nginxssl-presentation

View Github Repository Open presentation in a new window

vahe-evoyan

See all presentation from vahe-evoyan

nginxssl-presentation

0 0

nginxssl-presentation

Presentation at ARMSec (alpha) 2014. Secure SSL setup on Nginx or how to get an A+ on SSLLabs.

On Github vahe-evoyan / nginxssl-presentation

Secure SSL setup on Nginx

or how to get an A+ on SSLLabs.

by Vahe Evoyan @evoyan

- my personal project to see how much effort takes to secure yourself - 5 lines to achieve a maximal rating on SSLLabs - one of banking sites in armenia has a raiting B simply because of not supporting TLS1.2 - we will not talk about heartbleed :)

SSL/TLS Introduction

  • What is SSL (TLS)?

  • How it works?
  • Problems?
- Wikipedia Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet. - it's like tunnel and no matter what happens in this cloud we're safe (this is how people want to view it) - so we need to create a tunnel, so let's see the whole creating process

The Handshake

Negotiation
  • Client Hello (SSL version number, cipher settings, session-specific data, etc.)
  • Server Hello (SSL version number, cipher settings, session-specific data, etc. and certificate)
Key exchange
  • Client sends the encrypted pre-master secret to the server
  • Server decrypts the pre-master secret using its private key
  • Both perform a series of steps to generate the master secret
Secure communication - In point 1 also possible client certificate validation -

Problems

  • SSL/TLS uses "ancient cryptography algorithms"
  • Many of these algorithms have known flaws
    • or used in ways known to be unsafe
  • Why? Backward compatibility!
- backward compatibility - mostly - lazy programmers not re-implementing algorithms, but patching them - we're gonna fight with it

Worst configuration

All SSL versions and ciphers are turned on

ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ALL";

Result: F

  • This server supports SSL 2, which is obsolete and insecure.
  • This server supports anonymous (insecure) suites.
- remember, we don't have a Heartbleed here, though it would give the same result in the SSLLabs.

Insecure ciphers and SSL/TLS versions

  • SSL v2.0 is insecure: flawed in a variety of ways
  • CBC ciphers in general are vulnerable to padding oracle attack and to BEAST up to TLS v1.0
  • RC4 used to mitigate the BEAST attack until latest demonstrations that it's broken
  • NULL ciphers
- SSL 2.0 - has a weak MAC construction that uses the MD5 hash function with a secret prefix, making it vulnerable to length extension attacks. - does not have any protection for the handshake, meaning a man-in-the-middle downgrade attack can go undetected - uses the TCP connection close to indicate the end of data - assumes a single service and a fixed domain certificate - CBC - available also timing attacks "lucky 13", for the timing attack workaround - NULL ciphers - It would today be regarded as a simple form of steganography - TLS 1.1, 1.2 are not vulnerable to BEAST

NULL and SSL v2

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ALL:!aNULL:!eNULL";

Result: C

Export cipher suites

Disable all 40 and 56 bits algorithms for export.

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ALL:!aNULL:!eNULL:!EXP";

Result: B

Low encryption cipher suites

Disable all low encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites.

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ALL:!aNULL:!eNULL:!EXP:!LOW";

Result: A-

Forward secrecy

A+

Requires use of ephemeral Diffie-Hellman key exchange (ECDHE) to establish session keys.

ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!EDH-RSA-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EECDH+aRSA+RC4:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"

Extra

Session resumption

Session reuse improves SSL performance by submitting an appropriate blob to the server, a client is able to trigger an abbreviated handshake, improving latency and computation time.

ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;

Server ciphers

Server ciphers should be preferred over client ciphers.

ssl_prefer_server_ciphers on;
- When the server sends the “Server Hello” message, it can include a session identifier. The client should store it and present it in the “Client Hello” message of the next session. If the server finds the corresponding session in its cache and accepts to resume the session, it will send back the same session identifier and will continue with the abbreviated SSL handshake. Otherwise, it will issue a new session identifier and switch to a full handshake.

Nginx Defaults

A-

The server does not support Forward Secrecy with the reference browsers.

ssl_session_cache none;
ssl_session_timeout 10m;

ssl_prefer_server_ciphers off;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

References

THANK YOU!