SSL (v2、v3) 最近有些安全性問題產生, 建議 Web Server 和瀏覽器都不要支援 SSLv2 和 SSLv3, 那到底有何影響? 又該怎麼做呢?
Apache2 與 Nginx 移除 SSLv2、SSLv3 支援
關於 SSL 3.0 的問題, 可見此篇 PDF: This POODLE Bites : Exploiting The SSL 3.0 Fallback
關於此安全問題, 於 Web Server 的解決方式, 建議是將 SSLv2 和 SSLv3 都關閉, 因為現在瀏覽器都已經支援 TLS 1.0 以上, 所以不會有影響. (註: 可見下篇 Wiki 統計圖表)
- 詳細可見此篇: Transport Layer Security - Wikipedia, the free encyclopedia
- SSL 1.0 - n/a
- SSL 2.0 - 1995
- SSL 3.0 - 1996
- TLS 1.0 - 1999
- TLS 1.1 - 2006
- TLS 1.2 - 2008
- TLS 1.3 - TBD
- 連 IE6 都有支援 TLS 1.0 了, 所以不用擔心.
Nginx、Apache 關閉 SSLv2、SSLv3 的設定方式
既然是這樣子, 那 Web Server 要如何將 SSLv2 和 SSLv3 關閉呢? 下述文章有寫設定方式:
- Microsoft Security Bulletin MS12-006 - 重要 - Microsoft IIS
- Mozilla's Server Site TLS guidelines - Apache、Nginx、HAProxy、Go.. 等 該如何設定
- Protecting Servers against POODLE - Disabling SSLv3 Support on Servers - 這篇有將各種有關的設定方式都列出來(Apache、Nginx、IIS、HAProxy、Postfix... 等)
- Disabling SSLv3 and SSLv2 in Tomcat and JBoss Web - Red Hat Customer Portal
- Mozilla SSL Configuration Generator
在此針對 Nginx 和 Apache 關閉 SSLv2 和 SSLv3 的設定方式:
- Nginx 於 SSL 的設定檔內, 加上此段內容
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- Apache 2.2.22 版 以前, 於 SSL 的設定檔內, 加上此段內容
- SSLProtocol TLSv1
- Apache 2.2.23 版 以後, 於 SSL 的設定檔內, 加上此段內容
- SSLProtocol ALL -SSLv2 -SSLv3
- Apache + mod_nss 於 SSL 的設定檔內, 加上此段內容
- NSSProtocol TLSv1.0,TLSv1.1
- 設定完成後, restart web server 即可.
額外加強部份, SSLCipherSuite 可以設定下述: (下述採用 Mozilla 建議的 Intermediate compatibility)
- Apache 建議加上 (可以加於 VirtualHost 裡面, 或者 /etc/apache2/mods-enabled/ssl.conf 對所有 Global SSL 設定)
- SSLProtocol all -SSLv2 -SSLv3 -TLSv1
- SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- SSLHonorCipherOrder on
- Nginx 建議加上
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
- ssl_prefer_server_ciphers on;
上述設定的 SSLCipherSuite 代表什麼意思? 可以用下述命令(openssl cipchers -v) 測試看看:
- openssl ciphers -v 'TLSv1'
- openssl ciphers -v 'SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM'
- openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv3'
openssl ciphers -v 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK' - Mozilla 建議可以用 Modern compatibility: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
- Mozilla 建議可以用 Intermediate compatibility (default): ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- 不建議使用: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSL 測試驗證工具
設定前後, 有些工具可以做測試, 看看是否有正確關閉 SSLv2、SSLv3.
- Qualys SSL Labs - Projects / SSL Server Test
- Test your web server for SSLv2 - 這個可以很快速的看到結果
- 使用 CipherScan 於 CLI 檢查, 操作方式如下:
- git clone https://github.com/jvehent/cipherscan
- cd cipherscan
- ./cipherscan example.com:443
- openssl s_client -connect example.com:443 -status
相關網頁
- Trustworthy Internet Movement - SSL Pulse - 數字統計
- Security Labs: RC4 in TLS is Broken: Now What? | Qualys Community
- Disable SSLv2 and SSLv3 in Apache
- The replacement for SSLv3 was TLS 1.0. We now have TLS 1.0, 1.1, and 1.2.
- In fact, no modern browsers or mobile devices need SSLv3 – not even IE 8 on Windows XP!
- ssl - Apache disable SSLv2 SSLv3 - Unix & Linux Stack Exchange - 下述摘錄自此篇
- For OpenSuSE only, add the following into your /etc/apache2/ssl-global.conf
- <IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
#Your other stuff
SSLProtocol All -SSLv2 -SSLv3
</IfModule>
</IfDefine>
</IfDefine>
- 用 CipherScan 在 command line 下檢查系統
- Why doesn't the TLS protocol work without the SSLv3 ciphersuites?
- Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are flagged with
SSLv3. No new ciphers were added by TLSv1.1
- Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are flagged with
- SSL/TLS for the Pragmatic - Quelques digressions sous GPL...
- MS12-006 - 重要SSL/TLS 中的資訊安全風險可能會導致資訊洩漏 - Microsoft IIS
- 檢測網站 HTTPS 是否使用比較弱的 SHA-1 憑證
"Mozilla SSL Configuration Generator" 這篇連結空空,感謝。
連結前面多一個空白, 就全爛掉了, 已經修復~ 感謝提醒~ 😀