Advertisement
opexxx

Secure SSL/TLS settings for Apache 2.4

Jan 27th, 2015
531
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 7.32 KB | None | 0 0
  1.  
  2. # Tested with Apache 2.4 and OpenSSL 1.0.1e
  3. #
  4.  
  5.  
  6. # Useful references
  7. #   http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
  8. #   https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf
  9. #   https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
  10. #   https://www.ssllabs.com/ssltest/
  11. #   https://cc.dcsec.uni-hannover.de
  12. #   https://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites
  13. #   http://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks
  14.  
  15. # The following end-clients are supported (older versions are NOT; newer versions probably are):
  16. #   Microsoft Internet Explorer 11
  17. #   Google Chrome 30
  18. #   Google Chrome 31
  19. #   Google Chrome 32
  20. #   Google Chrome 33
  21. #   Mozilla Firefox 27
  22. #   Opera 17
  23. #   Android 4.2.2
  24. #   Java 1.8 (Java 7 defaults to using TLSv1, with TLSv1.2 optional if code enabled; Java 8 defaults to v1.2)
  25. #   iOS 5.0
  26. #   F5 BigIP load balancer 11.4.1
  27. #   Safari 7 on Mac OS X 10.9
  28. # The following obsolete end-clients are supported, but don't support the strongest security options (i.e. TLSv1.2)
  29. #   Microsoft Internet Explorer 8
  30. #   Microsoft Internet Explorer 9
  31. #   Microsoft Internet Explorer 10
  32. #   Mozilla Firefox 26
  33. #   Java 1.7
  34. #   Java 1.6
  35. #   Android 2.3
  36. #   Android 3.x
  37. #   Android 4.0
  38. #   Android 4.1
  39. #   Safari 6 on Mac OS X 10.8
  40.  
  41.  
  42. #-------------------------------------------------------------------------------
  43. # Disable insecure client-initiated renegotiation (usually default but make sure)
  44. SSLInsecureRenegotiation off
  45.  
  46.  
  47. #-------------------------------------------------------------------------------
  48. # Prevent the CRIME attack
  49. SSLCompression off
  50.  
  51.  
  52. #-------------------------------------------------------------------------------
  53. # Reference documents for TLS version support
  54. #   http://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
  55. #   http://op-co.de/blog/posts/android_ssl_downgrade/
  56. #   http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Protocol_support
  57. # TLSv1.2 is supported by (configuration enabled by default):
  58. #   Google Chrome 30+
  59. #   Mozilla Firefox 27+
  60. #   Microsoft Internet Explorer 11+
  61. #   Opera 17+
  62. #   Safari 5+ (on Mac or iOS)
  63. #   Android 4.2.2
  64. #   iOS 5.0
  65. #   F5 BigIP load balancer 11.4.1
  66. #   Safari 7 on Mac OS X 10.9
  67. SSLProtocol TLSv1.2 +TLSv1
  68.  
  69. # Complete prevention (server-side) of BEAST is only possible in TLSv1.1 and later.  Use of TLSv1.0 with CBC ciphers
  70. #   can still leave the issue open.  Use of RC4 as a cipher was recommended, but RC4 is weakened by other attacks.
  71. #   Use of TLSv1.2 with GCM is the best available.  Most web browsers have patches to mitigate client-side.
  72. # Use of GCM AES ciphers are only available in TLSv1.2, but at least we can prefer them.
  73. # Since we must support TLS version 1.0 to handle older browsers at this time we cannot 100% stop BEAST server-side.
  74. # Older clients must have their own client-side patch to prevent the risk of BEAST
  75.  
  76. #*********
  77. # Support older clients (for a limited time) with lower security version
  78. # Internet Explorer 8 - 10 can do TLS v1.2, but it is disabled by default so only TLSv1.0 is enabled in IE :(
  79. # Other older clients are in a similar situation.
  80. # SSLProtocol has +TLSv1 added above to SSLProtocol for this support.
  81.  
  82.  
  83. #-------------------------------------------------------------------------------
  84. # Enable perfect forward secrecy
  85.  
  86. # Prefer the servers cipher options
  87. SSLHonorCipherOrder On
  88.  
  89. # Apache 2.4+ has Define directive built-in, you can string concat with it
  90.  
  91. # The latest and strongest OpenSSL (latest version) ciphers are typically not supported by the major web browser clients
  92. # We will add ciphers in order of preference based on the strongest cipher the web client (and version) supports
  93. # We also take into account web server support
  94.  
  95. # Start with secure clean slate
  96. # (Reminder:  Apache 2.4.7+ always adds "!aNULL:!eNULL:!EXP:")
  97. Define sslCiphers -ALL:!ADH:!aNULL:!EXP:!EXPORT40:!EXPORT56:!RC4:!3DES:!eNULL:!NULL:!DES:!MD5:!LOW
  98.  
  99.  
  100. #************
  101. # We'd prefer (where supported):    ECDHE   RSA AES  GCM    TLSv1.2
  102. #   ECDHE is faster than DHE.  Both provide forward secrecy.
  103. #   RSA has larger key size but verifies faster.  Furthermore ECDSA requires ECDSA certificates which most people are
  104. #       not using with their Apache web server or otherwise.
  105. #   AES is strong algorithm.  128-bit or 256-bit are fine.  Most clients don't do 256-bit yet.
  106. #   GCM over CBC.  CBC has been attacked a few times and NIST prefers GCM.
  107. #   TLS v1.2 avoids a lot of attacks and has newer features/ciphers.
  108.  
  109. # Our very first and preferred cipher regardless of client
  110. Define sslCiphers ${sslCiphers}:ECDHE-RSA-AES128-GCM-SHA256
  111. # Backup cipher to first preferred
  112. Define sslCiphers ${sslCiphers}:DHE-RSA-AES128-GCM-SHA256
  113. # Warning:  Don't duplicate declare any ciphers or it may end up in a lower priority/preference position
  114.  
  115.  
  116. # Google Chrome (Version 33.0.1750.146 m)   Windows 7 64-bit w/SP1
  117. # Already:  ECDHE-RSA-AES128-GCM-SHA256
  118.  
  119. # Firefox 27    Windows 7 64-bit w/SP1
  120. # Already:  ECDHE-RSA-AES128-GCM-SHA256
  121.  
  122. # Android 4.2.2; 4.3
  123. # Already:  ECDHE-RSA-AES128-GCM-SHA256
  124.  
  125. # Opera 20
  126. # Already:  ECDHE-RSA-AES128-GCM-SHA256
  127.  
  128. #   iOS 5.0
  129. # Already:  ECDHE-RSA-AES128-GCM-SHA256
  130.  
  131. # F5 BigIP load balancer 11.4.1
  132. #   CBC not GCM
  133. Define sslCiphers ${sslCiphers}:ECDHE-RSA-AES256-SHA
  134.  
  135.  
  136. #************
  137. # TLS v1.0 capable only clients
  138.  
  139. # Microsoft Internet Explorer 8.0.7601.17514    Windows 7 64-bit w/SP1
  140. # Already: ECDHE-RSA-AES256-SHA
  141.  
  142. # Android 2.3 to 4.0
  143. # Untested due to lack of devices.  Assuming same as IE8.
  144.  
  145. # Mozilla Firefox 26
  146. # Already:  ECDHE-RSA-AES128-GCM-SHA256
  147.  
  148. # Java 7 (1.7) doesn't do GCM, that is coming in Java 8
  149. # Also 256-bit isn't available in default setups without "JCE Unlimited Strength Jurisdiction Policy Files"
  150. # Java 7 RFC4492 cipher name:  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  151. #   http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
  152. # OpenSSL version of the cipher name:  ECDHE-RSA-AES128-SHA
  153. #   https://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
  154. Define sslCiphers ${sslCiphers}:ECDHE-RSA-AES128-SHA
  155.  
  156.  
  157. # Java 6 (1.6) doesn't do GCM
  158. # No support at all for TLSv1.1 or later (not even disabled by default like Java 7)
  159. # Also 256-bit isn't available in default setups without "JCE Unlimited Strength Jurisdiction Policy Files"
  160. # Java 7 RFC4492 cipher name:  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  161. #   http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
  162. # OpenSSL version of the cipher name:  DHE-RSA-AES128-SHA
  163. #   https://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
  164. Define sslCiphers ${sslCiphers}:DHE-RSA-AES128-SHA
  165.  
  166.  
  167. #*******************************************************************************
  168. # (Reminder:  Multiple SSLCipherSuite are *not* additive but *override/replace* each other)
  169. # (Reminder:  "In per-directory context" behaves special)
  170. # (Reminder:  Apache 2.4.7+ always adds "!aNULL:!eNULL:!EXP:"
  171. SSLCipherSuite ${sslCiphers}
  172.  
  173.  
  174. #-------------------------------------------------------------------------------
  175. # Mitigate against BREACH and TIME
  176. SetEnv no-gzip
  177.  
  178. #-------------------------------------------------------------------------------
  179. # Enable HTTP Strict Transport Security (HSTS) (approximately for 1 year)
  180. Header add Strict-Transport-Security "max-age=31536000 ; includeSubDomains"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement