This guide will aim to inform you of strong cryptographic protocols and ciphers to use on a web server on Ubuntu 16.04 and NGINX.
Advertisement:
Secure encryption protocols are used to secure communications between a server and client. Older SSL protocols like Netscape’s Secure Sockets Layer (SSL) are flagged as DO NOT USE use by the Internet Engineering Task Force (IETF). Newer protocols like Transport Layer Security (TLS) are the newer recommended SSL protocols to use.
Wikipedia Article on Cryptographic Protocol’s
A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
Wikipedia on Ciphers
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information into cipher or code. In common parlance, “cipher” is synonymous with “code,” as they are both a set of steps that encrypt a message; however, the concepts are distinct in cryptography, especially classical cryptography.
Wikipedia article on Elliptic-curve cryptography
Wikipedia article on Diffie–Hellman key exchange
Bad SSL Assumptions I have heard for not using HTTPS
- I am not a bank so I don’t need HTTPS
- SSL overhead is was too high on servers.
- My site only has static content, I don’t need HTTPS
- I don’t need SSL to secure my site I just need to be less of a target than others
- I don’t hold confidential information (Wrong)
Don’t be Lazy and secure a site poorly
A local business that wanted me to buy their goods is not convincing me.
(tested with SSL labs and asafaweb)
Why SSL
If you are unsure of why you need SSL visit https://doesmysiteneedhttps.com/, Avoiding the Not Secure Warning in Chrome, Why HTTPS matters and securing your site with HTTPS.
Google has an HTTPS usage graph for all communications to its services (hint it’s growing): https://transparencyreport.google.com/https/overview?hl=en
SSL Future
SSL is here to stay, Non-SSL sites will soon be labelled insecure, Non-SSL sites will have Search Engine Optimization (SEO) adversely affected.
Also, secure pages will be treated as normal (not flagged as secure)
In October, Chrome will remove the “secure” indicator on all HTTPS pages and mark pages that do no use the secure version of the HTTP protocol with a red “not secure” warning. This change will make the web safer to use by default. https://t.co/ar3lwB9aRt
— J-François Lavigne (@jflavigne) May 25, 2018
History of Protocol’s – Launch Dates
- SSL 1.0 (never launched)
- SSL 2.0 1995
- SSL 3.0 1996
- TLS 1.0 1999
- TLS 1.1 2006
- TLS 1.2 2008
- TLS 1.3 2018
Sites like https://caniuse.com can show you if our browser an use new protocols like TLS (e.g TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3)
- TLS 1.0 is supported by All Browsers
- TLS 1.1 is supported on IE11+, Edge, Firefox 24+, Chrome 22+, Safari 7+, Opera 12.1+, iOS Safari 5.1+, Chrome 62 on Android 5+ etc
- TLS 1.2 is supported on IE11+, Edge, Firefox 27, Chrome 30+, Safari 7+, Opera 17+, iOS Safari 5.1, Chrome 62 on Android 5+ etc
- TLS 1.3 is not Supported by IE, Edge, Safari, iOS Safari, Android but is supported by Firefox 52, Chrome 56, Opera 43.
I have a guide here on setting up TLS 1.3 on Ubuntu 16.05 and Chrome, I use the draft build of OpenSSL but Open SSL 1.1.1 will support TLS 1.3. I am still figuring our TLS 1.3 on Ubuntu 18.04.
At the time of writing, you need to opt into TLS 1.3 draft specification in Chrome.
Cipher or Cypher
Read this page to see the history of the word Cipher or Cypher?
Buying an SSL certificate
Opening your wallet may not buy you the best certificate either, this was an SSL Labs review of a $150 SSL certificate Ii purchased a few years ago from a CPanel web host.
I don’t buy commercial certificates anymore, I prefer free SSL certificates from Lets Encrypt
SSL Strength
I prefer to set up my own (free) SSL certificate with Lest Encrypt and tets those certificated with https://dev.ssllabs.com/ssltest/
You can configure your web server to only use certain protocols.
1 2 | ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2 TLSv1.3; |
And define preferred ciphers
1 | ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; |
Don’t forget to renew your SSL certificates ahead of time.
Also run a modern browser like Google Chrome Canary as some old browsers thnk expired SSL certificates are Secure
Ciphers
OpenSSL has implemented support for five TLS v1.3 cipher suites:
- TLS13-AES-256-GCM-SHA384
- TLS13-CHACHA20-POLY1305-SHA256
- TLS13-AES-128-GCM-SHA256
- TLS13-AES-128-CCM-8-SHA256
- TLS13-AES-128-CCM-SHA256
Test OpenSSL Cipher Suites
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | openssl ciphers -s -v TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 |
A handy guide about using ciphers
Testing a remote host’s ciphers and protocols with cipherscan
Clone this repository: https://github.com/mozilla/cipherscan
Scan a site
1 | ./cipherscan fearby.com |
Result
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | Target: fearby.com:443 prio ciphersuite protocols pfs curves 1 ECDHE-ECDSA-CHACHA20-POLY1305-OLD TLSv1.2 ECDH,P-256,256bits prime256v1 2 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1 3 ECDHE-ECDSA-AES128-SHA TLSv1.2 ECDH,P-256,256bits prime256v1 4 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1 5 ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1 6 ECDHE-ECDSA-AES256-SHA TLSv1.2 ECDH,P-256,256bits prime256v1 7 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1 Certificate: trusted, 256 bits, ecdsa-with-SHA256 signature TLS ticket lifetime hint: 64800 NPN protocols: h2,http/1.1 OCSP stapling: supported Cipher ordering: server Curves ordering: server - fallback: no Server supports secure renegotiation Server supported compression methods: NONE TLS Tolerance: yes Intolerance to: SSL 3.254 : absent TLS 1.0 : PRESENT TLS 1.1 : PRESENT TLS 1.2 : absent TLS 1.3 : absent TLS 1.4 : absent |
Cipher scan can also recommend settings to change to help you harden a server (based on https://wiki.mozilla.org/Security/Server_Side_TLS)
Analyze Command
1 | ./analyze.py -t fearby.com |
Results
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | fearby.com:443 has bad ssl/tls Things that are bad: * remove cipher ECDHE-ECDSA-CHACHA20-POLY1305-OLD Changes needed to match the old level: * remove cipher ECDHE-ECDSA-CHACHA20-POLY1305-OLD * enable TLSv1.1 * enable TLSv1 * enable SSLv3 * add cipher DES-CBC3-SHA * use a certificate with sha1WithRSAEncryption signature * use DHE of 1024bits and ECC of 160bits Changes needed to match the intermediate level: * remove cipher ECDHE-ECDSA-CHACHA20-POLY1305-OLD * consider enabling TLSv1.1 * consider enabling TLSv1 * add cipher AES128-SHA * use a certificate signed with sha256WithRSAEncryption Changes needed to match the modern level: * remove cipher ECDHE-ECDSA-CHACHA20-POLY1305-OLD * remove cipher ECDHE-ECDSA-AES128-SHA * remove cipher ECDHE-ECDSA-AES256-SHA |
More info on hardening here.
TLS 1.3 Information
More Reading
SSLLabs Grading of certificates
Read about SSL Labs grading here
snip from here
- A+ – exceptional configuration
- A – strong commercial security
- B – adequate security with modern clients, with older and potentially obsolete crypto used with older clients; potentially smaller configuration problems
- C – obsolete configuration, uses obsolete crypto with modern clients; potentially bigger configuration problems
- D – configuration with security issues that are typically difficult or unlikely to be exploited, but can and should be addressed
- E – unused
- F – exploitable and/or patchable problems, misconfigured server, insecure protocols, etc.
We wish to make clear that, while A+ is clearly the desired grade, both A and B grades are acceptable and result in adequate commercial security. The B grade, in particular, may be applied to configurations designed to support very wide audiences, many of whom use very old programs to connect. The C grade is generally used for configurations that don’t follow best practices. Grades D and F are used for servers with serious configuration and security issues.
REady to go SSL configuration: https://cipherli.st/
Download ready to go Diffie–Hellman primes. https://2ton.com.au/dhtool/
We have dedicated 48 CPU cores to the task of continuously generating 2048, 3072, 4096 and 8192 bit DH parameters, and the public service we present here allows access to the most-recent 128 of each.
Diffie–Hellman key exchange (DH) is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
Diffie–Hellman is used to secure a variety of Internet services. However, research published in October 2015 suggests that the parameters in use for many DH Internet applications at that time are not strong enough to prevent compromise by very well-funded attackers, such as the security services of large governments.
More to come, I hope this guide helps someone.
fyi:
Windows Protocol/Cipher installer: https://www.nartac.com/
Ask a question or recommend an article
Revision History
V1.2 expired and use a modern browser
v1.1 bad SSL
v1.0 Initial post