You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jc...@apache.org on 2016/08/22 21:27:20 UTC
svn commit: r1757281 - /httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en
Author: jchampion
Date: Mon Aug 22 21:27:19 2016
New Revision: 1757281
URL: http://svn.apache.org/viewvc?rev=1757281&view=rev
Log:
docs: rebuild
Modified:
httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en
Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en?rev=1757281&r1=1757280&r2=1757281&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en Mon Aug 22 21:27:19 2016
@@ -34,7 +34,7 @@ documentation, and arrive at a deeper un
before progressing to the advanced techniques.</p>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#configexample">Basic Configuration Example</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher Suites and Enforcing Strong Security</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher Suites and Enforcing Strong Encryption</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ocspstapling">OCSP Stapling</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#accesscontrol">Client Authentication and Access Control</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
@@ -58,33 +58,91 @@ following directives.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="ciphersuites" id="ciphersuites">Cipher Suites and Enforcing Strong Security</a></h2>
+<h2><a name="ciphersuites" id="ciphersuites">Cipher Suites and Enforcing Strong Encryption</a></h2>
+
+
+<div class="warning">
+<p>"Strong encryption" is, and has always been, a moving target. Furthermore,
+the definition of "strong" depends on your desired use cases, your threat
+models, and your acceptable levels of risk. The Apache HTTP Server team cannot
+determine these things for you.</p>
+<p>For the purposes of this document, which was last updated in mid-2016,
+"strong encryption" refers to a TLS implementation which provides all of the
+following, in addition to the basic confidentiality, integrity, and authenticity
+protection that most users already expect:</p>
+<ul>
+<li>Perfect Forward Secrecy, which ensures that a compromise to a server's
+private key in the present does not compromise the confidentiality of past TLS
+communication.</li>
+<li>Protection from known attacks on older SSL and TLS implementations, such
+as <a href="https://en.wikipedia.org/wiki/POODLE">POODLE</a> and
+<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack">BEAST</a>.</li>
+<li>Support for the strongest ciphers available to modern (and up-to-date) web
+browsers and other HTTP clients.</li>
+<li><strong>Rejection</strong> of clients that cannot meet these requirements.
+In other words, "strong encryption" requires that out-of-date clients be
+completely unable to connect to the server, to prevent them from endangering
+their users. Whether or not this is appropriate for your situation is a decision
+that only you can make.</li>
+</ul>
+<p>Please note that strong <em>encryption</em> does not, by itself, ensure
+strong <em>security</em>. (As an example, HTTP compression oracle attacks such
+as <a href="https://en.wikipedia.org/wiki/BREACH_(security_exploit)">BREACH</a>
+may require further steps to mitigate.)</p>
+</div>
<ul>
<li><a href="#onlystrong">How can I create an SSL server which accepts strong encryption only?</a></li>
-<li><a href="#strongurl">How can I create an SSL server which accepts all types of ciphers in general, but
+<li><a href="#strongurl">How can I create an SSL server which accepts many types of ciphers in general, but
requires a strong cipher for access to a particular URL?</a></li>
</ul>
<h3><a name="onlystrong" id="onlystrong">How can I create an SSL server which accepts strong encryption
only?</a></h3>
- <p>The following enables only the strongest ciphers:</p>
- <pre class="prettyprint lang-config">SSLCipherSuite HIGH:!aNULL:!MD5</pre>
-
-
- <p>While with the following configuration you specify a preference
- for specific speed-optimized ciphers (which will be selected by
- mod_ssl, provided that they are supported by the client):</p>
-
- <pre class="prettyprint lang-config">SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
-SSLHonorCipherOrder on</pre>
-
+ <p>The following configuration enables "strong encryption", as defined
+ above, and is derived from the Mozilla Foundation's
+ <a href="https://wiki.mozilla.org/Security/Server_Side_TLS">Server Side
+ TLS</a> requirements:</p>
+
+ <pre class="prettyprint lang-config"># "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration
+# Generator as of August 2016. This tool is available at
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+# Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some
+# require OpenSSL 1.1.0, which as of this writing was in pre-release.
+SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder on
+SSLCompression off
+SSLSessionTickets off</pre>
+
+
+ <ul>
+ <li>SSL 3.0 and TLS 1.0 are susceptible to known attacks on the protocol;
+ they are disabled entirely.</li>
+ <li>Disabling TLS 1.1 is (as of August 2016) mostly optional; TLS 1.2
+ provides stronger encryption options, but 1.1 is not yet known to be broken.
+ Disabling 1.1 may mitigate attacks against some broken TLS
+ implementations.</li>
+ <li>Enabling <code class="directive"><a href="../mod/mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></code>
+ ensures that the server's cipher preferences are followed instead of the
+ client's.</li>
+ <li>Disabling <code class="directive"><a href="../mod/mod_ssl.html#sslcompression">SSLCompression</a></code>
+ prevents TLS compression oracle attacks (e.g.
+ <a href="https://en.wikipedia.org/wiki/CRIME">CRIME</a>).</li>
+ <li>Disabling <code class="directive"><a href="../mod/mod_ssl.html#sslsessiontickets">SSLSessionTickets</a></code>
+ ensures Perfect Forward Secrecy is not compromised if the server is not
+ restarted regularly.</li>
+ </ul>
+
+ <p>The exact ciphersuites supported in the
+ <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> line are determined
+ by your OpenSSL installation, not the server. You may need to upgrade to a
+ modern version of OpenSSL in order to use them.</p>
-<h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts all types of ciphers
-in general, but requires a strong ciphers for access to a particular
-URL?</a></h3>
+<h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts many types of ciphers
+in general, but requires a strong cipher for access to a particular URL?</a></h3>
<p>Obviously, a server-wide <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> which restricts
ciphers to the strong variants, isn't the answer here. However,
@@ -92,13 +150,13 @@ URL?</a></h3>
blocks, to give a per-directory solution, and can automatically force
a renegotiation of the SSL parameters to meet the new configuration.
This can be done as follows:</p>
- <pre class="prettyprint lang-config"># be liberal in general
-SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
+ <pre class="prettyprint lang-config"># be liberal in general -- use Mozilla's "Intermediate" ciphersuites (weaker
+# ciphersuites may also be used, but will not be documented here)
+SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<Location "/strong/area">
-# but https://hostname/strong/area/ and below
-# requires strong ciphers
-SSLCipherSuite HIGH:!aNULL:!MD5
+# but https://hostname/strong/area/ and below requires strong ciphersuites
+SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
</Location></pre>