From 10fc3a39a6c6a92ac3562ff48fd60b64f820b735 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Colombaro?= Date: Sun, 25 Nov 2018 19:13:33 +0100 Subject: [PATCH] Split SSL config Prepare #180 --- h5bp/security/ssl_policy.conf | 64 ------------------------------- h5bp/ssl/certificate_files.conf | 32 ++++++++++++++++ h5bp/ssl/ocsp_stapling.conf | 18 +++++++++ h5bp/ssl/policy_intermediate.conf | 21 ++++++++++ h5bp/ssl/ssl_engine.conf | 31 +++++++++++++++ sites-available/ssl.example.com | 6 ++- sites-available/ssl.no-default | 3 +- 7 files changed, 108 insertions(+), 67 deletions(-) delete mode 100644 h5bp/security/ssl_policy.conf create mode 100644 h5bp/ssl/certificate_files.conf create mode 100644 h5bp/ssl/ocsp_stapling.conf create mode 100644 h5bp/ssl/policy_intermediate.conf create mode 100644 h5bp/ssl/ssl_engine.conf diff --git a/h5bp/security/ssl_policy.conf b/h5bp/security/ssl_policy.conf deleted file mode 100644 index 15eaa34..0000000 --- a/h5bp/security/ssl_policy.conf +++ /dev/null @@ -1,64 +0,0 @@ -# ---------------------------------------------------------------------- -# | SSL Policy | -# ---------------------------------------------------------------------- - -# Cipher suites and directive for strong security -# -# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations -# https://mozilla.github.io/server-side-tls/ssl-config-generator/ -# https://nginx.org/en/docs/http/ngx_http_ssl_module.html - -# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add -# SSLv3 to the list of protocols below. -ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - -# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx -ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; -ssl_prefer_server_ciphers on; - -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes. -# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection. -# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state. -# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS. -ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions -ssl_session_timeout 24h; - -# SSL buffer size -# ssl_buffer_size 1400; # 1400 bytes to fit in one MTU - -# Session tickets -# -# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and -# when a restart is performed the previous key is lost, which resets all previous -# sessions. The fix for this is to setup a manual rotation mechanism: -# https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx -# -# Note that you'll have to define and rotate the keys securely by yourself. In absence -# of such infrastructure, consider turning off session tickets: -ssl_session_tickets off; - -# Use a higher keepalive timeout to reduce the need for repeated handshakes -keepalive_timeout 300s; # up from 75 secs default - -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication). -# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors. - -# ssl_certificate /etc/nginx/default_ssl.crt; -# ssl_certificate_key /etc/nginx/default_ssl.key; - -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# OCSP stapling - -# ssl_stapling on; -# ssl_stapling_verify on; - -# Trusted certificate must be made up of your intermediate certificate followed by root certificate -# ssl_trusted_certificate /path/to/ca.crt; - -# resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; -# resolver_timeout 2s; diff --git a/h5bp/ssl/certificate_files.conf b/h5bp/ssl/certificate_files.conf new file mode 100644 index 0000000..36732e5 --- /dev/null +++ b/h5bp/ssl/certificate_files.conf @@ -0,0 +1,32 @@ +# ---------------------------------------------------------------------- +# | Certificate files | +# ---------------------------------------------------------------------- + +# This default SSL certificate will be served whenever the client lacks +# support for SNI (Server Name Indication). +# Make it a symlink to the most important certificate you have, so that +# users of IE 8 and below on WinXP can see your main site without SSL errors. +# +# (1) Certificate and key files location +# The certificate file can contain intermediate certificate. +# +# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate +# +# (2) Intermediate certificate location if loaded certificate (1) does not +# contain intermediate certificate when enabling OCSP stanpling. +# +# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate +# +# (3) CA certificate file location for client certificate authentication +# +# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate + +# (1) +ssl_certificate /etc/nginx/default_ssl.crt; +ssl_certificate_key /etc/nginx/default_ssl.key; + +# (2) +# ssl_trusted_certificate /path/to/ca.crt; + +# (3) +# ssl_client_certificate /etc/nginx/default_ssl.crt; diff --git a/h5bp/ssl/ocsp_stapling.conf b/h5bp/ssl/ocsp_stapling.conf new file mode 100644 index 0000000..07e21be --- /dev/null +++ b/h5bp/ssl/ocsp_stapling.conf @@ -0,0 +1,18 @@ +# ---------------------------------------------------------------------- +# | Online Certificate Status Protocol stapling | +# ---------------------------------------------------------------------- + +# OCSP is a lightweight, only one record to help clients verify the +# validity of the server certificate. +# OCSP stapling allow the server to send its cached OCSP record during +# the TLS handshake, whithout the need of 3rd party OCSP responder. +# +# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling +# https://tools.ietf.org/html/rfc6066#section-8 +# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling + +ssl_stapling on; +ssl_stapling_verify on; + +resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; +resolver_timeout 2s; diff --git a/h5bp/ssl/policy_intermediate.conf b/h5bp/ssl/policy_intermediate.conf new file mode 100644 index 0000000..9cc9c9b --- /dev/null +++ b/h5bp/ssl/policy_intermediate.conf @@ -0,0 +1,21 @@ +# ---------------------------------------------------------------------- +# | SSL policy - Intermediate | +# ---------------------------------------------------------------------- + +# For services that don't need compatibility with legacy clients +# (mostly WinXP), but still need to support a wide range of clients, +# this configuration is recommended. +# +# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. +# If you need to support older browsers (IE6) you may need to add +# SSLv3 to the list of protocols. +# +# Based on intermediate profile recommended by Mozilla. +# https://mozilla.github.io/server-side-tls/ssl-config-generator/ +# +# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations +# https://nginx.org/en/docs/http/ngx_http_ssl_module.html + +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; +ssl_prefer_server_ciphers on; diff --git a/h5bp/ssl/ssl_engine.conf b/h5bp/ssl/ssl_engine.conf new file mode 100644 index 0000000..a3af60b --- /dev/null +++ b/h5bp/ssl/ssl_engine.conf @@ -0,0 +1,31 @@ +# ---------------------------------------------------------------------- +# | SSL engine | +# ---------------------------------------------------------------------- + +# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes. +# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection. +# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state. +# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS. +# +# A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions +ssl_session_cache shared:SSL:10m; +ssl_session_timeout 24h; + +# SSL buffer size +# 1400 bytes to fit in one MTU +# ssl_buffer_size 1400; + +# Session tickets +# +# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and +# when a restart is performed the previous key is lost, which resets all previous +# sessions. The fix for this is to setup a manual rotation mechanism: +# https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx +# +# Note that you'll have to define and rotate the keys securely by yourself. In absence +# of such infrastructure, consider turning off session tickets: +ssl_session_tickets off; + +# Use a higher keepalive timeout to reduce the need for repeated handshakes +# Default: 75s +keepalive_timeout 300s; diff --git a/sites-available/ssl.example.com b/sites-available/ssl.example.com index 5b52bd1..7eaa162 100644 --- a/sites-available/ssl.example.com +++ b/sites-available/ssl.example.com @@ -20,7 +20,8 @@ server { # listen on the wrong host server_name www.example.com; - include h5bp/security/ssl_policy.conf; + include h5bp/ssl/ssl_engine.conf; + include h5bp/ssl/policy_intermediate.conf; # and redirect to the non-www host (declared below) return 301 https://example.com$request_uri; @@ -38,7 +39,8 @@ server { # The host name to respond to server_name example.com; - include h5bp/security/ssl_policy.conf; + include h5bp/ssl/ssl_engine.conf; + include h5bp/ssl/policy_intermediate.conf; # Path for static files root /var/www/example.com/public; diff --git a/sites-available/ssl.no-default b/sites-available/ssl.no-default index 95ea721..4a32d15 100644 --- a/sites-available/ssl.no-default +++ b/sites-available/ssl.no-default @@ -8,6 +8,7 @@ server { listen [::]:443 ssl default_server; listen 443 ssl default_server; - include h5bp/security/ssl_policy.conf; + include h5bp/ssl/ssl_engine.conf; + include h5bp/ssl/policy_intermediate.conf; return 444; }