我正在使用 Go Daddy 颁发的 SSL 证书。在我的 Linux 实例上,以下是软件详细信息:-
- Apache 版本 - Apache/2.4.16 (Amazon)
- Openssl 版本 - OpenSSL 1.0.1k-fips 2015 年 1 月 8 日
- mod_ssl 版本 - mod_ssl-2.4.2
注意:- 我从 RPM 包安装 Apache,然后从 rpm 包安装 mod_ssl 和 openssl。
1)问题是当我禁用 SSLv3 并从 https://www.ssllabs.com/ssltest/它警告我“该服务器不支持当前最好的 TLSv1.2”当我启用 TLSv1.2 协议时,同样的测试警告我“该服务器支持 SSLv3 协议,易受 Poodle 攻击” 如何在服务器上同时禁用 SSLv3 并启用 TLSv1.2?我的 Vhost 文件当前关于 SSL 的配置是:
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
2) 我无法创建强 Diffie-Hellman 组。当前是 1024 位 Diffie-Hellman 组,我想为该站点创建 2048 位组。我发出此命令来生成 2048 位密钥:-
openssl dhparam -out dhparams.pem 2048
我在 VHost 中的配置是:
SSLOpenSSLConfCmd DHParameters /etc/httpd/dhparams.pem
当我重新启动服务器时弹出错误消息:
Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
如何解决这个问题?
openssl s_client -connect 127.0.0.1:443 -tls1_2 -msg
启用 SSLv3 时命令的输出:-
CONNECTED(00000003)
>>> ??? [length 0005]
>>> TLS 1.2 Handshake [length 0138], ClientHello
<<< ??? [length 0005]
<<< TLS 1.2 Handshake [length 003a], ServerHello
<<< ??? [length 0005]
<<< TLS 1.2 Handshake [length 12a7], Certificate
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2
Certification Authority
verify error:num=19:self signed certificate in certificate chain
<<< ??? [length 0005]
<<< TLS 1.2 Handshake [length 020f], ServerKeyExchange
<<< ??? [length 0005]
<<< TLS 1.2 Handshake [length 0004], ServerHelloDone
>>> ??? [length 0005]
>>> TLS 1.2 Handshake [length 0086], ClientKeyExchange
>>> ??? [length 0005]
>>> TLS 1.2 ChangeCipherSpec [length 0001]
>>> ??? [length 0005]
>>> TLS 1.2 Handshake [length 0010], Finished
<<< ??? [length 0005]
<<< TLS 1.2 Handshake [length 00ca]???
<<< ??? [length 0005]
<<< TLS 1.2 ChangeCipherSpec [length 0001]
<<< ??? [length 0005]
<<< TLS 1.2 Handshake [length 0010], Finished
openssl s_client -connect 127.0.0.1:443 -ssl3 -msg
禁用 SSLv3 的命令输出:-
>>> ??? [length 0005]
>>> SSL 3.0 Handshake [length 0099], ClientHello
<<< ??? [length 0005]
<<< SSL 3.0 Alert [length 0002], fatal handshake_failure
openssl s_client -connect 127.0.0.1:443 -tls1_2 -msg
禁用 SSLv3 时命令的输出:-
CONNECTED(00000003)
>>> ??? [length 0005]
>>> TLS 1.2 Handshake [length 0138], ClientHello
<<< ??? [length 0005]
>>> ??? [length 0005]
>>> TLS 1.0 Alert [length 0002], fatal protocol_version
openssl s_client -connect 127.0.0.1:443 -tls1_2 -msg
当 SSLv3 被禁用时,Apache 中的 SSL 调试错误日志命令:-
[Tue Nov 24 07:50:13.019993 2015] [ssl:info] [pid 6419] [client 127.0.0.1:32836] AH01964: Connection to child 2 established (server site1.example.com:443)
[Tue Nov 24 07:50:13.023693 2015] [ssl:info] [pid 6419] [client 127.0.0.1:32836] AH02008: SSL library error 1 in handshake (server site1.example.com:443)
[Tue Nov 24 07:50:13.023752 2015] [ssl:info] [pid 6419] SSL Library Error: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version (SSL alert number 70)
[Tue Nov 24 07:50:13.023789 2015] [ssl:info] [pid 6419] [client 127.0.0.1:32836] AH01998: Connection closed to child 2 with abortive shutdown (server site1.example.com:443)
答案1
这是获得最兼容、最安全的 https 的配置,已在 ssllabs 上测试(需要最新的 openssl):
#=========================#
# [ HTTPS CONFIGURATION ] #
#=========================#
SSLEngine on
SSLOptions +StrictRequire
SSLProxyEngine on
# Prevent Beast attack
SSLHonorCipherOrder on
# SSL Compression (CRIME attack)
SSLCompression off
# HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
# PROTOCOL
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
# KEY
SSLCertificateFile /opt/web/ssl/xx.crt
SSLCertificateKeyFile /opt/web/ssl/xxx.key
SSLCertificateChainFile /opt/web/ssl/xxx.pem
# Deny HTTP request when SSL is used
<Directory />
SSLRequireSSL
</Directory>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
答案2
使用 Mozilla 配置生成器 (https://mozilla.github.io/server-side-tls/ssl-config-generator/) 为您的配置文件生成模板。请确保在给定的字段中输入准确的 Apache 和 OpenSSL 版本,并选择“现代”设置以使用最安全的协议。
话虽如此,您遇到的第二个问题与“SSLOpenSSLConfCmd”有关,与您使用的 OpenSSL 版本有关。要使用该命令,您需要 Apache > 2.4.8 和 OpenSSL > 1.0.2。因此,请升级您的 OpenSSL。
至于有关 TLSv1.2 和 SSLv3 的第一个问题,这归结于您启用的 SSLCipherSuite 列表。使用 OpenSSL 验证哪些套件适用于哪些协议,并从列表中删除较弱的套件(或使用前面提到的配置生成器)。例如:
openssl ciphers -s -v 'ECDHE+RSA+AES128+GCM+SHA256 ECDHE+ECDSA+AES128+GCM+SHA256 ECDHE+RSA+AES256+GCM+SHA384 ECDHE+ECDSA+AES256+GCM+SHA384 DHE+RSA+AES128+GCM+SHA256 DHE+DSS+AES128+GCM+SHA256 kEDH+AESGCM ECDHE+RSA+AES128+SHA256 ECDHE+ECDSA+AES128+SHA256 ECDHE+RSA+AES128+SHA ECDHE+ECDSA+AES128+SHA ECDHE+RSA+AES256+SHA384 ECDHE+ECDSA+AES256+SHA384 ECDHE+RSA+AES256+SHA ECDHE+ECDSA+AES256+SHA DHE+RSA+AES128+SHA256 DHE+RSA+AES128+SHA DHE+DSS+AES128+SHA256 DHE+RSA+AES256+SHA256 DHE+DSS+AES256+SHA DHE+RSA+AES256+SHA AES128+GCM+SHA256 AES256+GCM+SHA384 AES128+SHA256 AES256+SHA256 AES128+SHA AES256+SHA AES CAMELLIA DES+CBC3+SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH+DSS+DES+CBC3+SHA !EDH+RSA+DES+CBC3+SHA !KRB5+DES+CBC3+SHA'
其结果如下:
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
删除 SSLv3 密码以纠正该问题。