Introduction
It is necessary to keep security of HTTPS servers adequate to modern threats. Because new breaches and weaknesses in cryptographic algorithms and protocols are constantly discovered. Moreover, default settings of web servers and operating systems not always provide acceptable level of SSL/TLS security. This article aims to provide guidance about how to configure Linux and Windows web servers to provide good level of SSL/TLS security on Odin Automation UI servers.
It is based on SSL/TLS Deployment Best Practices from Qualys SSLLabs.
Scope
This guide contains instructions how to configure SSL/TLS on Odin Automation servers:
OSA Branding server
BA Application server
Branding UI server
Online store
- NG Web Servers
Please use the following KB article to know how to disable SSLv3 on Qmail servers inside OSA infrastructure.
SSL/TLS Weakneses
The table below lists weaknesses which mitigations are addressed by this article.
Weakness | Mitigation | |
---|---|---|
Using RSA for key exchange is bad for two reasons:
* It lacks forward secrecy * ROBOT attack | Disable TLS_RSA cipher suites | |
Sweet32 attack | Disable 3DES cipher suites | |
Enabled SSLv3 is a weakness because it is broken due to CVE-2014-3566(POODLE attack). | Disable SSLv3 | |
Enabled SSLv2 is a weakness because it is broken. | Disable SSLv2 | |
Insecure/broken algorithms used in ciphers (RC4) | Disable broken ciphers and algorithms | |
Small entropy ciphers (DES, 3DES)
* The entropy of 128bits for keys is recommended nowadays. * 96bits entropy can be tolerable, though. * 3DES/168 has actual entropy of 112bits. |
Disable or de-prioritise ciphers
It is better to not disable 3DES/168bits in order to support IE on Windows XP |
|
Anonymous key negotiation protocols (ADH) | Rare situation. Specify proper ciphers to use in Apache | |
CRIME vulnerability (and its successors like TIME, etc) | Disable TLS traffic compression | |
BEAST vulnerability | Do nothing on server side | |
SSL insecure renegotiation | (Apache) Check that latest update for used version of Apache is installed | |
FREAK vulnerability | install updates and/or disable weak ciphers |
Testing SSL/TLS Security
It is not necessary that all steps described in this article be applied to all servers. Test your web servers and fix those that actually demonstrate weaknesses or vulnerabilities. The best and preferred way to assess security of SSL configuration of the web server is to use Qualys SSL Labs' test: https://www.ssllabs.com/ssltest. The mark A denote reasonably good security level. Scores lower than B require appropriate mitigation steps.Unfortunately, SSL Labs' test cannot be applied to web servers that are not available from Internet. Use TestSSLServer tool for testing ciphers strength and CRIME vulnerability on servers in your lab (requires Java).
Basic test recommendations for "offline" testing:
- Ensure certificate is up-to-date and issued by trusted authority
- Ensure SSLv2 is disabled
- Ensure SSLv3 is disabled too
- Check RC4 cipher is not used
- Check 3DESD and DES cipher are not used
- Check TLS_RSA ciphers are not used
- Check CRIME is mitigated
Examples:
TestSSLServer output for Windows 2008 R2 server with default configuration. The yellow-marked text points out to insecure protocols (SSLv2 and SSLv3) and ciphers (RC4) that should be disabled. It is no longer recommended to mitigate BEAST attack on server side so we do not pay attention to respective vulnerable mark.
Supported versions: SSLv2 SSLv3 TLSv1.0 Deflate compression: no Supported cipher suites (ORDER IS NOT SIGNIFICANT): SSLv2 RC4_128_WITH_MD5 DES_192_EDE3_CBC_WITH_MD5 SSLv3 RSA_WITH_RC4_128_MD5 RSA_WITH_RC4_128_SHA RSA_WITH_3DES_EDE_CBC_SHA TLSv1.0 RSA_WITH_RC4_128_MD5 RSA_WITH_RC4_128_SHA RSA_WITH_3DES_EDE_CBC_SHA RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA .---------------------- Server certificate(s): 0c6e6854baa0323d862c3e41787213e6d8e4006a: CN=10.31.104.33, O=Parallels, C=US .---------------------- Minimal encryption strength: strong encryption (96-bit or more) Achievable encryption strength: strong encryption (96-bit or more) BEAST status: vulnerable CRIME status: protected
Apache on CentOS 5.3 server (OSA 5.5). CRIME is not mitigated.
Supported versions: SSLv3 TLSv1.0 Deflate compression: YES Supported cipher suites (ORDER IS NOT SIGNIFICANT): SSLv3 RSA_WITH_3DES_EDE_CBC_SHA DHE_RSA_WITH_3DES_EDE_CBC_SHA RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA (TLSv1.0: idem) .--------------------- Server certificate(s): d04135719197cefa8f601f2cf3d1ed055df41afd: CN=cp.parallelscloud.com, OU=EssentialSSL, OU=Domain Control Validated .---------------------- Minimal encryption strength: strong encryption (96-bit or more) Achievable encryption strength: strong encryption (96-bit or more) BEAST status: vulnerable CRIME status: vulnerable
Important note: Even if during initial deployment TestSSLServer was used it is still necessary to run ssltest when a web server become open into Internet. SSL Lab's test provides much more comprehensive checks, including server certificate strength and trustablity, testing for compatibility with different browsers, more known vulnerabilities.
Windows 2008 Mitigations
Windows 2008 R2 allows broken SSLv2, SSLv3 and weak ciphers for server-side SSL/TLS connections by default.
Mitigation steps:
Upload attached fixDisableWeakCiphers.reg file onto web server machine
Double click on it, and allow operating system to update registry
- Restart computer
For more information about meanings of registry settings used, see http://support.microsoft.com/kb/245030.
Linux Mitigations
Weak Cipher and Protocols
Apply following steps, when you have encountered SSLv2, SSLv3, RC4, DES, ADH among list of supported protocols and ciphers by a server during testing.
It is required to switch off weak protocols globally across the web server on each Webhosting, Branding or Online Store node.
The table below contains names of configuration files and reload commands depending on type of server you work with.
Server type | Config file | Restart command |
---|---|---|
OSA Legacy SH | /usr/local/pem/etc/apache/httpd.conf_pem.override | service pemhttpd reload |
OSA SH NG | /etc/httpd/conf.d/ng_custom.conf | service httpd reload |
OSA Branding UI host | /etc/httpd/conf.d/ssl.conf | service httpd reload |
BA Application Server | /etc/httpd/conf.d/ssl.conf | service httpd reload |
Store | /etc/httpd/conf.d/ssl.conf | service httpd reload |
Add (or modify) following mod_ssl options in SSL/TLS configuration of Apache web server:
SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!ADH:!RC4:!aNULL:!eNULL:!EXP:!MEDIUM:!LOW:!MD5
Note: In
httpd.conf_pem.override
andng_custom.conf
options must be inserted in following form:<IFMODULE mod_ssl.c> SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!ADH:!RC4:!aNULL:!eNULL:!EXP:!MEDIUM:!LOW:!MD5 </IFMODULE>
Branding UI specific configuration (OAP 7.*):
Starting from OAP 7.0 a new role for deployment of new host became available - Branding UI node. A set of directive must be inserted to file
ssl.conf
before default VirtualHost definition like below:<IFMODULE mod_ssl.c> SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!ADH:!RC4:!aNULL:!eNULL:!EXP:!MEDIUM:!LOW:!MD5 </IFMODULE> ... <VirtualHost _default_:443> ...
NG specific configuration:
Edit config
/etc/httpd/conf/httpd.conf
and set it as below:<IfModule ssl_module> Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLSessionCache none SSLMutex "file:/etc/httpd/logs/ssl_mutex" SSLEngine off SSLCipherSuite HIGH:!ADH:!RC4:!aNULL:!eNULL:!EXP:!MEDIUM:!LOW:!MD5 NameVirtualHost *:443 <VirtualHost *:443> SSLEngine on SSLProxyEngine on SSLPOACertificateStorage on SSLProtocol all -SSLv2 -SSLv3 SSLOptions +StdEnvVars </VirtualHost> </IfModule>
- Reload Apache configuration
CRIME Vuln. Mitigation
Here is mitigation steps for CentOS 5, 6 and CloudLinux 6:
Add the line below in Apache init script
export OPENSSL_NO_DEFAULT_ZLIB=1
Note: In file /etc/init.d/pemhttpd the line should be inserted after interpreter declaration, like here:
#!/bin/sh # # pemapache Start/Stop the pemapache PEM service. # # chkconfig: 2345 80 20 # description: pemapache is a SWsoft PEM service # export OPENSSL_NO_DEFAULT_ZLIB=1 ..
- Restart Apache service
The table below contains names of proper files and restart commands depending on type of server you work with:
Server type | Init file | Restart command |
---|---|---|
OSA Legacy SH | /etc/init.d/pemhttpd | service pemhttpd restart |
OSA SH NG | /etc/sysconfig/httpd | service httpd restart |
BA Application Server | /etc/sysconfig/httpd | service httpd restart |
Store | /etc/sysconfig/httpd | service httpd restart |