In my opinion it gets more and more important to secure Internet services using standards like TLS.
I try to summarize some things I did in the last few days to have my services more secure.
Certificates
To get startet with asymmetric (public/private key) security, a signed public key, also called certificate, is needed. There are many ways to get one: Self-signed certificates (not recommended), free certificates from Cacert (also not recommended, the CA (Certificate authority) is mostly unknown to browsers), free or paid certificates from StartSSL or
commercial certificates f.e. from GOGETSSL.
I decided to get my certificates from StartSSL. They are cheap and most browsers know the CA. You pay once and after the verification process (you need to send a copy of your passport and the drivers license, and they will call you to verify if it's really you) certificates can be created for free for one year. Certificates are valid for two years.
It's strongly recommended to create the private key and the certificate request on your server (and not use the webinterface):
- Key:
openssl genrsa -out my-ssl.key 2048
- Certificate request:
openssl req -new -key my-ssl.key -out mydomain.ch.csr
Then use the generated certificate request to get a signed certificate on StartSSL following the instructions on the webpage.
Webserver (Apache)
The standard way on Apache is to use mod_ssl
. There are many tutorials on the Internet, so I won't rewrite it here. Just a few hints for using class 2 certificates (the paid ones):
- Follow the StartSSL how to: Apache Web Server
- The class 2 intermediate certificate is available here: sub.class2.server.ca.pem
- And the CA certificate: ca.pem
- It's easier to have wildcard certificates (
CN=*.domain.ch
) than domain specific ones, but they are limited to one sublevel (subtwo.sub.domain.ch
would not match)
Choosing the correct cipher suite is very important. The Mozilla wiki has a list of recommended cipher suites.
Here is an example configuration for Apache on Debian:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.ch.pem
SSLCertificateKeyFile /etc/ssl/private/domain.ch.key
SSLCertificateChainFile /etc/ssl/certs/sub.class2.server.ca.pem
SSLCACertificateFile /etc/ssl/certs/startssl-ca.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
Header add Strict-Transport-Security "max-age=15768000"
SSLCipherSuite 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK'
Here we define:
- Only TLS is used (no SSL)
- The server has precedence in choosing the cipher suite order
- Disable SSL compression, which should not be enabled (insecure)
- Add the HSTS (HTTP Strict Transport Security) header
- Define the cipher suites (taken from the Mozilla wiki)
HSTS tells the browser to visit this website only via HTTPS for the next 15768000 seconds (182.5 days). Only activate this if you are sure everything is fine with the TLS setup. Wikipedia has more information about HSTS.
To test the webserver configuration, Qualy SSL Labs provides a really nice service: SSL Server Test
If everything looks fine, I recommend to redirect all traffic on the HTTP Vhost to the HTTPS VHost:
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>
Kolab
Kolab has recently released a guide to make the configuration more secure and use SSL/TLS all over the place. It's not yet perfect, but a good starting point: HOWTO: Secure all Kolab Services. I've opened a pull request to fix some issues when using Debian.
Firefox
Until Firefox 26 TLSv1.2 has to be enabled manually, Firefox 27 has TLSv1.2 enabled by default. For a how to see this nice blog post:
Improving Firefox SSL/TLS Security
More resources
A group of security experts is creating a guide to have better crypto configuration. Have a look at it here: BetterCrypto⋅org
I was heavily inspired by indero to write this blog article. Thanks!