Web server SSL best practices
Configuring web servers to use TLS (SSL) securely is a fairly difficult problem given the currently known security holes in old encryption methods and the plethora of encryption ciphers available. This page collects some configuration information for Apache web servers in particular, however, some links contain information about other web servers as well.
In the most secure web servers, only the latest TLS_1.2 should be used. However, for compatibility with old web clients (Internet Explorer on Windows XP and Vista, for example) the older TLS_1.1 or even TLS_1.0 may have to be allowed.
The obsolete protocol SSLv2 MUST NOT be used, see:
- IETF: Official deprecation of SSLv2: Prohibiting Secure Sockets Layer (SSL) Version 2.0 (RFC6176).
The insecure protocol SSLv3 MUST NOT be used, see:
- IETF: Deprecating Secure Sockets Layer Version 3.0 (RFC7568) as of June 2015.
See also information about the so-called POODLE Attack:
- US-CERT Alert TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack.
- Microsoft: Vulnerability in SSL 3.0 Could Allow Information Disclosure.
- Google: This POODLE Bites: Exploiting The SSL 3.0 Fallback.
- Qualys: https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack.
There are some good discussions about configuring SSL:
The SSLCipherSuite (Cipher Suite available for negotiation in SSL handshake) configuration is really complicated. Very important recommendations for a number of different web servers are in:
SSL can be disabled in browsers too. Some interesting pages are:
The ssl.conf configuration file should (probably) be renamed as 02ssl.conf so that Apache reads it before other config files.
Configure the SSL certificates files in the (renamed) 02ssl.conf file, and in all subsequent virtual server .conf files for each server instance, as:
SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certs
Now make these Apache global configurations in 02ssl.conf:
SSLEngine on # intermediate security configuration, disable obsolete SSLv2 and SSLv3 SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite <paste ciphersuite from links in above section> SSLHonorCipherOrder on
Apache v2.2 documentation:
- SSLEngine toggles the usage of the SSL/TLS Protocol Engine.
- SSLProtocol control the SSL protocol flavors mod_ssl should use when establishing its server environment.
- SSLHonorCipherOrder server's cipher preference order in stead of client's order.
It is important to verify the security, as well as the web client compatibility, of your SSL based web server. This is not a simple matter.
There are SSL testing tools available on the Internet:
- testssl.sh: Testing TLS/SSL encryption
- SSL Labs (Qualys) at https://www.ssllabs.com/ssltest/
- GlobalSign has a modified interface of SSL Labs that is interesting as well: https://sslcheck.globalsign.com/
In test results, make sure that SSLv2 and SSLv3 are shown as disabled. You should also check the table of client compatibility in order to ensure that no important clients will be broken with this server.
openssl s_client -connect myserver.example.com:443 -ssl3
If SSLv3 is correctly disabled you should get a handshake error:
139743822751616:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40 139743822751616:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
Otherwise the command should print the server certificate information.