Apache에서 기본적으로 Perfect Forward Secrecy를 활성화하려면 어떻게해야합니까?
경고 : 아래 답변의 Apache 구성 권장 사항 만 사용하십시오. 사용할 암호-보안 규범은 시간이 지남에 따라 변경되며 아래의 일부 보안 조언은 이미 구식입니다.
최근 이벤트를 계기로 Apache 설정을 재고하고 있습니다. 현재 내 아파치 사이트 구성은 다음과 같습니다.
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName example.com
DocumentRoot /var/www-wordpress
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www-wordpress>
Options Indexes FollowSymLinks MultiViews
AllowOverride FileInfo
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
FFS (Perfect Forward Secrecy)를 지원하려면 어떻게해야합니까? 기본적으로 SSL Perfect Forward Secrecy를 활성화하려면 어떻게해야합니까? 어떻게 시행 할 수 있습니까?
어때 :
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
-SSLv3 플래그를 추가하여 SSLv3를 비활성화합니다. 이것은 POODLE 공격 으로부터 보호하기 위해 추가됩니다 .
이는 완벽한 순방향 비밀 성을 선호하지만 BEAST 공격에 취약한 대가를 치르지 않습니다. Apache에는 프로토콜 버전에 따라 암호 기본 설정을 구성하는 방법이 없기 때문에 최신 프로토콜에서만 사용할 수있는 암호를 참조하여 가짜입니다. 특히 AES는 TLSv1.2까지 SHA1 해싱에서만 사용할 수있었습니다. 따라서 목록은 TLSv1.2 임시 Diffie-Hellman 암호로 시작하고 RC4 (처음에는 임시 DH를 사용하고 그다음에는 사용하지 않음), 마지막으로 BEAST 취약성 AES 옵션으로 시작합니다. 마지막에 인증 없음 / 약한 암호화 / 약한 해싱을 제외하는 것은 위생을위한 것일 뿐이며 이러한 암호가 도입되지 않았으므로 생략 할 수 있습니다. 성능이 우려되는 경우 EECDH 만 사용하고 EDH를 생략하십시오.
https://www.ssllabs.com/ssltest/analyze.html 에 따라 Apache 2.2 (따라서 @Bruno가 말한대로 EECDH가 없음)와 함께 사용 하면 iOS Safari 전용 PFS를 달성합니다. IE와 Firefox는 TLSv1.0이므로 BEAST를 피하기 위해 RC4를 얻습니다. (아아, EDH RC4와 같은 것은 없으므로 EECDH가 없으면 PFS를 포기합니다). 아파치 2.2의 브라우저에서 기대할 수있는 최선의 방법이라고 생각합니다. Chrome은 TLSv1.1을 지원하고 BEAST에 취약하지 않고 EDH AES를 사용할 수 있기 때문에 제대로 제공되지 않는 유일한 제품입니다. 대신 Firefox 및 IE와 같은 RC4-RSA를 얻습니다. EECDH RC4를 사용하도록 Apache를 업그레이드하면 Firefox, IE 및 Chrome 용 PFS가 제공됩니다.
2013-11-09 업데이트 :
I've found a few alternate recommendations around the web. They put less emphasis on BEAST protection (perhaps wise; BEAST is mostly mitigated client-side now) and more emphasis on perfect forward secrecy. To varying degrees they also have stronger preferences for GCM and greater reluctance to accept RC4.
Of particular note are, I think, the following recommendations:
- Mozilla OpSec
- Ivan Ristic (of Qualys)
- Geoffroy Gramaize
Personally, I'm going to go with Mozilla OpSec's. Their reasoning is well explained on their page. Of note, they prefer AES128 over AES256. In their words: "[AES128] provides good security, is really fast, and seems to be more resistant to timing attacks."
Noteworthy in Ivan Ristic's and Geoffroy Gramaize's recommendation is that SSLv3 is disabled. I think this mostly just breaks IE6, though some security related differences between SSLv3 and TLS v1.0 are mentioned on Wikipedia.
Also before I didn't talk about CRIME and BREACH. To protect against CRIME, disable SSL compression. This is included in the examples linked. To protected against BREACH, you need to disable compression at the HTTP level. For Apache 2.4, just do this once globally:
<Location />
SetEnvIfExpr "%{HTTPS} == 'on'" no-gzip
</Location>
For older versions of Apache, place this in each VirtualHost where SSLEngine is on:
<Location />
SetEnv no-gzip
</Location>
Update 2014-10-14: The Mozilla OpSec guide is now split into recommendations for old/intermediate/modern compatibility. With the settings from intermediate or modern, you end up with SSLv3 disabled. That will protect against the POODLE attack.
From my own understanding, you need to activate SSLHonorCipherOrder and to prepend SSLCipherSuite with ECDHE and DHE ciphers from openssl ciphers -v
From my /etc/apache2/mods-available/ssl.conf:
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
To test your website, you can use: https://www.ssllabs.com/ssltest
Note: Eliptic Curve DHE only seems to work with Apache 2.3.3 or higher (see source and Bruno's comment).
The cipher suites that provide Perfect Forward Secrecy are those that use an ephemeral form of the Diffie-Hellman key exchange. Their disadvantage is their overhead, which can be improved by using the elliptic curve variants (see Vincent Bernat's blog.)
The cipher suites in Apache Httpd (provided you're using mod_ssl compiled with OpenSSL) are configured using SSLCipherSuite, which takes a list as you would see when using the openssl ciphers command. If you look at the OpenSSL man page, you'll find kEDH is what you're looking for. (You can also list cipher suites individually.)
Enter this cipher code in your httpd.conf in the main/core conf directive:
SSLCipherSuite AES128+EECDH:AES128+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
You can even check the status of how secure it is by testing it at: https://www.ssllabs.com/ssltest/analyze.html?
Try this code in your ssl.conf:
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA
By the way,
Expert tip: The (1/n-1) split record trick is implemented in Firefox since a while. Thus, you can safely disable RC4 on Firefox in the advanced configuration menu. To do so, enter ‘about:config’ in your address bar, then search for ‘rc4′ and toggle all the found values to ‘false’. If you experience connections issues, toggle back those parameters to true.
https://cc.dcsec.uni-hannover.de/
This websites gives you information on the SSL cipher suites your browser supports for securing HTTPS connections.
Have a look at https://cipherli.st
There you find copy & paste config snippets for several services, that should ensure strong ssl security settings.
This article will help you configure forward security and get you up to date on current standards - https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
As of 09/16/2015, this will get you an A on SSLLabs test results.
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
I got a grade A (Sept. 2016) on SSLLabs still supporting Windows XP / Internet Explorer 8 using this ssl.conf configuration on Apache:
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:AES256+EECDH:DES-CBC3-SHA
In brief: only TLS is allowed: all versions are supported for compatibility and DES-CBC3-SHA cipher is allowed for compatibility too. The first, preferred two ciphers are using Elliptic curve Diffie-Hellman, the last was added as a fallback because this a good option among the ciphers available XP/IE. If you've installed the last OpenSSL version available this mix is enough to get an A at the time I'm writing.
Hope this is helpful.
'Programing' 카테고리의 다른 글
| 인라인 vs __inline vs __inline__ vs __forceinline? (0) | 2020.11.15 |
|---|---|
| Android SQLite의 "_id"필드 정보 (0) | 2020.11.15 |
| 개체에 플롯 저장 (0) | 2020.11.15 |
| 외부 파일 또는 어셈블리에서 WPF 스타일 또는 기타 정적 리소스로드 (0) | 2020.11.15 |
| MsBuild에서 PDB 파일 생성 비활성화 (0) | 2020.11.15 |