Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
<div style="float:left;" class="toclimit-3">__TOC__</div> | <table><tr> | ||
<td><div style="float:left;" class="toclimit-3">__TOC__</div></td> | |||
<td>test</td> | |||
</tr></table> | |||
This document provides guidelines for the configuration of SSL/TLS on servers. All Mozilla sites and deployment should follow the recommendations below. | This document provides guidelines for the configuration of SSL/TLS on servers. All Mozilla sites and deployment should follow the recommendations below. | ||
| Line 153: | Line 157: | ||
</source> | </source> | ||
= OCSP Stapling = | |||
When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that the lists have grown huge and take forever to download. OCSP is much more lightweight, as only one record is retrieved at a time. But the side effect is that OCSP requests must be made to a 3rd party OCSP responder when connecting to a server, which adds latency and potential failures. | When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that the lists have grown huge and take forever to download. OCSP is much more lightweight, as only one record is retrieved at a time. But the side effect is that OCSP requests must be made to a 3rd party OCSP responder when connecting to a server, which adds latency and potential failures. | ||
| Line 164: | Line 168: | ||
</pre> | </pre> | ||
= Recommended Servers Configurations = | |||
= Recommended | |||
== Zeus (Riverbed Stingray) == | == Zeus (Riverbed Stingray) == | ||
Zeus lacks support for TLS1.2, Elliptic Curves, AES-GCM and OCSP Stapling. | Zeus lacks support for TLS1.2, Elliptic Curves, AES-GCM and OCSP Stapling. | ||
| Line 433: | Line 402: | ||
= Appendices = | = Appendices = | ||
== Supported ciphers on various systems == | |||
On a variety of ~900 systems (RHEL5 & 6, CentOS 5 & 6 and Ubuntu), the following versions of OpenSSL were found: | |||
{| class="wikitable" | |||
|- | |||
| 37 || OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 | |||
|- | |||
| 35 || OpenSSL 0.9.8k 25 Mar 2009 | |||
|- | |||
| 777 || OpenSSL 1.0.0-fips 29 Mar 2010 | |||
|- | |||
| 18 || OpenSSL 1.0.1 14 Mar 2012 | |||
|} | |||
The recommended ciphersuite was tested on each system. The list below shows the ciphersuites supported by all tested systems. However old your setup may be, it is safe to assume that the following ciphers are going to be available, in the following order: | |||
{| class="wikitable" | |||
|- | |||
! Cipher !! Has Forward Secrecy !! Issues | |||
|- | |||
| RC4-SHA || No || RC4 Warning | |||
|- | |||
| DHE-RSA-AES128-SHA || Yes || vulnerable to BEAST | |||
|- | |||
| DHE-RSA-AES256-SHA || Yes || vulnerable to BEAST | |||
|- | |||
| AES256-SHA || No || vulnerable to BEAST | |||
|- | |||
| DHE-DSS-AES128-SHA || Yes || vulnerable to BEAST | |||
|- | |||
| DHE-DSS-AES256-SHA || Yes || vulnerable to BEAST | |||
|- | |||
| AES128-SHA || No || vulnerable to BEAST | |||
|} | |||
== Attacks on TLS == | == Attacks on TLS == | ||
=== BEAST CVE-2011-3389 === | === BEAST CVE-2011-3389 === | ||