Apache2 與 Nginx 移除 SSLv2、SSLv3 支援

SSL (v2、v3) 最近有些安全性問題產生, 建議 Web Server 和瀏覽器都不要支援 SSLv2 和 SSLv3, 那到底有何影響? 又該怎麼做呢?

Apache2 與 Nginx 移除 SSLv2、SSLv3 支援

關於 SSL 3.0 的問題, 可見此篇 PDF: This POODLE Bites : Exploiting The SSL 3.0 Fallback

關於此安全問題, 於 Web Server 的解決方式, 建議是將 SSLv2 和 SSLv3 都關閉, 因為現在瀏覽器都已經支援 TLS 1.0 以上, 所以不會有影響. (註: 可見下篇 Wiki 統計圖表)

• 詳細可見此篇: Transport Layer Security - Wikipedia, the free encyclopedia
  1. SSL 1.0 - n/a
  2. SSL 2.0 - 1995
  3. SSL 3.0 - 1996
  4. TLS 1.0 - 1999
  5. TLS 1.1 - 2006
  6. TLS 1.2 - 2008
  7. TLS 1.3 - TBD
  8. 連 IE6 都有支援 TLS 1.0 了, 所以不用擔心.

Nginx、Apache 關閉 SSLv2、SSLv3 的設定方式

既然是這樣子, 那 Web Server 要如何將 SSLv2 和 SSLv3 關閉呢? 下述文章有寫設定方式:

• Microsoft Security Bulletin MS12-006 - 重要 - Microsoft IIS
• Mozilla's Server Site TLS guidelines - Apache、Nginx、HAProxy、Go.. 等 該如何設定
• Protecting Servers against POODLE - Disabling SSLv3 Support on Servers - 這篇有將各種有關的設定方式都列出來(Apache、Nginx、IIS、HAProxy、Postfix... 等)
• Disabling SSLv3 and SSLv2 in Tomcat and JBoss Web - Red Hat Customer Portal
• Mozilla SSL Configuration Generator

在此針對 Nginx 和 Apache 關閉 SSLv2 和 SSLv3 的設定方式:

• Nginx 於 SSL 的設定檔內, 加上此段內容
  • ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
• Apache 2.2.22 版 以前, 於 SSL 的設定檔內, 加上此段內容
  • SSLProtocol TLSv1
• Apache 2.2.23 版 以後, 於 SSL 的設定檔內, 加上此段內容
  • SSLProtocol ALL -SSLv2 -SSLv3
• Apache + mod_nss 於 SSL 的設定檔內, 加上此段內容
  • NSSProtocol TLSv1.0,TLSv1.1
• 設定完成後, restart web server 即可.

額外加強部份, SSLCipherSuite 可以設定下述: (下述採用 Mozilla 建議的 Intermediate compatibility)

• Apache 建議加上 (可以加於 VirtualHost 裡面, 或者 /etc/apache2/mods-enabled/ssl.conf 對所有 Global SSL 設定)
  • SSLProtocol all -SSLv2 -SSLv3 -TLSv1
  • SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  • SSLHonorCipherOrder on
• Nginx 建議加上
  • ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  • ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  • ssl_prefer_server_ciphers on;

上述設定的 SSLCipherSuite 代表什麼意思? 可以用下述命令(openssl cipchers -v) 測試看看:

• openssl ciphers -v 'TLSv1'
• openssl ciphers -v 'SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM'
• openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv3'
  openssl ciphers -v 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'
• Mozilla 建議可以用 Modern compatibility: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
• Mozilla 建議可以用 Intermediate compatibility (default): ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
• 不建議使用: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSL 測試驗證工具

設定前後, 有些工具可以做測試, 看看是否有正確關閉 SSLv2、SSLv3.

• Qualys SSL Labs - Projects / SSL Server Test
• Test your web server for SSLv2 - 這個可以很快速的看到結果
• 使用 CipherScan 於 CLI 檢查, 操作方式如下:
  1. git clone https://github.com/jvehent/cipherscan
  2. cd cipherscan
  3. ./cipherscan example.com:443
• openssl s_client -connect example.com:443 -status

相關網頁

• Trustworthy Internet Movement - SSL Pulse - 數字統計
• Security Labs: RC4 in TLS is Broken: Now What? | Qualys Community
• Disable SSLv2 and SSLv3 in Apache
  • The replacement for SSLv3 was TLS 1.0. We now have TLS 1.0, 1.1, and 1.2.
  • In fact, no modern browsers or mobile devices need SSLv3 – not even IE 8 on Windows XP!
• ssl - Apache disable SSLv2 SSLv3 - Unix & Linux Stack Exchange - 下述摘錄自此篇
  • For OpenSuSE only, add the following into your /etc/apache2/ssl-global.conf
  • <IfDefine SSL>
    <IfDefine !NOSSL>
    <IfModule mod_ssl.c>
    #Your other stuff
    SSLProtocol All -SSLv2 -SSLv3
    </IfModule>
    </IfDefine>
    </IfDefine>
• 用 CipherScan 在 command line 下檢查系統
• Why doesn't the TLS protocol work without the SSLv3 ciphersuites?
  • Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are flagged with
    SSLv3. No new ciphers were added by TLSv1.1
• SSL/TLS for the Pragmatic - Quelques digressions sous GPL...
• MS12-006 - 重要SSL/TLS 中的資訊安全風險可能會導致資訊洩漏 - Microsoft IIS
• 檢測網站 HTTPS 是否使用比較弱的 SHA-1 憑證