无法在 Amazon Linux 实例上禁用 SSLv3

无法在 Amazon Linux 实例上禁用 SSLv3

我正在使用 Go Daddy 颁发的 SSL 证书。在我的 Linux 实例上,以下是软件详细信息:-

  • Apache 版本 - Apache/2.4.16 (Amazon)
  • Openssl 版本 - OpenSSL 1.0.1k-fips 2015 年 1 月 8 日
  • mod_ssl 版本 - mod_ssl-2.4.2

注意:- 我从 RPM 包安装 Apache,然后从 rpm 包安装 mod_ssl 和 openssl。

1)问题是当我禁用 SSLv3 并从 https://www.ssllabs.com/ssltest/它警告我“该服务器不支持当前最好的 TLSv1.2”当我启用 TLSv1.2 协议时,同样的测试警告我“该服务器支持 SSLv3 协议,易受 Poodle 攻击” 如何在服务器上同时禁用 SSLv3 并启用 TLSv1.2?我的 Vhost 文件当前关于 SSL 的配置是:

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on

2) 我无法创建强 Diffie-Hellman 组。当前是 1024 位 Diffie-Hellman 组,我想为该站点创建 2048 位组。我发出此命令来生成 2048 位密钥:-

openssl dhparam -out dhparams.pem 2048

我在 VHost 中的配置是:

SSLOpenSSLConfCmd DHParameters /etc/httpd/dhparams.pem

当我重新启动服务器时弹出错误消息:

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

如何解决这个问题?

openssl s_client -connect 127.0.0.1:443 -tls1_2 -msg启用 SSLv3 时命令的输出:-

CONNECTED(00000003)
>>> ??? [length 0005]

>>> TLS 1.2 Handshake [length 0138], ClientHello

<<< ??? [length 0005]

<<< TLS 1.2 Handshake [length 003a], ServerHello

<<< ??? [length 0005]

<<< TLS 1.2 Handshake [length 12a7], Certificate

depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2     
Certification Authority
verify error:num=19:self signed certificate in certificate chain
<<< ??? [length 0005]

<<< TLS 1.2 Handshake [length 020f], ServerKeyExchange

<<< ??? [length 0005]

<<< TLS 1.2 Handshake [length 0004], ServerHelloDone

>>> ??? [length 0005]

>>> TLS 1.2 Handshake [length 0086], ClientKeyExchange

>>> ??? [length 0005]

>>> TLS 1.2 ChangeCipherSpec [length 0001]

>>> ??? [length 0005]

>>> TLS 1.2 Handshake [length 0010], Finished

<<< ??? [length 0005]

<<< TLS 1.2 Handshake [length 00ca]???

<<< ??? [length 0005]

<<< TLS 1.2 ChangeCipherSpec [length 0001]

<<< ??? [length 0005]

<<< TLS 1.2 Handshake [length 0010], Finished

openssl s_client -connect 127.0.0.1:443 -ssl3 -msg禁用 SSLv3 的命令输出:-

>>> ??? [length 0005]

>>> SSL 3.0 Handshake [length 0099], ClientHello

<<< ??? [length 0005]

<<< SSL 3.0 Alert [length 0002], fatal handshake_failure

openssl s_client -connect 127.0.0.1:443 -tls1_2 -msg禁用 SSLv3 时命令的输出:-

CONNECTED(00000003)
>>> ??? [length 0005]

>>> TLS 1.2 Handshake [length 0138], ClientHello

<<< ??? [length 0005]

>>> ??? [length 0005]

>>> TLS 1.0 Alert [length 0002], fatal protocol_version

openssl s_client -connect 127.0.0.1:443 -tls1_2 -msg当 SSLv3 被禁用时,Apache 中的 SSL 调试错误日志命令:-

[Tue Nov 24 07:50:13.019993 2015] [ssl:info] [pid 6419] [client 127.0.0.1:32836] AH01964: Connection to child 2 established (server site1.example.com:443)
[Tue Nov 24 07:50:13.023693 2015] [ssl:info] [pid 6419] [client 127.0.0.1:32836] AH02008: SSL library error 1 in handshake (server site1.example.com:443)
[Tue Nov 24 07:50:13.023752 2015] [ssl:info] [pid 6419] SSL Library Error: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version (SSL alert number 70)
[Tue Nov 24 07:50:13.023789 2015] [ssl:info] [pid 6419] [client 127.0.0.1:32836] AH01998: Connection closed to child 2 with abortive shutdown (server site1.example.com:443)

答案1

这是获得最兼容、最安全的 https 的配置,已在 ssllabs 上测试(需要最新的 openssl):

#=========================#
# [ HTTPS CONFIGURATION ] #
#=========================#
SSLEngine on
SSLOptions +StrictRequire
SSLProxyEngine on

# Prevent Beast attack
SSLHonorCipherOrder on

# SSL Compression (CRIME attack)
SSLCompression off

# HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

# PROTOCOL
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

# KEY
SSLCertificateFile /opt/web/ssl/xx.crt
SSLCertificateKeyFile /opt/web/ssl/xxx.key
SSLCertificateChainFile /opt/web/ssl/xxx.pem

# Deny HTTP request when SSL is used
<Directory />
    SSLRequireSSL
</Directory>

AddType application/x-x509-ca-cert      .crt
AddType application/x-pkcs7-crl         .crl

答案2

使用 Mozilla 配置生成器 (https://mozilla.github.io/server-side-tls/ssl-config-generator/) 为您的配置文件生成模板。请确保在给定的字段中输入准确的 Apache 和 OpenSSL 版本,并选择“现代”设置以使用最安全的协议。

话虽如此,您遇到的第二个问题与“SSLOpenSSLConfCmd”有关,与您使用的 OpenSSL 版本有关。要使用该命令,您需要 Apache > 2.4.8 和 OpenSSL > 1.0.2。因此,请升级您的 OpenSSL。

至于有关 TLSv1.2 和 SSLv3 的第一个问题,这归结于您启用的 SSLCipherSuite 列表。使用 OpenSSL 验证哪些套件适用于哪些协议,并从列表中删除较弱的套件(或使用前面提到的配置生成器)。例如:

openssl ciphers -s -v 'ECDHE+RSA+AES128+GCM+SHA256 ECDHE+ECDSA+AES128+GCM+SHA256 ECDHE+RSA+AES256+GCM+SHA384 ECDHE+ECDSA+AES256+GCM+SHA384 DHE+RSA+AES128+GCM+SHA256 DHE+DSS+AES128+GCM+SHA256 kEDH+AESGCM ECDHE+RSA+AES128+SHA256 ECDHE+ECDSA+AES128+SHA256 ECDHE+RSA+AES128+SHA ECDHE+ECDSA+AES128+SHA ECDHE+RSA+AES256+SHA384 ECDHE+ECDSA+AES256+SHA384 ECDHE+RSA+AES256+SHA ECDHE+ECDSA+AES256+SHA DHE+RSA+AES128+SHA256 DHE+RSA+AES128+SHA DHE+DSS+AES128+SHA256 DHE+RSA+AES256+SHA256 DHE+DSS+AES256+SHA DHE+RSA+AES256+SHA AES128+GCM+SHA256 AES256+GCM+SHA384 AES128+SHA256 AES256+SHA256 AES128+SHA AES256+SHA AES CAMELLIA DES+CBC3+SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH+DSS+DES+CBC3+SHA !EDH+RSA+DES+CBC3+SHA !KRB5+DES+CBC3+SHA'

其结果如下:

    DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
    DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
    DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
    DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
    ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
    DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
    DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
    AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
    DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
    DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
    AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
    ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
    ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
    AES256-SHA      SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA 
    Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
    ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
    AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
    AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
    DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
    DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
    CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
    DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
    DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
    CAMELLIA128-SHA SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

删除 SSLv3 密码以纠正该问题。

相关内容