Apache2的SSL模块

Question 1

Apache2的SSL模块

您可能只是忘记启用 SSL 模块，您应该首先确保使用（作为 root 或使用sudo）：

a2enmod ssl

然后您可以尝试重新启动 Apache2 Web 服务器。

给未来读者的重要提示

SSL 1.0、2.0、3.0(维基百科）最新版本的 OpenSSL 不再支持这些。

TLS 1.0（维基百科）

这个版本的 TLS 是 1999 年的，我建议禁用它。

TLS 1.1（维基百科）

此版本的 TLS 是 2006 年的版本，当前（2019 年）没有操作系统/软件明确依赖它，我建议也禁用它。

您可能想阅读 1.2 之前版本的弃用信息DigiCert 文章。摘录如下：

较旧的协议存在安全风险 互联网上 TLS 1.0 和 1.1 的存在主要构成安全风险——服务器几乎普遍支持这些协议，但客户端对它们的使用更接近于相反。需要使用这些版本的客户正遭受着它们的缺点的困扰。互联网的其余部分很容易受到降级攻击（这迫使用户使用较弱版本的 TLS 以利用已知的漏洞），而几乎没有任何实际好处。对于大多数服务器，旧版本的 TLS 可能会保留“以防万一”，或者有人在打开新版本时忘记关闭它们。

TLS 1.2（维基百科）

不管它是在 2008 年定义的，但出于兼容性原因，在 2019 年我们确实需要它。

TLS 1.3（维基百科）

这是协议这么多年之后的一次重大升级，如果您可以启用它，请立即启用。

SSL 模块配置示例

<IfModule mod_ssl.c>

## Pseudo Random Number Generator (PRNG):
## Configure one or more sources to seed the PRNG of the SSL library.
## The seed data should be of good random quality.
## WARNING! On some platforms /dev/random blocks if not enough entropy
## is available. This means you then cannot use the /dev/random device
## because it would lead to very long connection times (as long as
## it requires to make more entropy available). But usually those
## platforms additionally provide a /dev/urandom device which doesn't
## block. So, if available, use this one instead. Read the mod_ssl User
## Manual for more details.
# I changed the default values of 512 to 1024
SSLRandomSeed    startup    builtin
SSLRandomSeed    startup    file:/dev/urandom    1024
SSLRandomSeed    connect    builtin
SSLRandomSeed    connect    file:/dev/urandom    1024

## Some MIME-types for downloading Certificates and CRLs
AddType    application/x-x509-ca-cert    .crt
AddType    application/x-pkcs7-crl       .crl

## Pass Phrase Dialog:
## Configure the pass phrase gathering process.
## The filtering dialog program (`builtin' is a internal
## terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog    exec:/usr/share/apache2/ask-for-passphrase

## Inter-Process Session Cache:
## Configure the SSL Session Cache: First the mechanism
## to use and second the expiring timeout (in seconds).
## (The mechanism dbm has known memory leaks and should not be used).
# I changed the default timeout of 300 to 600
SSLSessionCache           shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout    600

## Disabling SSLSessionTickets ensures Perfect Forward Secrecy
## is not compromised if the server is not restarted regularly
# I changed the default value as I won't restart the webserver
SSLSessionTickets    Off

## Semaphore:
## Configure the path to the mutual exclusion semaphore the
## SSL engine uses internally for inter-process synchronization.
## (Disabled by default, the global Mutex directive consolidates by default this)
#Mutex    file:${APACHE_LOCK_DIR}/ssl_mutex    ssl-cache

## The protocols to enable:
## Available values: all, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
## SSLv2 and SSLv3 are no longer supported
# I prefer the latest TLSv1.3 and TLSv1.2 for compatibility reasons
# TLSv1 / TLSv1.1 are 20 / 13 years old, so decided to disable them
SSLProtocol    -all    +TLSv1.3 +TLSv1.2

# Enabling compression causes security issues in most setups (the so called CRIME attack).
SSLCompression Off

## SSL server cipher order preference:
## Use server priorities for cipher algorithm choice.
## Clients may prefer lower grade encryption. You should enable this
## option if you want to enforce stronger encryption, and can afford
## the CPU cost, and did not override SSLCipherSuite
## in a way that puts insecure ciphers first.
# I changed the default value because:
# - I can afford the extra CPU costs
# - I want to force the clients to honor my cipher preferences
SSLHonorCipherOrder    On

## SSL Cipher Suites:
## List the ciphers that the client is permitted to negotiate. See the
## ciphers(1) man page from the openssl package for list of all available options.
# I can always run `openssl ciphers` to find all currently available ciphers
# As for TLSv1.3 the TLS_AES_128_GCM_SHA256 is mandatory as per RFC 8446:
# https://tools.ietf.org/html/rfc8446#section-9
SSLCipherSuite    TLSv1.3    TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
SSLCipherSuite    SSL        ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256


## Don't allow insecure renegotiation with clients which
## do not yet support the secure renegotiation protocol.
SSLInsecureRenegotiation    Off

## Forbid non-SNI clients to access name based virtual hosts
# I changed the default value as I want to
# reject all of the old / archaic clients
SSLStrictSNIVHostCheck    On

# Allow these elliptic curves and prefer the safe X25519 for TLSv1.3
SSLOpenSSLConfCmd    Curves    X25519:secp521r1:secp384r1:prime256v1

# Enable OSCP Stapling cache
SSLStaplingCache    shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000)

</IfModule>

为什么我只使用 AES 密码

因为现代 CPU 极大地加速了它们AES指令集，如下所示：

Answer

Apache2的SSL模块

您可能只是忘记启用 SSL 模块，您应该首先确保使用（作为 root 或使用sudo）：

a2enmod ssl

然后您可以尝试重新启动 Apache2 Web 服务器。

给未来读者的重要提示

SSL 1.0、2.0、3.0(维基百科）最新版本的 OpenSSL 不再支持这些。

TLS 1.0（维基百科）

这个版本的 TLS 是 1999 年的，我建议禁用它。

TLS 1.1（维基百科）

此版本的 TLS 是 2006 年的版本，当前（2019 年）没有操作系统/软件明确依赖它，我建议也禁用它。

您可能想阅读 1.2 之前版本的弃用信息DigiCert 文章。摘录如下：

较旧的协议存在安全风险 互联网上 TLS 1.0 和 1.1 的存在主要构成安全风险——服务器几乎普遍支持这些协议，但客户端对它们的使用更接近于相反。需要使用这些版本的客户正遭受着它们的缺点的困扰。互联网的其余部分很容易受到降级攻击（这迫使用户使用较弱版本的 TLS 以利用已知的漏洞），而几乎没有任何实际好处。对于大多数服务器，旧版本的 TLS 可能会保留“以防万一”，或者有人在打开新版本时忘记关闭它们。

TLS 1.2（维基百科）

不管它是在 2008 年定义的，但出于兼容性原因，在 2019 年我们确实需要它。

TLS 1.3（维基百科）

这是协议这么多年之后的一次重大升级，如果您可以启用它，请立即启用。

SSL 模块配置示例

<IfModule mod_ssl.c>

## Pseudo Random Number Generator (PRNG):
## Configure one or more sources to seed the PRNG of the SSL library.
## The seed data should be of good random quality.
## WARNING! On some platforms /dev/random blocks if not enough entropy
## is available. This means you then cannot use the /dev/random device
## because it would lead to very long connection times (as long as
## it requires to make more entropy available). But usually those
## platforms additionally provide a /dev/urandom device which doesn't
## block. So, if available, use this one instead. Read the mod_ssl User
## Manual for more details.
# I changed the default values of 512 to 1024
SSLRandomSeed    startup    builtin
SSLRandomSeed    startup    file:/dev/urandom    1024
SSLRandomSeed    connect    builtin
SSLRandomSeed    connect    file:/dev/urandom    1024

## Some MIME-types for downloading Certificates and CRLs
AddType    application/x-x509-ca-cert    .crt
AddType    application/x-pkcs7-crl       .crl

## Pass Phrase Dialog:
## Configure the pass phrase gathering process.
## The filtering dialog program (`builtin' is a internal
## terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog    exec:/usr/share/apache2/ask-for-passphrase

## Inter-Process Session Cache:
## Configure the SSL Session Cache: First the mechanism
## to use and second the expiring timeout (in seconds).
## (The mechanism dbm has known memory leaks and should not be used).
# I changed the default timeout of 300 to 600
SSLSessionCache           shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout    600

## Disabling SSLSessionTickets ensures Perfect Forward Secrecy
## is not compromised if the server is not restarted regularly
# I changed the default value as I won't restart the webserver
SSLSessionTickets    Off

## Semaphore:
## Configure the path to the mutual exclusion semaphore the
## SSL engine uses internally for inter-process synchronization.
## (Disabled by default, the global Mutex directive consolidates by default this)
#Mutex    file:${APACHE_LOCK_DIR}/ssl_mutex    ssl-cache

## The protocols to enable:
## Available values: all, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
## SSLv2 and SSLv3 are no longer supported
# I prefer the latest TLSv1.3 and TLSv1.2 for compatibility reasons
# TLSv1 / TLSv1.1 are 20 / 13 years old, so decided to disable them
SSLProtocol    -all    +TLSv1.3 +TLSv1.2

# Enabling compression causes security issues in most setups (the so called CRIME attack).
SSLCompression Off

## SSL server cipher order preference:
## Use server priorities for cipher algorithm choice.
## Clients may prefer lower grade encryption. You should enable this
## option if you want to enforce stronger encryption, and can afford
## the CPU cost, and did not override SSLCipherSuite
## in a way that puts insecure ciphers first.
# I changed the default value because:
# - I can afford the extra CPU costs
# - I want to force the clients to honor my cipher preferences
SSLHonorCipherOrder    On

## SSL Cipher Suites:
## List the ciphers that the client is permitted to negotiate. See the
## ciphers(1) man page from the openssl package for list of all available options.
# I can always run `openssl ciphers` to find all currently available ciphers
# As for TLSv1.3 the TLS_AES_128_GCM_SHA256 is mandatory as per RFC 8446:
# https://tools.ietf.org/html/rfc8446#section-9
SSLCipherSuite    TLSv1.3    TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
SSLCipherSuite    SSL        ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256


## Don't allow insecure renegotiation with clients which
## do not yet support the secure renegotiation protocol.
SSLInsecureRenegotiation    Off

## Forbid non-SNI clients to access name based virtual hosts
# I changed the default value as I want to
# reject all of the old / archaic clients
SSLStrictSNIVHostCheck    On

# Allow these elliptic curves and prefer the safe X25519 for TLSv1.3
SSLOpenSSLConfCmd    Curves    X25519:secp521r1:secp384r1:prime256v1

# Enable OSCP Stapling cache
SSLStaplingCache    shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000)

</IfModule>

为什么我只使用 AES 密码

因为现代 CPU 极大地加速了它们AES指令集，如下所示：

Question 2

刚才也有同样的问题。比较几台服务器之间的差异，我意识到有问题的服务器没有以某种方式安装 mod_ssl。

yum install mod_ssl

为我解决了这个问题。

Answer

刚才也有同样的问题。比较几台服务器之间的差异，我意识到有问题的服务器没有以某种方式安装 mod_ssl。

yum install mod_ssl

为我解决了这个问题。

Apache2的SSL模块

答案1

Apache2的SSL模块

给未来读者的重要提示

TLS 1.0（维基百科）

TLS 1.1（维基百科）

TLS 1.2（维基百科）

TLS 1.3（维基百科）

SSL 模块配置示例

为什么我只使用 AES 密码

答案2

相关内容