You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Kaspar Brand <ht...@velox.ch> on 2011/11/13 11:47:19 UTC
Re: Improving SSL config
On 07.10.2011 07:10, William A. Rowe Jr. wrote:
> Exactly... we should default to a server with a preference for cryptographic
> strength, but I have no objection to offering a commented-out, clearly
> documented 'alternative' configuration favoring performance, provided that
> is clearly labeled as 'not for sensitive data'.
Now that the dust after the "BEAST" bang has settled somewhat (and
it's clear that it needs to / will be fixed on the client side [1][2][3]),
I think it's a good time to revisit the default setting for
SSLCipherSuite - at least for trunk and 2.4.
My proposal is something like the attached patch - thoughts, objections?
Kaspar
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=665814
[2] http://codereview.chromium.org/7621002/
[3] http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Re: Improving SSL config
Posted by Eric Covener <co...@gmail.com>.
On Fri, Nov 18, 2011 at 10:05 PM, Stefan Fritsch <sf...@sfritsch.de> wrote:
> On Friday 18 November 2011, Kaspar Brand wrote:
>> "all" simply stands for "+SSLv3 +TLSv1",
>> so we might just leave the default config as is - i.e., not have
>> any SSLProtocol directive in docs/conf/extra/httpd-ssl.conf.
>
> We may have "TLSv1.1" "and TLSv1.2" in the future. Changing the
> default config to an explicit list is bound to cause problems. +1 for
> keeping "all".
was concerned about this as well.
Re: Improving SSL config
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Friday 18 November 2011, Kaspar Brand wrote:
> "all" simply stands for "+SSLv3 +TLSv1",
> so we might just leave the default config as is - i.e., not have
> any SSLProtocol directive in docs/conf/extra/httpd-ssl.conf.
We may have "TLSv1.1" "and TLSv1.2" in the future. Changing the
default config to an explicit list is bound to cause problems. +1 for
keeping "all".
Re: Improving SSL config
Posted by Kaspar Brand <ht...@velox.ch>.
On 17.11.2011 13:18, Nick Gearls wrote:
> Isn't it safer to only accept explicit entries, like
>
> SSLCipherSuite -ALL:RC4-SHA:AES128-SHA:TLSv1+HIGH:SSLv3+HIGH:-aNULL
> SSLProtocol -ALL +SSLv3 +TLSv1
It depends on the directive. For SSLCipherSuite, the string is just
passed verbatim to SSL_CTX_set_cipher_list(), so it's OpenSSL's behavior
which is relevant. In this case, saying "-ALL:HIGH" is the same as
saying "HIGH" only.
SSLProtocol, on the other hand, is handled by mod_ssl itself, and if you
want to turn on multiple protocols with "+" (instead of just configuring
a single one, like "SSLProtocol TLSv1"), then that's indeed a valid
reason for starting with "-all". But now, after having dropped SSLv2
support in r1203491/r1203495, "all" simply stands for "+SSLv3 +TLSv1",
so we might just leave the default config as is - i.e., not have any
SSLProtocol directive in docs/conf/extra/httpd-ssl.conf.
Kaspar
Re: Improving SSL config
Posted by Nick Gearls <ni...@gmail.com>.
Isn't it safer to only accept explicit entries, like
SSLCipherSuite -ALL:RC4-SHA:AES128-SHA:TLSv1+HIGH:SSLv3+HIGH:-aNULL
SSLProtocol -ALL +SSLv3 +TLSv1
Nick
On 13/11/2011 11:47, Kaspar Brand wrote:
> On 07.10.2011 07:10, William A. Rowe Jr. wrote:
>> Exactly... we should default to a server with a preference for cryptographic
>> strength, but I have no objection to offering a commented-out, clearly
>> documented 'alternative' configuration favoring performance, provided that
>> is clearly labeled as 'not for sensitive data'.
> Now that the dust after the "BEAST" bang has settled somewhat (and
> it's clear that it needs to / will be fixed on the client side [1][2][3]),
> I think it's a good time to revisit the default setting for
> SSLCipherSuite - at least for trunk and 2.4.
>
> My proposal is something like the attached patch - thoughts, objections?
>
> Kaspar
>
>
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=665814
> [2] http://codereview.chromium.org/7621002/
> [3] http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Re: Improving SSL config
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> On 14.11.2011 15:46, William A. Rowe Jr. wrote:
> > Isn't it similarly time to deploy SSLProtocol -SSLv2 by default?
>
> Oh yes, definitely. I didn't realize that "all" is still the default
> for
> SSLProtocol... for trunk and 2.4, I would suggest to change the
> defaults
> in the code. In decreasing order of preference:
>
> - completely drop SSLv2 support
>
> - change the default (in modssl_ctx_init) to
> SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV2
+1
> The first option also means that we would "comply" with RFC 6176 (in
> case someone complains about mod_ssl dropping support for a clearly
> outdated and insecure protocol).
>
> Kaspar
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
Re: Improving SSL config
Posted by Kaspar Brand <ht...@velox.ch>.
On 18.11.2011 18:47, Rainer Jung wrote:
> Fine with me. Current SSLCipherSuite for 2.2 definitely needs
> improvement and latest 2.4 should be the way to go.
>
> Except: Since SSLv2 is still available for 2.2, the -SSLv2 is needed in
> the cipher list.
>
> Please feel free to go ahead an remove my proposal.
Ok, done (r1203962). There's no need to have -SSLv2 in SSLCipherSuite,
because "!MD5" will already blow away all those ciphers (SSLv2 only uses
MD5).
What makes sense, OTOH, is adding "SSLProtocol all -SSLv2" to the 2.2.x
config - this makes sure that SSLv2 isn't used even if an admin later
changes the cipher list and "accidentally" reintroduces SSLv2 ciphers.
Kaspar
Re: Improving SSL config
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.11.2011 18:20, Kaspar Brand wrote:
> On 18.11.2011 13:09, Rainer Jung wrote:
>> You might want to drop the -SSLv2 from our SSLCipherSuite in
>> docs/conf/extra/httpd-ssl.conf.in then as well.
>
> You're right, yes. As there were no objections to the changes I proposed
> on the list a few days ago, I now committed them with r1203752/r1203753.
>
> If you generally agree with these modifications, I could also prepare
> and propose a backport for 2.2.x (there's currently an earlier one from
> you in 2.2.x's STATUS). Just let me know.
Fine with me. Current SSLCipherSuite for 2.2 definitely needs
improvement and latest 2.4 should be the way to go.
Except: Since SSLv2 is still available for 2.2, the -SSLv2 is needed in
the cipher list.
Please feel free to go ahead an remove my proposal.
Regards,
Rainer
Re: Improving SSL config
Posted by Kaspar Brand <ht...@velox.ch>.
On 18.11.2011 13:09, Rainer Jung wrote:
> You might want to drop the -SSLv2 from our SSLCipherSuite in
> docs/conf/extra/httpd-ssl.conf.in then as well.
You're right, yes. As there were no objections to the changes I proposed
on the list a few days ago, I now committed them with r1203752/r1203753.
If you generally agree with these modifications, I could also prepare
and propose a backport for 2.2.x (there's currently an earlier one from
you in 2.2.x's STATUS). Just let me know.
Kaspar
Re: Improving SSL config
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.11.2011 06:32, Kaspar Brand wrote:
> As I can't think of any good reason why a new major version of an HTTPS
> server released in late 2011 should still support insecure SSL protocol
> cruft from the 1990s (v2 was superseded about 15 years ago, when SSLv3
> was introduced), I went for the first option and completely dropped
> SSLv2 support with r1203491/r1203495 in trunk and 2.4, respectively.
>
> For the SSLProtocol directive, specifying "-SSLv2" is still permitted,
> but basically just for backward compatibility with the relatively
> popular "SSLProtocol all -SSLv2" incantation (technically, the code
> simply ignores "-SSLv2", as it is now always forced to off).
You might want to drop the -SSLv2 from our SSLCipherSuite in
docs/conf/extra/httpd-ssl.conf.in then as well.
Rainer
Re: Improving SSL config
Posted by Kaspar Brand <ht...@velox.ch>.
On 15.11.2011 19:48, Philip M. Gollucci wrote:
> On 11/14/11 17:41, Kaspar Brand wrote:
>> On 14.11.2011 15:46, William A. Rowe Jr. wrote:
>>> Isn't it similarly time to deploy SSLProtocol -SSLv2 by default?
>>
>> Oh yes, definitely. I didn't realize that "all" is still the default for
>> SSLProtocol... for trunk and 2.4, I would suggest to change the defaults
>> in the code. In decreasing order of preference:
>>
>> - completely drop SSLv2 support
>>
>> - change the default (in modssl_ctx_init) to
>> SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV2
>>
>> The first option also means that we would "comply" with RFC 6176 (in
>> case someone complains about mod_ssl dropping support for a clearly
>> outdated and insecure protocol).
>>
>> Kaspar
>>
>
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> Is the PCI compliant line should we change it, it should be to this.
The PCI DSS requirements aren't that specific on protocol or cipher
selection, actually (at least not in v2.0 - unless I'm completely
missing something in that document).
As I can't think of any good reason why a new major version of an HTTPS
server released in late 2011 should still support insecure SSL protocol
cruft from the 1990s (v2 was superseded about 15 years ago, when SSLv3
was introduced), I went for the first option and completely dropped
SSLv2 support with r1203491/r1203495 in trunk and 2.4, respectively.
For the SSLProtocol directive, specifying "-SSLv2" is still permitted,
but basically just for backward compatibility with the relatively
popular "SSLProtocol all -SSLv2" incantation (technically, the code
simply ignores "-SSLv2", as it is now always forced to off).
Kaspar
Re: Improving SSL config
Posted by Kaspar Brand <ht...@velox.ch>.
On 14.11.2011 15:46, William A. Rowe Jr. wrote:
> Isn't it similarly time to deploy SSLProtocol -SSLv2 by default?
Oh yes, definitely. I didn't realize that "all" is still the default for
SSLProtocol... for trunk and 2.4, I would suggest to change the defaults
in the code. In decreasing order of preference:
- completely drop SSLv2 support
- change the default (in modssl_ctx_init) to
SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV2
The first option also means that we would "comply" with RFC 6176 (in
case someone complains about mod_ssl dropping support for a clearly
outdated and insecure protocol).
Kaspar
Re: Improving SSL config
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 11/13/2011 4:47 AM, Kaspar Brand wrote:
>
> My proposal is something like the attached patch - thoughts, objections?
Reviewing the suggested list. The commentary looks good.
Isn't it similarly time to deploy SSLProtocol -SSLv2 by default?