Web server SSL best practices

Introduction

Configuring web servers to use TLS (SSL) securely is a fairly difficult problem given the currently known security holes in old encryption methods and the plethora of encryption ciphers available. This page collects some configuration information for Apache web servers in particular, however, some links contain information about other web servers as well.

Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet.

In the most secure web servers, only the latest TLS_1.2 should be used. However, for compatibility with old web clients (Internet Explorer on Windows XP and Vista, for example) the older TLS_1.1 or even TLS_1.0 may have to be allowed.

SSLv2 and SSLv3 MUST NOT be used

The obsolete protocol SSLv2 MUST NOT be used, see:

The insecure protocol SSLv3 MUST NOT be used, see:

See also information about the so-called POODLE Attack:

There are some good discussions about configuring SSL:

SSL Cipher Suite configuration

The SSLCipherSuite (Cipher Suite available for negotiation in SSL handshake) configuration is really complicated. Very important recommendations for a number of different web servers are in:

In fact, one may generate an appropriate SSL configuration (including SSLCipherSuite for Apache) in the page:

Configuring SSL and TLS in browsers

SSL can be disabled in browsers too. Some interesting pages are:

Apache configuration

Linux configuration files

The RHEL/CentOS default Apache config files are in /etc/httpd/conf.d/. Apache loads config files in alphanumeric order, so file names starting with digits will be read first.

Apache ssl.conf file

The ssl.conf configuration file should (probably) be renamed as 02ssl.conf so that Apache reads it before other config files.

Configure the SSL certificates files in the (renamed) 02ssl.conf file, and in all subsequent virtual server .conf files for each server instance, as:

SSLCertificateFile      /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile   /path/to/private/key
SSLCACertificateFile    /path/to/all_ca_certs

Now make these Apache global configurations in 02ssl.conf:

SSLEngine on
# intermediate security configuration, disable obsolete SSLv2 and SSLv3
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          <paste ciphersuite from links in above section>
SSLHonorCipherOrder     on

Apache v2.2 documentation:

  • SSLEngine toggles the usage of the SSL/TLS Protocol Engine.

  • SSLProtocol control the SSL protocol flavors mod_ssl should use when establishing its server environment.

  • SSLHonorCipherOrder server’s cipher preference order in stead of client’s order.

It is necessary to disable TLS 1.0 SSLCompression to avoid CRIME attacks, and in Apache 2.2.24 and above one must configure:

SSLCompression off

Testing SSL security

It is important to verify the security, as well as the web client compatibility, of your SSL based web server. This is not a simple matter.

There are SSL testing tools available on the Internet:

In test results, make sure that SSLv2 and SSLv3 are shown as disabled. You should also check the table of client compatibility in order to ensure that no important clients will be broken with this server.

Testing of SSL version

On a Linux computer you can test the SSLv2 or SSLv3 protocol on a given web server, for example:

openssl s_client -connect myserver.example.com:443 -ssl3

If SSLv3 is correctly disabled you should get a handshake error:

139743822751616:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
139743822751616:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

Otherwise the command should print the server certificate information.