websites. No longer is TLS 1.0 nor TLS 1.1 allowed, but TLS 1.2 and TLS 1.3

Until this writing apache does not support TLS 1.3 yet, but it will come soon. This is because Apache does not work 100% with OpenSSL 1.1.1 yet. Soon it will do.

This brings an updated SSL config for apache webserver

 

<If "%{SERVER_PORT} == '443'">
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; preload"
</IfModule>
</If>
SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA

SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

H2Direct On

Some old clients including older Android versions are not longer supported, unless you install a newer browser like current Firefox.

htaccess if the host matches

Posted on by mario

It is a hassle to have different configurations in development and production. Often it is required to protect the new webpage with user and password. Publishing that config on production on the other hand would be fatal.
With Apache 2.4 that is pretty easy done

<If "%{HTTP_HOST} == 'stage.example.com'">
    AuthType basic
    AuthName "private"
    AuthUserFile /home/example/.htpasswd
    Require valid-user
</If>

http/2.0 sslciphersuites with 256 bit alias crypto wars part six meeting HIPPA

Posted on by mario

The chosen SSL Config was very good! But for I client I had to meet the specs from PCI DSS[1], HIPAA[2] and NIST[3].
The server already was PCI DSS ready. However since there are medical data it had to meet HIPAA too.

It turned out that HIPAA does not allow the nice CHACHA20-POLY1305 ciphers and I had to enable SSLStaplingCache that I turned of when I used StartSSL Certs cause of the timeout / outage from the response server from start ssl.

<If "%{SERVER_PORT} == '443'">
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15553000; preload"
    </IfModule>
</If>
SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA

SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

H2Direct On

I still get an A+ on ssllabs plus all green lights on htbridge ssl test.

[1] Payment Card Industry Data Security Standard
[2] Health Insurance Portability and Accountability Act
[3] National Institute of Standards and Technology

Access Controller for Apache 2.2 and 2.4 in one. Migrate httpd Apache config

Posted on by mario

Even though Apache 2.4 is available for a long time. Switching config might be easy on the config files itself. But inside code it can be harder, since that code might has to work on both versions. Developers often use .htaccess files. That is not recommended for performance, but a quick easy way for testing and development.
One solution is to use a .htaccess file that supports both versions.

<IfVersion < 2.4>
    order allow,deny
    deny from all
</IfVersion>
<IfVersion >= 2.4>
    Require all denied
</IfVersion>

http/2.0 sslciphersuites with 256 bit alias crypto wars part five A+ at SSL Test

Posted on by mario

At Qualys SLL Test labs tests I never had 100% for Key Exchange. Even adding a 4096 Diffie Hellman key did not do the trick.

Now I found adding

SSLOpenSSLConfCmd ECDHParameters secp384r1

to the config from Part 4 does the trick!

Now I can have all your bars on Qualys SSL Test at 100% without having an insane config no client can connect to.

Fun with windows subsystem for linux Part 2

Posted on by mario

After upgrading Windows with the creators update I was able to do a sudo do-release-upgrade Now running xenial on windows subsystem for linux. Microsoft has improved a lot of things on bash on ubuntu on windows. I am now able to run PHP-cgi over mod_fcgid.

Maybe I should do a benchmarking to see how apache is performing compared to plain / native windows apache binaries.

Fun with windows subsystem for linux

Posted on by mario

After the install and the required reboot I was able to start bash. At first I was confused where to find the files from the home directory. It isn’t the one from windows itself.
Well I found it in AppData\Local\lxss . So each user has his / her own files.

Since I was able to find most stuff I wanted to know if I am able to compile httpd apache on it. I cloned https://github.com/jblond/debian_build_apache24.git and the build went smooth.
But apache didn’t start. Adding AcceptFilter http none and AcceptFilter https none helped. To get rid of the first error messages. But still apache wasn’t starting. Got the following error message.

[Tue Jan 24 22:31:33.590385 2017] [fcgid:emerg] [pid 1289:tid 140034843477824] (38)Function not implemented: mod_fcgid: Can't create shared memory for size 1200712 bytes

Okay, I disabled mod_fcgid and apache starts with /opt/apache2/bin/httpd -k start . Even running bash.exe ~ as Adminstrator did not solve to run fcgid.
I have to find out how to run mod_fcgid. I like to run PHP over fcgid.

http/2.0 sslciphersuites with 256 bit alias crypto wars part four

Posted on by mario

To get rid of 128 bit encryption I had to disable

ECDHE-RSA-AES128-GCM-SHA256

But then I got error messages from the popular browsers Server negotiated HTTP/2 with blacklisted suite. That is caused by DHE-RSA-AES256-SHA and ECDHE-RSA-AES256-SHA

With a lof of trial and error I came to the following

Listen 443
<If "%{SERVER_PORT} == '443'">
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15553000; preload"
    </IfModule>
</If>

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

SSLUseStapling off
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256

However that has the negative effect that Android smaller than 7 and smaller than IE 11 can’t connect to the server. Also some older Firefox versions can’t connect. Depending on the application it might be worth to use such a config that doesn’t allow 128 bit encrypted connections.

Archive for category apache

Archives by Month: