Random musings on SSL/TLS configuration

Random musings onSSL/TLS by Cyrus Dasadia (@ExtremeUnix)

Reason for configuring SSL

Identity

Confidentiality/Privacy

Integrity

Secure my application

Step 1: Create CSR

Secure my application

Step 1: Create CSR

Step 2: Buy / Self-sign a SSL Certificate

Secure my application

Step 1: Create CSR

Step 2: Buy / Self-sign a SSL Certificate

Step 3: Configure Apache/Nginx web-server

Secure my application

Step 1: Create CSR

Step 2: Buy / Self-sign a SSL Certificate

Step 3: Configure Apache/Nginx web-server

Step 4: Security Accomplished!!

Thank you! Questions?

You were mostly wrong

Cipher suites ?OpenSSL on system/application?Certificate Key?TLS version supported?

SSL == TLS

SSL ≠ TLS or is it ?

Netscape created SSL as a product

SSL v1.0 - ??SSL v2.0 - 1995SSL v3.0 - 1996

SSL ≠ TLS or is it ?

Netscape created SSL as a product

SSL v1.0 - ??SSL v2.0 - 1995SSL v3.0 - 1996

TLS came as a standard.

TLS v1.0 - 1999TLS v1.1 - 2006TLS v1.2 - 2008TLS v1.3 - draft

SSL/TLS connection

X.509

Hostname validation certs

Extended validation certs

Protocol Versions

● Disable SSL v2.0● Avoid SSL v3.0 ● Disable TLS compression (removed in

TLS 1.3)● Highest priority to TLS 1.2

Ciphers

Plain text

Key

SupaCipher EncryptedText

Ciphers: TLS

Symmetric

Block chaining

Recommended AES128 with GCM (Galois/Counter Mode)

Ciphers: TLS

Avoid these ciphers:DESEXP-*RC4

KeyExchange

RSA: Fast but no forward secrecy.

DHE: Forward secrecy but not fast enough.

ECDHE: Fast and forward secrecy

Lets see them in action

https://www.ssllabs.com/ssltest

Few takeaways: Keys

● 1024 bits is asking for trouble● 2048 bits minimal viable● 4096 good standard● Switch to ECDSA in future!

Few takeaways: Keys

Generating ECDSA keys:256 bit key:openssl ecparam -name prime256v1 -genkey -out my.key

512 bit key:openssl ecparam -name secp521r1 -genkey -out my.key

Few takeaways: Choosing a CA

● At least Supports Certificate Revocation List (CRL)

● Supports Online Certificate Status Protocol (OCSP)

● Accept trustiness of your Country/Corp CA

Few takeaways: Renegotiation

Disable Client Initiated Renegotiation

Apache:

Nginx:

Few takeaways: Performance

● Enable session resumption● Keep-Alive is your friend● Cache-Control: public

Few takeaways: Security bits

● Ensure 3rd party CDN’s use SSL● Do not mix connection types

Few takeaways: Security bits

Enable HSTS (HTTP Strict Transport Security) if possible.

Apache: (mod_headers) Header add Strict-Transport-Security "max-age=15768000;includeSubDomains"

nginx: (mod_headers) add_header Strict-Transport-Security "max-age=15768000;includeSubDomains"

Few takeaway: Security bits

Apache :SSLProtocol ALL -SSLv2SSLHonorCipherOrder onSSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

courtesy: @hynek

Few takeaway: Security bits

nginx :ssl_prefer_server_ciphers on;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

courtesy: @hynek

STARTTLS ≠ TLS

STARTTLS ≠ TLS

Plain text communications viz. IMAP, POP, SMTP needed support for encrypted connections

STARTTLS ≠ TLS

Simple solution, use a different port

IMAP uses port 143, SSL/TLS port 993.POP uses port 110, SSL/TLS port 995.SMTP uses port 25, SSL/TLS port 465.and LDAP, XMPP, etc.

STARTTLS ≠ TLS

Simple solution, use a different port

IMAP uses port 143, SSL/TLS port 993.POP uses port 110, SSL/TLS port 995.SMTP uses port 25, SSL/TLS port 465.and LDAP, XMPP, etc.

But having 2 ports is just waste of resources....

STARTTLS ≠ TLS

STARTTLS can simply be called to upgrade a plaintextconnection to TLS.

Summary

Disable SSL v2.0

Summary

Disable SSL v2.0

Use ECDHE wherever possible

Summary

Disable SSL v2.0

Use ECDHE wherever possible

Summary

Disable SSL v2.0

Use ECDHE wherever possible

Do not trust default pkgs

< Thank you >