« Previous 1 2 3 4 5
SSL/TLS best practices for websites
Keeping Secrets
10.3 HSTS
HTTP Strict Transport Security (HSTS), described in RFC 6797 [1], implements strict rules for encrypting websites. The server discloses the policies in the HTTP response header to compatible browsers (Figure 2).
If HSTS is enabled, a compliant web browser exclusively uses TLS to communicate with a website. This approach stops a few security holes that are otherwise hard to close, such as visits via plain text bookmarks or links, insecure cookies, SSL stripping, and mixed content in the same domain. Strict Transport Security also ensures secure handling of invalid certificates. Without HSTS, web browsers let the user decide what to do in case of invalid certificates. But, most users cannot distinguish between attacks and misconfigurations, which makes them potential victims of network attacks. With HSTS, however, invalid certificates remain invalid and cannot be worked around. It is best to enable Strict Transport Security for a complete domain name, including its subdomains.
Configuration Recommendations
The following sample configurations require support for elliptic curve cryptography (EC), which is required for a modern SSL deployment. Unfortunately, EC is not available everywhere. In the case of the Apache web server, EC was introduced in version 2.2.6; many older installations do not include the feature. However, the version number alone is not conclusive. Some distributions, such as Debian, have backported EC for their Apache packages.
A quick look at the release notes is therefore essential. Until recently, Fedora and Red Hat still disabled EC; an update to a recent release should remedy add EC support. In case of emergency, you can build Apache 2.4.x from sources with statically linked Open SSL – see the discussion at the my website [2].
Listing 2 shows the Apache instructions for the global SSL configuration. The configuration information resides in different files on different distributions. In the original source code for Apache 2.4.x, the file is $SERVER_ROOT/conf/extra/httpd-ssl.conf
, Debian and Ubuntu use /etc/apache2/mods-available/ssl.conf
, and Red Hat uses /etc/httpd/conf.d/ssl.conf
. The Mod_SSL Guide [3] includes the SSL configuration directives for Apache. Listing 3 shows the configuration for the nginx web server.
Listing 2
Apache Configuration
01 SSLProtocol all -SSLv2 -SSLv3 02 SSLHonorCipherOrder On 03 SSLCipherSuite "ECDHE-ECDSA-AES128-GCM-SHA256 \ 04 ECDHE-ECDSA-AES256-GCM-SHA384 \ 05 ECDHE-RSA-AES128-GCM-SHA256 \ 06 ECDHE-RSA-AES256-GCM-SHA384 \ 07 DHE-RSA-AES128-GCM-SHA256 \ 08 DHE-RSA-AES256-GCM-SHA384 \ 09 ECDHE-ECDSA-AES128-SHA \ 10 ECDHE-ECDSA-AES256-SHA \ 11 ECDHE-ECDSA-DES-CBC3-SHA \ 12 ECDHE-RSA-AES128-SHA \ 13 ECDHE-RSA-AES256-SHA \ 14 ECDHE-RSA-DES-CBC3-SHA \ 15 DHE-RSA-AES128-SHA \ 16 DHE-RSA-AES256-SHA \ 17 EDH-RSA-DES-CBC3-SHA \ 18 AES128-GCM-SHA256 \ 19 AES256-GCM-SHA384 \ 20 AES128-SHA \ 21 AES256-SHA \ 22 DES-CBC3-SHA" 23 24 # Only with Apache 2.2.24+ and Apache 2.4.3+ 25 SSLCompression Off 26 27 SSLSessionCache shmcb:/path/to/ssl_scache(1024000) 28 SSLSessionCacheTimeout 3600 29 30 # Only with Apache 2.4.x 31 SSLUseStapling On 32 SSLStaplingCache shmcb:/path/to/stapling_cache(128000) 33 # HSTS policies are persistent; learn more 34 # about HSTS before enabling the following 35 # rule for best security. 36 #Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Listing 3
Nginx Configuration
01 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 02 ssl_prefer_server_ciphers on; 03 ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 \ ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA \ DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA \ AES256-SHA DES-CBC3-SHA"; 04 ssl_session_cache shared:ssl_session_cache:1M; 05 ssl_session_timeout 60m; 06 # Only with Nginx 1.4.x and newer 07 ssl_stapling on; 08 09 # HSTS policies are persistent; learn more about HSTS 10 # before enabling the following rule for best security. 10 #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
The instructions are contained in the http
section of the file, which typically resides in /etc/nginx/nginx.conf
. By the way, all the information must be in a single line for the ssl_ciphers
statement. See the Nginx project website for documentation on configuring SSL [4].
Infos
- HTTP Strict Transport Security (RFC 6797): http://tools.ietf.org/html/rfc6797
- Ivan Ristic, "Compiling Apache with static OpenSSL libraries": http://blog.ivanristic.com/2013/08/compiling-apache-with-static-openssl.html
- Mod_SSL Manual: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
- SSL for Nginx: http://nginx.org/en/docs/http/ngx_http_ssl_module.html
« Previous 1 2 3 4 5
Buy this article as PDF
(incl. VAT)