Recently I was testing some web servers with the SSL Labs SSL web server test. This article describes the fixes I applied to Ubuntu Server 12.04 to get an A+ on the test.
The SSL Labs Test
Auditing the SSL certificates on your web server occasionally is a good idea, since you always want to try to maintain a balance between supported platforms and security. Exploits such as CRIME and Poodle are widely available, and, as always, maintaining backwards compatibility generally makes you more vulnerable.
Although this article generally refers to Ubuntu Server, the real subject is Apache, so most of it should be applicable to setups using the httpd binary (Fedora, CentOS, OpenSUSE, etc.) as opposed to apache2. You can add SSL directives to individual virtual hosts, or to your main httpd.conf or apache2.conf.
To get an A+ with Apache:
- If you're running Ubuntu 12.04 LTS, try upgrading to 14.04 LTS. This will frequently get you an A+ while maintaining broad client compatibility. You could compile OpenSSL, Apache and related by hand, but running the automated upgrade is usually much easier.
- Disable SSLv3 with:
SSLProtocol All -SSLv3
- Disable SSL compression:
- Add additional protocols for perfect forward security, and disable the weak RC4 cipher:
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
- To prevent downgrade attacks, enable the headers mod and implement strict transport security:
$ a2enmod headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
More info about HTTP Strict Transport Security.
- Some certs (InCommon) need two chaining certs, which I had missed before. So I put these two in a file and pointed SSLCertificateChainFile at it:
$ wget https://ssl-tools.net/certificates/f5fb01dea6e59ca6dd057054f4a3ff72dde1d5c6.pem $ cat f5fb01dea6e59ca6dd057054f4a3ff72dde1d5c6.pem > InCommon-chain.pem $ wget https://ssl-tools.net/certificates/eab040689a0d805b5d6fd654fc168cff00b78be3.pem $ cat eab040689a0d805b5d6fd654fc168cff00b78be3.pem >> InCommon-chain.pem
That got me an A+ on the SSL Labs test and only sacrificed compatibility with Windows XP clients running IE6 and IE8. Apparently compatibility with that platform can't be done securely, and Chrome now warns on XP compatible certs. I consider this acceptable since Windows XP has passed its end-of-life and should be abandoned in any setup where security is essential. If you're feeling generous you may also start warning XP users that they need to upgrade.
I tested a few other SSL sites around the web and many of them scored somewhere between F and C. Certainly there's plenty of room for improvement.