SSL Configuration for Dummies

Spread the love
(Last Updated On: March 7, 2018)

Dealing with SSL Configuration for Apache or nginx is not easy. There are so many ciphers, and we are constantly reading about breaches and exploits caused by some cipher… If you look around, a lot of bloggers propose this and that snippet of configuration, claiming it’s the best. Thus, after some time searching the web, you will feel like you are completely lost!

Hopefully, Mozilla offer an SSL Configuration Generator, to help you decide between security and availability. It’s AUTO-MAGIC!

Why Does It Matter

It does matter because lots of highly ranked websites are still using poor SSL Configuration, as reported by the SSL Pulse observatory of Qualys:

qualys alexa ranking grade F 2018

The more the word is spread, the safer the Internet will be!

 

Mozilla SSL Configuration Generator

It’s so easy to use, I had trouble adding comments!

mozilla ssl configuration generatorcomments

What to know:

This tool is the definitive way to go for generating the SSL Cipher Suite for your needs. It covers the five major brands, that is: Apache, nginx, lighttpd, HAProxy and AWS ELB.

They offer 3 security configuration modes, resulting in a set of ciphers your server will propose to the clients. Be aware that each cipher you disable will render older browser more and more incompatible. It gives you the oldest version of compatible browsers for your convenience.

 

Example 1: nginx 1.10.3 | old profile | OpenSSL 1.0.1e

The configuration generated renders these browser incompatibles:

  • IE 6 XP
  • Java 6u45

Mozilla claims they should work, but testssl prove them wrong. Not sure why, but you can run your own tests and as they say, “tweak to your needs!

This configuration exposes you to these threats:

  • Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]): an attacker could brute force the keys used to encrypt the SSL traffic
  • SWEET32 (CVE-2016-2183, CVE-2016-6329): VULNERABLE, uses 64 bit block ciphers, because of 3DES
  • BEAST (CVE-2011-3389): VULNERABLE, because of SSL3 or TLS1
  • LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches

 

Example 2: nginx 1.10.3 | intermediate profile | OpenSSL 1.0.1e

The configuration generated renders these browser incompatibles:

  • IE 6 XP
  • Java 6u45

This configuration exposes you to these threats:

  • SWEET32 (CVE-2016-2183, CVE-2016-6329): VULNERABLE, uses 64 bit block ciphers, because of 3DES
  • BEAST (CVE-2011-3389): VULNERABLE, because of SSL3 or TLS1
  • LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches

 

Example 3: nginx 1.10.3 | modern profile | OpenSSL 1.0.1e

The configuration generated renders these browser incompatibles:

  • Android 2.3.7
  • Android 4.1.1
  • Android 4.3
  • Firefox 26-
  • Chrome 29-
  • IE 6 XP
  • IE 7 Vista
  • IE 8 XP
  • IE 8 Win 7
  • IE 9 Win 7
  • IE 10 Win 7
  • Safari 5.1.9 OS X 10.6.8
  • Safari 8-
  • Opera 16-
  • Tor 17.0.9 Win 7
  • Java 6u45
  • Java 7u25

As you can see, this edge configuration that will protect you from SWEET32 (CVE-2016-2183, CVE-2016-6329) and BEAST (CVE-2011-3389) will deny a lot of ancient clients to connect your site.

This configuration exposes you to these threats:

  • LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches

Note about LUCKY13 vulnerability:

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue.

It’s… not quite clear, is it? That’s because it’s the top level of hacking, and as mentioned by testssl, it’s still experimental since its discovery in 2013. It’s like the Spectre and Meltdown vulnerability: discovered by researchers, being addressed for years, and still not exploited, AFAIK. No need to panic.

 

Test Your SSL Configuration With testssl!

This is a bash script that you can download from Github, see more information on how to test your SSL Configuration with testssl.

ssl test testssl old conf

 

Test Your SSL Configuration With Qualys!

Testing your https site with Qualys SSL Server Test will certainly give you some insights for the next steps:

ssl test qualys modern conf

 

Final Thoughts

For a public site, a modern configuration with TLS 1.2 only will be fine. For an intranet, beware. Lots of companies still rely on outdated technologies because they use proprietary software based on Java, and the companies providing these solutions are really slow to adopt new standards. I’m not saying Java is the problem, but expensive software solutions are always based on Java.

 

4 years ago, when I left the Public company I worked for, they were still relying heavily on MSIE 6 XP for their internal back-office transactions. YES you have read correctly, Microsoft Internet Explorer 6.0 on Windows XP. 4 years ago makes it 2014, it was barely yesterday. Your desktop was likely using Windows Seven or 8 at that time. Incredible, isn’t it?

 

Look at that: 12% of the top 150,000 Alexa ranked websites are still proposing the POODLE attack via SSLv3 SSL Configuration:

qualys alexa ranking protocol support 2018 1

Team Cook

Self-taught IT guy, and Communist slayer for the past 40 years. Who controls the information, controls the future.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x