NGINX + HTTPS 101The Basics & Getting Started Sept 23, 2015 Nick Sullivan (@grittygrease)

#nginx #nginxconf

NGINX + HTTPS 101

2

What is HTTPS?

Protocol Versions

Cipher Suites

Configuring nginx

Bonus: Configuring HSTS

Backend HTTPS

Double Bonus: OCSP Stapling

Checking your configuration

What is HTTPS?

3

HTTPS = HTTP + Security• Security: SSL or TLS

• Provides data encryption and server authentication

• Negotiation of keys happens in the “handshake”

4

5

Why set up HTTPS?• User privacy

• SEO bump

• Put in front of HTTPS-incapable services

• General good practice

6

😀

😯

What are the downsides?• Operational complexity

• Extra latency (two round-trips for first connection)

• CPU cost

7

What you need to set up HTTPS• A set of protocols you support

• A set of ciphers you support in order of preference

• A certificate and a private key signed by a trusted Certificate Authority

8

Protocol Versions

9

A bit of history• SSL v2.0 released in 1995 by Netscape

• SSL v3.0 released in 1996 fixes major issues with v2

• TLS v1.0 released in 1999 by IETF: minor tweaks to SSLv3

• TLS v1.1 released in 2006 with minor tweaks

• TLS v1.2 released in 2008 with improved hashes and AEAD mode

10

A bit of history• SSL v2.0 released in 1995 - Broken by design

• SSL v3.0 released in 1996 - Broken by POODLE (Nov 2014)

• TLS v1.0 released in 1999 - Weakened by BEAST (2011) and Lucky 13 (2013)

• TLS v1.1 released in 2006 - Weakened by Lucky 13 (2013) and RC4 (2013, 2015)

• TLS v1.2 released in 2008 - Only safe with AEAD mode ciphers

11

Client Compatibility for TLS 1.2• Chrome >= 30

• Android >= 5.0

• Firefox >= 27

• Internet Explorer/Edge >= 11

• Safari Mac >= 7

• iOS >= 5

• Note: iOS 9 applications require TLS 1.2 support

12

~75%

Client Compatibility for TLS 1.0• Basically everything except Windows XP SP2 and earlier

13

Configuration options• High security, low compatibility

ssl_protocols TLSv1.2;

• Medium security, high compatibility

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

• Low security, maximum compatibility

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

14

Top Grade

SSL Labs

Cipher Suites

15

Cipher Suites• Complicated string describing the type of crypto used

• Defined by openssl (check your ciphers with $ openssl ciphers)

Example:

ECDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:

16

Cipher Suites

17

ECDHE-RSA-AES256-GCM-SHA384

Key Exchange - Certificate Key - Transport Cipher - Integrity

Server Cipher Suites• Client lists supported cipher suites in order of preference

• Server takes intersection of client list and server supported cipher list

• Server selects preferred cipher of remaining

18

Cipher Suite NegotiationAES256-GCM-SHA384: ECDHE-RSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:

ECDHE-RSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256: AES256-GCM-SHA384:

19

ECDHE-RSA-AES256-GCM-SHA384 AES256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

Recommended Cipher SuitesCloudFlare’s suggestions:

github.com/cloudflare/sslconfig

EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5

• Mozilla has their own suggestions:

https://mozilla.github.io/server-side-tls/ssl-config-generator/

20

Certificates

21

What is a certificate?• Organization name

• Public key

• Issuer name

• Rights

• Validity period

• Hostnames

• Digital signature by issuer

22

23

What is a trusted certificate?• When certificate is issued by a Certificate Authority (CA) that browsers trust

24

How do I get a certificate?• Create a key pair

• A private key

• A certificate signing request (contains your public key)

• Get a CA to create a certificate from the CSR

• Usually costs $$$

25

How do create a CSR and private key?• Using CFSSL

$ cfssl print-defaults csr > csr.json

$ cfssl genkey csr.json | cfssljson -bare

• Using OpenSSL

$ openssl genrsa -out key.pem 2048

$ openssl req -new -sha256 -key key.pem -out key.csr

26

How to get a free certificate• StartSSL.com: follow the instructions, get a headache

27

Certificate chain• Need to include all certificates in trust

chain up to the root

• If CA did not provide, try `cfssl bundle`

28

Configuring nginx

29

NGINX configurations parameters• Basic features

• ssl_certificate, ssl_certificate_key

• ssl_protocols

• ssl_ciphers

30

NGINX configurations parameters• Before you start: Find out the version of OpenSSL you are using

• Recommend at least 1.0.1p

$ openssl version

OpenSSL 0.9.8zd 8 Jan 2015

31

server {

listen 443 ssl;

ssl_certificate /path/to/signed_cert_plus_intermediates;

ssl_certificate_key /path/to/private_key;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

ssl_prefer_server_ciphers on;

}

32

Certificate Chain

Private key

• Session caching — faster connections from existing clients

• ssl_session_timeout 1d;

• ssl_session_cache shared:SSL:50m;

• Session tickets — advanced version

• Works with Chrome and Firefox

Extra options

33

server {

listen 443 ssl;

ssl_certificate /path/to/signed_cert_plus_intermediates;

ssl_certificate_key /path/to/private_key;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

ssl_prefer_server_ciphers on;

}

34

Protocols

Ciphers

• Prefer server cipher preference

• ssl_prefer_server_ciphers on;

Additional fields

35

Multiple domains, same certificatessl_certificate multiSAN.crt;

ssl_certificate_key multiSAN.key;

server {

listen 443 ssl;

server_name www.example.com;

...

}

server {

listen 443 ssl;

server_name www.example.org;

...

}

36

Backend HTTPS

37

• Encrypt to the server behind nginx

• Need a list of trusted CAs

Encryption on the backend

38

http {

server {

proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

proxy_ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;

proxy_ssl_verify on;

proxy_ssl_verify_depth 2;

proxy_ssl_session_reuse on;

}

}

39

Protocols

CiphersTrusted CAs

• Internal CA

• You can create your own certificates for the services behind nginx

• Requires managing your own public key infrastructure

• Public CA

• Need certificate from publicly trusted CA

• Root store already present on machine (e.g. Ubuntu: /etc/ssl/certs/ca-certificates.crt)

Options for trusted CAs

40

Checking your configuration

41

ssllabs.com

42

cfssl.org/scan

43

Bonus: Configuring HSTS

44

• HTTP header cached by browser

• Browser always attempts HTTPS

• Maximum age defined in seconds

• Preload list for Chrome and Firefox

• Requires 6 month HSTS

• Requires includeSubdomains

What is HSTS?

45

• Prevent hijacking of HTTP

Why?

46

• Prevents people from visiting HTTP version of site

• If HTTPS config is broken (expired certificate), site is broken

Risks

47

server {

listen 443 ssl;

ssl_certificate /path/to/signed_cert_plus_intermediates;

ssl_certificate_key /path/to/private_key;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

# intermediate configuration. tweak to your needs.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)

add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---

# fetch OCSP records from URL in ssl_certificate and cache them

ssl_stapling on;

ssl_stapling_verify on;

ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

}

48

Max-age: 6 months

Double Bonus: Configuring OCSP Stapling

49

• Certificates can not only expire, they can be revoked

• OCSP (Online Certificate Status Protocol) can be queried to check status

• Can slow down requests since it requires another connection

• OCSP Stapling: server pre-fetches OSCP response

• Saves a round-trip by the client

What is OCSP Stapling?

50

How much faster?DNS (1334ms)

TCP handshake (240ms)

SSL handshake (376ms)

Follow certificate chain (1011ms)

DNS to CA (300ms)

TCP to CA (407ms)

OCSP to CA #1 (598ms)

TCP to CA #2 (317ms)

OCSP to CA #2 (444ms)

Finish SSL handshake (1270ms)

51

~30%

server {

listen 443 ssl;

ssl_certificate /path/to/signed_cert_plus_intermediates;

ssl_certificate_key /path/to/private_key;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

# intermediate configuration. tweak to your needs.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)

add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---

# fetch OCSP records from URL in ssl_certificate and cache them

ssl_stapling on;

ssl_stapling_verify on;

ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

}

52

Get this file from your CA

Questions?

53

NGINX + HTTPS 101The Basics & Getting Started

Nick Sullivan @grittygrease