You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Apache Devel <ap...@engy.com> on 2007/05/30 08:36:39 UTC
Apache2 mod_ssl with HSM support
Hello,
I'd like to start a discussion about Hardware Security Module (HSM)
support for
mod_ssl. You may know that OpenSSL supports different HW engines. There
is also
support for PKCS#11 devices, a standard for communication with crypto
devices -
e.g. HSMs or Smartcards. Some HSM vendors support mod_ssl and their HSM
with a
modified OpenSSL/mod_ssl version. But support is limited to 1.3.X
versions of Apache as
far as we know.
There seems to be no standard interface for mod_ssl with HSM
support for private key protection and operations. We decided to extend
mod_ssl
for usage with an HSM. We have a first prototype ("prealpha") with
limited
functionality now.
The limitations:
- Supports only one virtual host
- Supports no keys from files at the moment
- Loads HSM PIN from the OpenSSL.cnf file (No handler implemented at the
moment)
- Certificate comes from file (not really a limitation...)
What it does:
- Private key is no longer in a file, it's in the secure HSM store
- Private key operations are processed on the HSM
The HSM configuration happens in the OpenSSL.cnf file. In httpd_ssl.conf
we introduced two additional parameters.
Path to the OpenSSL config (Module global):
SSLEngineConfig C:/Apache22/conf/openssl.cnf
Reference describing the private key (Per virtual host):
SSLCertificateKeyReference
pkcs11#slot_0-id_65A0A10FFCE5B514CC228640C85373BB92C2DCD4
The reference descriptor has the following format:
<engineName>#<keyIdentifier>
<engineName> refers to the engine defined in openssl.cnf. The
<keyIdentifier>
part depends on the engine referred before. This two chunks are
separated with
'#'. In the sample above we address a PKCS#11 device and use the private
key
with id 65A0A10FFCE5B514CC228640C85373BB92C2DCD4 on slot 0. A sample
file of the
OpenSSL config is attached at the end of this post.
Is it of interest to add HSM support to mod_ssl for private key
protection in
further versions of mod_ssl? Is there already an intention to implement
this? If
it is of interest and there are no plans to implement support, it would
be great to have a
discussion here how to do that.
Kind regards
Dan
OpenSSL config file:
# PKCS11 engine config##################################################
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = "C:\\Apache22\\bin\\engine_pkcs11.dll"
MODULE_PATH = "C:\\Programme\\Eracom\\ProtectToolkit C
SDK\\bin\\hsm\\cryptoki.dll"
PIN = "11223344"
init = 0
Re: Apache2 mod_ssl with HSM support
Posted by Sander Temme <sc...@apache.org>.
On May 29, 2007, at 11:36 PM, Apache Devel wrote:
> I'd like to start a discussion about Hardware Security Module (HSM)
> support for
> mod_ssl. You may know that OpenSSL supports different HW engines.
> There
> is also
> support for PKCS#11 devices, a standard for communication with crypto
> devices -
> e.g. HSMs or Smartcards. Some HSM vendors support mod_ssl and their
> HSM
> with a
> modified OpenSSL/mod_ssl version. But support is limited to 1.3.X
> versions of Apache as
> far as we know.
That's not entirely correct. Apache 2.0.x has experimental support
for hardware crypto engines, and in Apache 2.2 that support is no
longer experimental.
I agree though that Apache tends to think of certificates and keys
very much as PEM files on disk and not really anything else, which
stands in the way of working with HSMs in general. Even with that
limitation, HSM support works with Apache for instance with nCipher's
nShield and netHSM products (Disclosure: I work for nCipher).
> There seems to be no standard interface for mod_ssl with HSM
> support for private key protection and operations. We decided to
> extend
> mod_ssl
> for usage with an HSM. We have a first prototype ("prealpha") with
> limited
> functionality now.
That sounds interesting. I think it is a good idea that mod_ssl grow
capabilities to deal with key material other than PEM files on disk.
> The limitations:
> - Supports only one virtual host
That would probably be a necessity.
> - Supports no keys from files at the moment
Meaning you completely hacked that out, or just not in conjunction
with HSM contained keys? We obviously couldn't do without the default
PEM-files-on-disk case.
> - Loads HSM PIN from the OpenSSL.cnf file (No handler implemented
> at the
> moment)
We *have* the passphrase dialog implementation for encrypted key
files... could we leverage that to make the server ask for
passphrases or PINs for HSM keys? That would not only benefit the
P11 case, but also the existing CHIL support for the nCipher HSMs.
> - Certificate comes from file (not really a limitation...)
Technically not, since the certificate is not sensitive data, but it
could present problems from a management point of view. If you have
multiple SSL hosts, how do you keep a particular certificate and its
key together, and how would your successor or the remote hands guy in
the data center at 3AM work that?
> What it does:
> - Private key is no longer in a file, it's in the secure HSM store
> - Private key operations are processed on the HSM
Which is where we want them. Awesome.
Did you intend to submit your patch for inclusion in the Apache
code? Care to post some code so we can discuss it? It'd be easiest
to discuss if you generated a patch against the Apache development
trunk <http://svn.apache.org/repos/asf/httpd/httpd/trunk> instead of
2.2.
Regards,
Sander
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Apache2 mod_ssl with HSM support
Posted by Register Team NI <no...@native-instruments.de>.
Dear customer,
Thank you for your message. Due to the extraordinarily large number of
e-mails that we are currently receiving, it might take us up to several
days to reply to your request. We thank you for your patience and understanding,
and will get back to you as soon as possible.
With kind regards,
Your NATIVE INSTRUMENTS Registration Team
Re: Apache2 mod_ssl with HSM support
Posted by Rob Crittenden <rc...@redhat.com>.
Marc Stern wrote:
> What was the goal to derivate from mod_ssl ?
The goal was to make an Apache SSL module using NSS as the crypto
engine. I saw no point in re-inventing the wheel so used mod_ssl as a
starting point.
> Is NSS better than OpenSSL ?
Both serve their purposes, choice is good. I work on the Fedora
Directory Server and a need existed for an SSL-enabled web server. It
made sense to use Apache but FDS uses NSS and rather than confusing
things by having 2 separate SSL libraries I wrote mod_nss.
> If so, why not implementing everything from
> mod_ssl with NSS and stick to it ?
I'm not sure what you're asking here. I'm not in any position to say
library or module A is better than B. Use what fits your needs.
> Was the goal to provide new features, like OCSP ? If so, why not
> implement them in mod_ssl ?
OCSP is a switch in NSS so all enabling it required was adding a
configuration option to the module. PKCS#11 is the same way, it just
came along for free with NSS.
> (Btw, a patch to add OCSP is waiting for approval - see
> http://issues.apache.org/bugzilla/show_bug.cgi?id=41123)
Thanks for the pointer.
regards
rob
Re: Apache2 mod_ssl with HSM support
Posted by Marc Stern <ma...@approach.be>.
What was the goal to derivate from mod_ssl ?
Is NSS better than OpenSSL ? If so, why not implementing everything from
mod_ssl with NSS and stick to it ?
Was the goal to provide new features, like OCSP ? If so, why not
implement them in mod_ssl ?
(Btw, a patch to add OCSP is waiting for approval - see
http://issues.apache.org/bugzilla/show_bug.cgi?id=41123)
Tahnks
Marc
Rob Crittenden wrote:
> Marc Stern wrote:
>> What are the advantages/disadvantages between mod_ssl & mod_nss ?
>>
>> Marc
>>
>
> mod_ssl has the advantage that it is in wide use and has had many
> eyeballs on it. It is feature-rich and performs well.
>
> mod_nss is a derivative of the mod_ssl from Apache 2.0.52 (plus a few
> updates here and there). The OpenSSL calls were ripped out and
> replaced with equivalent NSS calls. So feature-wise it generally has
> parity.
>
> Notable differences include:
>
> mod_ssl allows one to configure the depth of the certificate chain of
> a certificate (SSLVerifyDepth). mod_nss checks only the leaf.
>
> mod_nss has support for OCSP
>
> mod_nss has support for PKCS#11
>
> mod_ssl uses discrete files for certificates and keys. mod_nss uses a
> NSS database. Some find this less convenient.
>
> The OpenSSL command-line tools are better documented and come with man
> pages. The NSS command-line tools have some online documentation but
> no man pages.
>
> mod_ssl supports DSA server certificates, mod_nss does not.
>
> mod_nss has a FIPS mode that sets the security policy. NSS 3.11.4 is
> currently in FIPS 140-2 review now. Individuals will still need to be
> sure that the security policy is adhered to. mod_nss helps by not
> allowing non-FIPS ciphers to be enabled when NSSFIPS is on. The policy
> document can be found at
> http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf
>
> rob
Re: Apache2 mod_ssl with HSM support
Posted by Rob Crittenden <rc...@redhat.com>.
Marc Stern wrote:
> What are the advantages/disadvantages between mod_ssl & mod_nss ?
>
> Marc
>
mod_ssl has the advantage that it is in wide use and has had many
eyeballs on it. It is feature-rich and performs well.
mod_nss is a derivative of the mod_ssl from Apache 2.0.52 (plus a few
updates here and there). The OpenSSL calls were ripped out and replaced
with equivalent NSS calls. So feature-wise it generally has parity.
Notable differences include:
mod_ssl allows one to configure the depth of the certificate chain of a
certificate (SSLVerifyDepth). mod_nss checks only the leaf.
mod_nss has support for OCSP
mod_nss has support for PKCS#11
mod_ssl uses discrete files for certificates and keys. mod_nss uses a
NSS database. Some find this less convenient.
The OpenSSL command-line tools are better documented and come with man
pages. The NSS command-line tools have some online documentation but no
man pages.
mod_ssl supports DSA server certificates, mod_nss does not.
mod_nss has a FIPS mode that sets the security policy. NSS 3.11.4 is
currently in FIPS 140-2 review now. Individuals will still need to be
sure that the security policy is adhered to. mod_nss helps by not
allowing non-FIPS ciphers to be enabled when NSSFIPS is on. The policy
document can be found at
http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf
rob
Re: Apache2 mod_ssl with HSM support
Posted by Marc Stern <ma...@approach.be>.
What are the advantages/disadvantages between mod_ssl & mod_nss ?
Marc
Re: Apache2 mod_ssl with HSM support
Posted by Rob Crittenden <rc...@redhat.com>.
Marc Stern wrote:
> That would definitely be a good thing.
> More and more servers are using a HSM, and we only can suggest to our
> customers who want to do so to use a commercial server like IIS.
>
> Marc
mod_nss uses NSS as the crypto library instead of OpenSSL and supports
PKCS#11 drivers out-of-the-box. Once the module is loaded hardware
tokens are treated just like software tokens, you just may have to
address them slightly differently (token:nickname). Works with Apache
2.0.x and 2.2.x.
http://directory.fedoraproject.org/wiki/Mod_nss
rob
Re: Apache2 mod_ssl with HSM support
Posted by Marc Stern <ma...@approach.be>.
That would definitely be a good thing.
More and more servers are using a HSM, and we only can suggest to our
customers who want to do so to use a commercial server like IIS.
Marc