[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#765783: marked as done (apache2: The sample TLS config should recommend a better cipher list)

Your message dated Sat, 18 Oct 2014 21:27:24 +0200
with message-id <2069098.VnmZYND9jm@k>
and subject line Re: Bug#765783: apache2: The sample TLS config should recommend a better cipher list
has caused the Debian Bug report #765783,
regarding apache2: The sample TLS config should recommend a better cipher list
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
765783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765783
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apache2
Version: 2.4.10-5
Severity: important
Tags: patch

Here's a patch for the sample TLS configuration which follows Mozilla's
intermediate compatibility config:

  https://wiki.mozilla.org/Security/Server_Side_TLS#Apache

It makes Apache pick the best possible ciphers (for example, giving users
forward secrecy) and also recommends turning on HSTS to defeat sslstrip
attacks.

Also note that it disables SSLv3 to fix the POODLE attack discovered
this week.

Francois

diff --git a/debian/config-dir/sites-available/default-ssl.conf b/debian/config-dir/sites-available/default-ssl.conf
index 432b965..6aaf5f2 100644
--- a/debian/config-dir/sites-available/default-ssl.conf
+++ b/debian/config-dir/sites-available/default-ssl.conf
@@ -24,6 +24,22 @@
 		#   Enable/Disable SSL for this virtual host.
 		SSLEngine on
 
+                #   Mozilla's recommended intermediate compatibility cipher list
+                #   https://wiki.mozilla.org/Security/Server_Side_TLS#Apache
+                SSLProtocol             all -SSLv2 -SSLv3
+                SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+                SSLHonorCipherOrder     on
+                SSLCompression          off
+
+                #   OCSP Stapling
+                #SSLUseStapling          on
+                #SSLStaplingResponderTimeout 5
+                #SSLStaplingReturnResponderErrors off
+                #SSLStaplingCache        shmcb:/var/run/ocsp(128000)
+
+                #   Enable this if your want HSTS (recommended)
+                #Header add Strict-Transport-Security "max-age=15768000"
+
 		#   A self-signed (snakeoil) certificate can be created by installing
 		#   the ssl-cert package. See
 		#   /usr/share/doc/apache2/README.Debian.gz for more info.

--- End Message ---
--- Begin Message --- 
On Saturday 18 October 2014 16:00:25, Francois Marier wrote:
> Here's a patch for the sample TLS configuration which follows
> Mozilla's intermediate compatibility config:
> 
>   https://wiki.mozilla.org/Security/Server_Side_TLS#Apache
> 
> It makes Apache pick the best possible ciphers (for example, giving
> users forward secrecy) and also recommends turning on HSTS to
> defeat sslstrip attacks.
> 
> Also note that it disables SSLv3 to fix the POODLE attack discovered
> this week.

sslv3 will be disabled in the next upload (see #765347).

For the rest, I don't think the suggested configuration is a good 
default:

I don't think enabling SSLHonorCipherOrder by default is good. It 
makes it nearly impossible for the clients to select what they think 
is appropriate. Also, clients will be upgraded much more often during 
the lifetime of a Debian stable release than apache2. Therefore 
adjusting the default ciphers to be up-to-date makes more sense on the 
clients.

As an example of how this is problematic, see RC4 and 
SSLHonorCipherOrder being suggested as mitigation against BEAST, and 
RC4 later being found to be broken. This caused problems on servers 
where the configuration has not been updated afterwards.

Also, changing conffiles in security updates is problematic (it breaks 
unattended-updates).


Suggesting HSTS without detailed description of the implications is 
out of the question, too.

OCSP Stapling is useless until browsers implement some must-staple 
extension.

SSL compression already defaults to off.

The difference of the overly complicated suggested SSLCipherSuite 
versus "HIGH" is rather small and does not justify the maintenance 
problems it causes. If the default is "HIGH" in apache2, it is quite 
easy to adjust the meaning of "HIGH" in an openssl security update if 
necessary. Otherwise, a conffile update would be necessary to change 
it.

Therefore I am closing this bug.

--- End Message ---
Reply to: