Posts Tagged crypto wars

http/2.0 sslciphersuites with 256 bit alias crypto wars part six meeting HIPPA

The chosen SSL Config was very good! But for I client I had to meet the specs from PCI DSS[1], HIPAA[2] and NIST[3].
The server already was PCI DSS ready. However since there are medical data it had to meet HIPAA too.

It turned out that HIPAA does not allow the nice CHACHA20-POLY1305 ciphers and I had to enable SSLStaplingCache that I turned of when I used StartSSL Certs cause of the timeout / outage from the response server from start ssl.

<If "%{SERVER_PORT} == '443'">
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15553000; preload"
    </IfModule>
</If>
SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA

SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

H2Direct On

I still get an A+ on ssllabs plus all green lights on htbridge ssl test.

[1] Payment Card Industry Data Security Standard
[2] Health Insurance Portability and Accountability Act
[3] National Institute of Standards and Technology

Tags: , , , , , , , , , ,

http/2.0 sslciphersuites with 256 bit alias crypto wars part five A+ at SSL Test

At Qualys SLL Test labs tests I never had 100% for Key Exchange. Even adding a 4096 Diffie Hellman key did not do the trick.

Now I found adding

SSLOpenSSLConfCmd ECDHParameters secp384r1

to the config from Part 4 does the trick!

Now I can have all your bars on Qualys SSL Test at 100% without having an insane config no client can connect to.

Tags: , , , , , , ,

http/2.0 sslciphersuites with 256 bit alias crypto wars part four

To get rid of 128 bit encryption I had to disable

ECDHE-RSA-AES128-GCM-SHA256

But then I got error messages from the popular browsers Server negotiated HTTP/2 with blacklisted suite. That is caused by DHE-RSA-AES256-SHA and ECDHE-RSA-AES256-SHA

With a lof of trial and error I came to the following

Listen 443
<If "%{SERVER_PORT} == '443'">
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15553000; preload"
    </IfModule>
</If>

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

SSLUseStapling off
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256 

However that has the negative effect that Android smaller than 7 and smaller than IE 11 can’t connect to the server. Also some older Firefox versions can’t connect. Depending on the application it might be worth to use such a config that doesn’t allow 128 bit encrypted connections.

Tags: , , , ,

http/2.0 sslciphersuites alias crypto wars part three

It has been a while since I wrote part two of the crypto wars. Luckily Peter Mosmans has backported ChaCha20 and Poly1305 ciphers of OpenSSL 1.1.0 to 1.0.2 on github so that at least Chrome browser can use 256 bit encryption over HTTP/2

However on the httpd dev mailing list there are a few people already talking about making changes to APR and httpd so that it will compile with OpenSSL 1.1.0

The config for that is:

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 
SSLCompression Off 
SSLHonorCipherOrder On 
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA

Why 256 bit? 128 bit hasn’t been cracked yet. The answer is that the collection of data and the data will decrypted when the time has come with a new generation of computers.

Tags: ,

http/2.0 sslciphersuites alias crypto wars part two

With the upcoming mod_h2 the httpd apache module for HTTP/2.0 support there is a must to have ECDHE-RSA-AES128-GCM-SHA256 in the SSLCipherSuite[1]. So SSLHonorCipherOrder Off can’t be used. That leaves the connection with only 128 bit encryption instead of 256 bit.

My hope is that the browsers will support soon a 256 Cipher

 

[1] https://http2.github.io/http2-spec/#rfc.section.9.2.2

Tags:

SSLCipherSuite alias crypto wars

Choosing the correct SSL cipher can be very difficult. Having the best encryption, still fast, having a “Modern compatibility”.

 

The current best solustion is with all browsers to have 256 bit encryption ( Chrome is currently the only browser that uses only 128 bit with this config).
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

— Edit —

Chrome might barf about a not modern config, hoever the encryption is not 256 in all cases. That is why I switched back to

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

Tags:

CVE-2015-0204 alias Freak Attack

There is a relative new attack: the freak attack. How ever the proven apache config from https://mariobrandt.de/archives/apache/current-2013-bullet-proof-ssl-config-779/ still works.

 

— update —

see https://mariobrandt.de/archives/apache/sslciphersuite-alias-crypto-wars-945/

Tags:

Poodle is back and against TLS, too CVE-2014-8730

With CVE-2014-8730 the POODLE attack is back. However with the right config it is not an issue.  https://mariobrandt.de/archives/apache/current-2013-bullet-proof-ssl-config-779/ is still the right config for this :) Make sure that your server is bullet proof, too.

Tags: ,

apache HTTP Strict Transport Security with long duration

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
How to achieve apache with a bullet proof SSL config and HTTP Strict Transport Security (HSTS) with long duration
Here is goes

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15553000; includeSubDomains"
</IfModule>
SSLUseStapling on
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

This gives a A+ at Qualys SSL Labs SSL Test.

Tags: , ,

current 2013 bullet proof SSL config

Now in December 2013 the best available SSL config with a 4096 bit RSA Key and httpd Apache 2.4.7 with OpenSSL/1.0.1e.

SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

YES Windows XP is no longer supported with this. But for me there is no more need to do so.

ssl test lab result

The SSL Test Lap Test shows a very good result. The Cipher Strength is at 100%. So any browser will use a 256 bit encrypted connection to that server.

Tags: ,

Archives by Subject:

Archives by Month: