Securing Communications with your Apache HTTP Server. Lars Eilebrecht

Similar documents
The State of TLS in httpd 2.4. William A. Rowe Jr.

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

BIG-IP System: SSL Administration. Version

Digital Certificates Demystified

Public-key Infrastructure

SSL Report: bourdiol.xyz ( )

Public-Key Infrastructure (PKI) Lab

BIG-IP System: SSL Administration. Version

Public-key Infrastructure

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

SSL Accelerated Services. Feature Description

Your Apache ssl.conf in /etc/httpd.conf.d directory has the following SSLCertificate related directives.

SSL Report: printware.co.uk ( )

How to Set Up External CA VPN Certificates

SSL Report: ( )

SSL, Credit Card Transactions. CS174 Chris Pollett Nov. 5, 2007.

SSL Report: sharplesgroup.com ( )

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

SSL Report: cartridgeworld.co.uk ( )

Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018

eroaming platform Secure Connection Guide

Overview. SSL Cryptography Overview CHAPTER 1

Managing Certificates

Key Management and Distribution

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

But where'd that extra "s" come from, and what does it mean?

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

CP860, SIP-T28P, SIP-T26P, SIP-T22P, SIP-T21P, SIP-T20P, SIP-T19P, SIP-T46G, SIP-T42G and SIP-T41P IP phones running firmware version 71 or later.

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Transport Level Security

Securing IoT applications with Mbed TLS Hannes Tschofenig

13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S

Configuring SSL. SSL Overview CHAPTER

Bugzilla ID: Bugzilla Summary:

How to Configure SSL Interception in the Firewall

IBM i Version 7.2. Security Digital Certificate Manager IBM

Oracle HTTP Server ( 단일도메인 ) SSL 인증서갱신설치가이드 본문서는주식회사한국기업보안에서 SSL 보안서버인증서설치를위해작성된문서로 주식회사한국기업보안의동의없이무단으로사용하실수없습니다. [ 고객센터 ] 한국기업보안. 유서트기술팀

Findings for

Configuring SSL CHAPTER

SSL/TLS Server Test of

Configuring SSL. SSL Overview CHAPTER

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Cross Signed Certificate SSL Server Configuration. Status: in Arbeit in Prüfung genehmigt zur Nutzung x

Information Security CS 526

CA Nimsoft Unified Management Portal

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N Rev 01 July, 2012

How to Configure SSL Interception in the Firewall

HTTPS Setup using mod_ssl on CentOS 5.8. Jeong Chul. tland12.wordpress.com. Computer Science ITC and RUPP in Cambodia

Public Key Infrastructure. What can it do for you?

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Overview of TLS v1.3 What s new, what s removed and what s changed?

Apache Security with SSL Using FreeBSD

Managing Certificates

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

SSL/TLS Security Assessment of e-vo.ru

Exinda How To Guide: SSL Acceleration. Exinda ExOS Version Exinda Networks, Inc.

mobilefish.com Create self signed certificates with Subject Alternative Names

HOST LINKS SSL G&R. Using SSL for security with G&R products.

Displaying SSL Configuration Information and Statistics

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

CA Nimsoft Unified Management Portal

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Key management. Pretty Good Privacy

SSL/TLS Deployment Best Practices

HP ALM. Software Version: External Authentication Configuration Guide

Coding & Information Theory Lab.

Certificate Renewal on Cisco Identity Services Engine Configuration Guide

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Security Digital Certificate Manager

How to Enable Client Certificate Authentication on Avi

ALM. External Authentication Configuration Guide. Software Version: Go to HELP CENTER ONLINE

X.509 and SSL. A look into the complex world of X.509 and SSL USC Linux Users Group 4/26/07

ECE 646 Lecture 3. Key management

LET S ENCRYPT WITH PYTHON WEB APPS. Joe Jasinski Imaginary Landscape

A Brief Tour of Apache

Public Key Enabling Oracle Weblogic Server

State of TLS usage current and future. Dave Thompson

Using Cryptography CMSC 414. October 16, 2017

Certificate Management in Cisco ISE-PIC

Secure Communication with TLS

Manage Certificates. Certificate Management in Cisco ISE. Certificates Enable Cisco ISE to Provide Secure Access

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Managing SSL certificates in the ServerView Suite

Bacula. Ana Emília Machado de Arruda. Protegendo seu Backup com o Bacula. Palestrante: Bacula Backup-Pt-Br/bacula-users/bacula-devel/bacula-users-es

UCS Manager Communication Services

Overview of TLS v1.3. What s new, what s removed and what s changed?

IBM. Security Digital Certificate Manager. IBM i 7.1

Nimsoft Unified Management Portal

More Security, SSL, Credit Card Transactions. CS174 Chris Pollett Nov. 10, 2008.

How to Configure Mutual Authentication using X.509 Certificate in SMP SAP Mobile Platform (3.X)

Transport Layer Security (TLS) Configuration Note

Public. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2

PROVING WHO YOU ARE TLS & THE PKI

TLS1.2 IS DEAD BE READY FOR TLS1.3

SSL/TLS Server Test of grupoconsultorefe.com

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

Server software page. Certificate Signing Request (CSR) Generation. Software

Security and Certificates

CSE 565 Computer Security Fall 2018

Using ISE 2.2 Internal Certificate Authority (CA) to Deploy Certificates to Cisco Platform Exchange Grid (pxgrid) Clients

Transcription:

with your Apache HTTP Server Lars Eilebrecht Lars@apache.org

About Me Lars Eilebrecht Independent IT Consultant Contributor to the Apache HTTP Server project since 1996 Member of the ASF Security Team Co-founder and member of The Apache Software Foundation www.eilebrecht.net

Agenda Overview Cryptography Essentials X.509, Keys and Certificates SSL/TLS protocol Apache HTTP Server configuration Useful OpenSSL commands

Cryptography Essentials Public-Key (asymmetric) Cryptography (e.g., RSA, DSA, ECC) Data encrypted with the public key can only be decrypted with the corresponding private key Data signed with the private key can be verified by anyone using the public key Symmetric-Key Cryptography (e.g., AES, Twofish) Hash Function (e.g., SHA-2) Message Authentication Code (e.g., HMAC)

Keys and Certificates X.509: ITU-T standard (1988) for PKIs PKI: Public-Key Infrastructure CA: Certification Authority RA: Registration Authority CSR: Certificate Signing Request CRL: Certificate Revocation List

Common X.509 File Types and Extensions PEM: base64-encoded DER certificate(s) or public-key(s) DER: binary format based on Distinguished Encoding Rules (encoded ASN.1 values) p12: PKCS#12 format, certificate(s) and/or private key(s) key: commonly used for a PEM-encoded private key crt/cer: commonly used for a PEM-encoded certificate csr: commonly used for a PEM-encoded certificate signing request

PEM-encoded Certificate Example BEGIN CERTIFICATE MIIC2zCCAkSgAwIBAgIJANWZuQf40KViMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNV BAYTAlhYMQwwCgYDVQQIEwNYWFgxDDAKBgNVBAcTA1hYWDEMMAoGA1UEChMDWFhY MQwwCgYDVQQLEwM2NjYxDDAKBgNVBAMTAzY2NjAeFw0wODEwMDEyMzU1MDlaFw0w [...] BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFlaHQEXQdMVfvTay5x6fECa QiefllN/69931EFmNX0mlpV8pFZ448PtoGlXiNd+rnfe2ttjPfmh4CXDN9q7NPUO qntygrcwsgjxmvlu5s2q6kumrysedqr+da70zyed3tfj/qyjfg1hazflcvzrkfqe EuxxMbZd6XBXcXenuZzn END CERTIFICATE

Certificate Structure Certificate Version Serial Number Signature Algorithm Issuer Validity Period Subject Subject Public Key Info Issuer Unique Identifier (optional) Subject Unique Identifier (optional) Extensions (optional) Certificate Signature Algorithm Certificate Signature

Certificate Subject DN DN: Distinguished Name a sequence of identifiers in X.500 notation Common DN Keys: CN: Common Name C: Country (2-letter code) S: State or province L: Locality (e.g, City) O: Organization OU: Organizational Unit Example DN: C=ES, L=Seville, O=Example Inc., CN=www.example.com

Common Name for Server Certificates Fully-qualified domain name (FQDN) e.g., www.example.com does not match example.com Wildcard domain e.g., *.example.com matches example.com and hosts such as foo.example.com does not match www.foo.example.com or example.com.foo

Certificate Types Single-domain certificates Wildcard certificates Multi-domain (SAN/UC) certificates uses SubjectAlternativeName X.509 extension Extended validation (EV) certificates available since 2007 and supported by Firefox 3+, IE 7+, Edge 12+, Opera 9.5+, Safari 3.2+ and Chrome 1+

Extended Validation Certificates

Obtaining a Certificate create your own self-signed certificate signed by your own CA get a free certificate free certificates from Let's Encrypt CA trial certificates from commercial CAs buy a certificate from a CA domain-only, organization or extended validation (10 up to 1000 )

Let's Encrypt CA https://letsencrypt.org Certificates are free of charge Fully automated validation Standard domain-validation certificates Multi-domain/SAN certificates Certificates are valid for 90 days Not valid as client certificate Supported by almost all Web clients Service provided by Internet Security Research Group (ISRG) since April 2016 (non-profit organisation)

XCA Tool Open Source Graphical user interface for OpenSSL

Browser SSL Warnings If the browser doesn't know the issuing CA it displays a warning to the user.

Certificate Chain Root Certificate Intermediate Certificate 1 Intermediate Certificate n End-Entity (Leaf) Certificate (Server/Client Certificate)

SSL vs. TLS SSL: Secure Sockets Layer originally developed by Netscape (1994) SSL 2.0 and 3.0 deprecated and insecure TLS: Transport Layer Security IETF standard (1999) TLS 1.0, 1.1, 1.2, and draft 1.3 When people talk about SSL these days they actually mean TLS. An SSL certificate is an X.509 certificate for use with SSL/TLS.

Why HTTPS and TLS? Confidentiality and Data Privacy protects data from eavesdropping only the intended recipient can read the data Authentication allows for identification of server and optionally, the client Data Integrity ensures that nobody can tamper with the data that is being transmitted

Apache SSL/TLS Module - mod_ssl Included as default module since Apache HTTP Server version 2.0 Supports TLS 1.0, 1.1, 1.2 protocols SSL 3.0 is still supported, but SSL 2.0 support was removed in Apache HTTP Server version 2.4 Uses OpenSSL library

Module Configuration Required modules: LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module \ modules/mod_socache_shmcb.so SSL configuration file: Include conf/extra/httpd ssl.conf

Basic Configuration Certificate and private key (PEM format): SSLCertificateFile \ /usr/local/apache2/conf/ssl/server.crt SSLCertificateKeyFile \ /usr/local/apache2/conf/ssl/server.key (chmod 400 server.key) Enable SSL (per virtual host): SSLEngine On Listen 443

Intermediate CA Certificates add server and all intermediate certificates (sorted from leaf to root) to a single file and use SSLCertificateFile Multiple server certificates can be added to support different authentication algorithms (ECC, RSA, DSA, etc.) SSLCertificateChainFile became obsolete with version 2.4.8

SSL Ciphers and Protocols Define ciphers and protocol: SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLHonorCipherOrder On SSLProtocol All SSLv2 SSLv3 Cipher string format (SSLCipherSuite): prefix with! to permanently remove ciphers prefix with to remove ciphers prefix with + to add ciphers (unless they have been removed with! )

SSL Ciphers Disable Camellia and Seed ciphers for HIPAA compliance: Check which ciphers are enabled: SSLCipherSuite \ HIGH:MEDIUM:!MD5:!RC4:!CAMELLIA:!SEED openssl ciphers v 'HIGH:MEDIUM:!MD5:!RC4' Check ciphers man page for meanings of the various ciphers strings such as HIGH, MEDIUM, ECDH, etc.

Random Seeds Define random seeds: SSLRandomSeed startup file:/dev/urandom 2048 SSLRandomSeed connect file:/dev/urandom 2048 multiple sources can be defined Apache's built-in default is not very secure (provides very little entropy)

TLS Session Cache Using SHM session cache is recommended SSLSessionCache shmcb:/var/run/ssl_cache(1024000) SSLSessionCacheTimeout 600 avoid DBM session cache, it's slow and unstable under load each SSL session is about 150 bytes Using a very large session cache and/or long timeout compromises forward secrecy!

TLS Session Tickets Session tickets are enabled by default: SSLSessionTickets On Restart Apache at least once a day to reduce the impact on forward secrecy. If forward secrecy is required session tickets should be disabled. Disabling session tickets decreases performance!

SSL Virtual Hosting SSL can be enabled for any virtual host Name-based virtual hosts with SSL only possible with SNI support available in Apache 2.4 SNI: TLS Server Name Indication Clients must support SNI as well Clients without SNI support get the first virtual host or a 403 Forbidden response if SSLStrictSNIVHostCheck is enabled

Client Certificate Authentication SSLVerifyClient require Using SSLVerifyClient in a per-directory context triggers renegotiation and should be avoided if possible.

Defining allowed Client Certificates Path to bundle file with one or more PEM-encoded CA certificates: Path to CRL file: SSLCACertificateFile SSLCARevocationFile Use CRL if possible, but OCSP can be used as an alternative: SSLOCSPEnable On

Restricting Client Certificates Restrict access based on client certificate details or any other SSL environment variable Require expr "<expression>" Example: accept only certificate with specific common name Require expr "{SSL_CLIENT_S_DN_CN} \ in {'client.example.com', 'other.example.org'}"

Online Certificate Status Protocol OCSP issues: End-user privacy Efficiency Does not mitigate against MITM attacks after server key compromise OCSP Stapling exists as an alternative to OCSP and should be enabled

OCSP Stapling OCSP Stapling is known as the TLS Certificate Status Request Extension SSLUseStapling on SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000)

Apache as an SSL Reverse Proxy SSLProxyEngine SSLProxyCipherSuite SSLProxyProtocol SSLProxyCACertificateFile SSLProxyCACertificatePath SSLProxyCARevocationFile SSLProxyCARevocationPath SSLProxyCheckPeerCN SSLProxyCheckPeerExpire SSLProxyCheckPeerName SSLProxyMachineCertificateFile SSLProxyMachineCertificatePath

HTTPS with MS Internet Explorer SSL implementations in MSIE up to version 5 are broken, but market share for these versions is basically zero. The following directive from the Apache default configuration can be disabled: BrowserMatch "MSIE [2 5]" \ nokeepalive ssl unclean shutdown \ downgrade 1.0 force response 1.0

Test your SSL/TLS Server Qualys SSL Labs: https://www.ssllabs.com/ssltest/ High-Tech Bridge: https://www.htbridge.com/ssl/

HTTP Strict Transport Security Web security policy mechanism to protect against protocol downgrade. Example header: Strict Transport Security: max age=31536000 Once the browser has cached the header plain HTTP or untrusted certificates can no longer be used for that Web site.

Useful OpenSSL Commands Create self-signed certificate Remove passphrase from private key: openssl req x509 nodes days 3650 newkey rsa:2048 \ subj '/C=XX/L=Foo/CN=www.example.com' \ keyout server.key out server.crt openssl rsa in server.key out server nopass.key List available ciphers openssl ciphers v openssl ciphers v 'HIGH:MEDIUM:!MD5:!RC4'

Useful OpenSSL Commands Display certificate contents openssl x509 text in server.crt Verify if a private key matches a certificate openssl x509 noout modulus in server.crt md5sum openssl rsa noout modulus in server.key md5sum Connect to a Web server using HTTPS openssl s_client connect www.example.com:443

Useful OpenSSL Commands Check if OCSP response or client certificate authentication request is sent by server: Connect and define SNI server name: openssl s_client connect www.example.com:443 status openssl s_client connect www.example.com:443 \ servername www.example.com Show description of error code: openssl errstr <ERROR NUMBER>

with your Apache HTTP Server Lars Eilebrecht Lars@apache.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback