what you are doing right now. • How to change your SSL settings safely • How to get a minimal understanding of cipher suite selection • How to monitor your site, so SSL surprises don't happen.
patch level • If you are using Apache 1.3 - stop, and just focus on getting up to date with Apache 2.2 or 2.4 (same with nginx users — get up to date) • This will update your OpenSSL library, fixing numerous problems
problems. • It's possible but highly unlikely, CPU load might go up due to new ciphers being selected. If this happens, then add • SSLHonorCipherOrder on • SSLCipherSuite: AES-128:your-previous-values
log or create a new one • Apache: Add the following to your CustomLog in • %{SSL_PROTOCOL}x %{SSL_CIPHER}x • http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
v2? - -hopefully 0 • SSL v3? — hopefully under 1% but look who is using. I'm seeing Yandex use it for their bots. • TLS v1.0, 1.1, 1.2? each is hopefully not 0
data • Analyse cipher suite usage, in particular look for olds one such as • Anything with 'RC4' • Anything with 'DES' • Hopefully nothing with MD2, MD4
uses OpenSSL cipher suite macros. • Allows you to configure the set of cipher suites using set operations (union/intersection, add/ subtract, whitelist/blacklist) • Allows for a very compact representation what ciphers you allow. • Or do they?
• They hide your intentions • OpenSSL has made subtle changes in how they work from release to release. • Operating systems sometimes remove suites. • They are incomplete and/or undocumented. • Probably don't do what you think they do.
it might make sense. We do not. • Whitelist ciphers you want. • If its not on the list, they aren't used. • Makes clear what, and in what order what cipher suite you are using.
Expands to over 70 cipher suites. • Many aren't useable for public websites • Breaks old Windows XP compatibility • Some have serious performance implications • The most preferred cipher is — ECDHE-RSA-AES256-GCM-SHA384 - ouch
MACHINE. Results will be different depending on what version of OpenSSL is installed and your OS version • openssl ciphers "ALL:!ADH:!NULL:!EXP:! SSLv2:!LOW:!MEDIUM:RC4+RSA:+HIGH" • 70 on my ubuntu box. • 9 on my mac laptop • (use 'openssl ciphers -v' to get more information)
being used, based on your site analysis. • This is the CipherSuite you are really using. • It probably contains under 10 entries. • Maybe as low as 1 or 2! DES-CBC3-SHA:AES128-SHA
SSL v3 — Almost secure.. might be ok to eliminate! • TLS 1.0 - "ok"! • TLS 1.1 - No known practical attacks! • TLS 1.2 — Best available; includes new ciphers
website with exactly one cipher. • AES128-SHA • Just this will get you an "A" on SSLLabs (with other settings being correct) • It is the defacto public web standard. • Hardware accelerated in recent Intel CPUs
there is no client that forces 256-bits keys and does not use 128-keys. • There is no evidence that AES256 is 'more secure' in practical terms than AES128. • 256 definitely is slower.
used in old cell phones still. • Only your usage analysis can tell you if you should use it. • A replacement is coming but it's not ready yet (Cha-Cha stream cipher)
is compromised, an eavesdropper can decode all traffic and any traffic previously captured. • ECDHE — Works in a completely different way. The 'E' at the end is important. It means every connection gets a different key. Key compromise means old communication remains safe.
ECDHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA RC4-SHA: Recommended but not required.! Needs an up-to-date OS and version of OpenSSL
ECDHE-RSA-RC4-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA RC4-SHA: Monitor to see who and how often 256-bit ciphers are actually used
AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA RC4-SHA And add other (secure) ciphers you found in your analysis
ECDHE-RSA-RC4-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA RC4-SHA Very Very Optional please analyse you traffic to see if this is worthwhile
Cipher Suites without warnings or errors • It only requires one valid cipher in your list for your web server to start! • You -must- check your explicit list against what is showing up in SSLLabs.
If you have multiple OpenSSL installations, Apache can link to wrong version • Source control problems (bad merge, reversion) • OS Upgrades that overwrite your custom configurations • People changing things.
openssl-version: 'OpenSSL 1.0.1e 11 Feb 2013' smoke-test: on certificate-checksum: 0562dbbd5fa60dad7a6ef8bb6a53b89d961ee84a certificate-common-name: www.google.com certificate-length: 2048 certificate-days-until-expiration: 72 certificate-chain-length: 3 certificate-chain-self-signed: off protocol-tls-v12: on protocol-tls-v12-default: ECDHE-RSA-AES128-GCM-SHA256 cipher-suite-AES128-GCM-SHA256: on cipher-suite-AES128-SHA256: on cipher-suite-AES256-GCM-SHA384: on cipher-suite-AES256-SHA256: on cipher-suite-ECDHE-RSA-AES128-GCM-SHA256: on cipher-suite-ECDHE-RSA-AES128-SHA256: on cipher-suite-ECDHE-RSA-AES256-GCM-SHA384: on cipher-suite-ECDHE-RSA-AES256-SHA384: on protocol-tls-v11: on protocol-tls-v11-default: ECDHE-RSA-AES128-SHA protocol-tls-v10: on protocol-tls-v10-default: ECDHE-RSA-RC4-SHA protocol-ssl-v3: on protocol-ssl-v3-default: ECDHE-RSA-RC4-SHA protocol-ssl-v2: off etc…
unit test? • Pages that must be SSL or require auth. • Certificate ID • DNS records? • Is your site on Google Safe Browsing blacklist? • All of these should never change, but if they do, you should know about it.
• Simplify your Configuration • Monitor your SSL configuration with SSLLabs and your own sslassert - Unit Tests for Infrastructure. • Repeat every 6 months — put it in your calendar • Relax!