SSL/TLS Strong Encryption in Apache

Objective

Create an Apache web server which accepts strong encryption only.

The following will provide a strong SSL security compatible with all modern browsers. In short, they set a strong Forward Secrecy enabled ciphersuite, they disable SSLv2 and SSLv3, and enable OCSP Stapling.

Solution

Edit your Apache configuration file/etc/apache2/conf.d/ssl.conf and add the following:

SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Use the following online tools to remotely check your site for which protocols and cipher suites it permits:

The following enables only the strongest ciphers:

SSLCipherSuite HIGH:!aNULL:!MD5

While with the following configuration you specify a preference for specific speed-optimized ciphers (which will be selected by mod_ssl, provided that they are supported by the client):

SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on

When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client’s preference is used. If the SSLHonorCipherOrder directive is enabled, the server’s preference will be used instead.

The CRIME attack uses SSL Compression in its exploit, so we can choose to disable that

SSLCompression off

The Online Certificate Status Protocol (OCSP) is a mechanism for determining whether or not a server certificate has been revoked, and OCSP Stapling is a special form of this in which the server, such as httpd and mod_ssl, maintains current OCSP responses for its certificates and sends them to clients which communicate with the server. Most certificates contain the address of an OCSP responder maintained by the issuing Certificate Authority, and mod_ssl can communicate with that responder to obtain a signed response that can be sent to clients communicating with the server.

Because the client can obtain the certificate revocation status from the server, without requiring an extra connection from the client to the Certificate Authority, OCSP Stapling is the preferred way for the revocation status to be obtained. Other benefits of eliminating the communication between clients and the Certificate Authority are that the client browsing history is not exposed to the Certificate Authority and obtaining status is more reliable by not depending on potentially heavily loaded Certificate Authority servers.

Because the response obtained by the server can be reused for all clients using the same certificate during the time that the response is valid, the overhead for the server is minimal.

Once general SSL support has been configured properly, enabling OCSP Stapling generally requires only very minor modifications to the httpd configuration — the addition of these two directives:

SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(128000)"

My System Configuration

  • CentOS 7
  • Apache 2.4

References

Leave a Reply

Your email address will not be published. Required fields are marked *