> Am 04.08.2017 um 23:28 schrieb William A Rowe Jr <wr...@rowe-clan.net>: > > On Fri, Aug 4, 2017 at 4:26 AM, Stefan Eissing > <stefan.eiss...@greenbytes.de> wrote: >> I talked about some kind of SSL Policy definition in httpd's configuration >> in the past and am now about to get serious about it. Here is what I wan to >> do: >> >> Recap: the general idea is >> 2. Provide a set of already defined policies that either follow a public >> definition (like the Mozilla security classes) or express our idea of >> how configuration should look like. > > I read this aspect at this as more of a weakness than a benefit. > > OpenSSL is more likely to be promptly updated by our users than httpd > itself. Where ever httpd is overriding OpenSSL preferences, we will > simply be prolonging the use of discouraged policy. > > If a cipher is changed upstream in OpenSSL from HIGH to MEDIUM > strength (or dropped entirely), due to the discovery of a weakness in > the cipher, I believe it is important for httpd to pick up on that signal > without upgrade or recompilation.
That is not a matter of SSLPolicy or not, but how one uses SSLCipherSuite, inside or outside SSLPolicy. If someone configures nowadays an explicit cipher list (and not something like HIGH, MEDIUM), she does also not benefit from any OpenSSL updates in this regards. I talked with the OpenSSL team during the HTTP/2 development, why they do not take the Browser cipher requirements into their keyword definitions. At that time, the answer basically was that they see HTTP as just one layer up (among others) with which they are not directly concerned about and, if one wanted, one could add such definitions into the ssl config files. So, not their problem. Yikes! Let's check what people search for secure httpd ssl configs actually might find (this got a bit long, but bear with me): A duckduckgo search for "httpd secure ssl config" has as first hit for me https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html which talks about how to get a certificate and install that into httpd but says *nothing* about protocols or ciphers. The "additional resources" links to our website (good) and to http://www.modssl.org which says: "Current Version: mod_ssl 2.8.31 for Apache 1.3.41" This might mean * duckduckgo thinks I am old fashioned * there are no better descriptions on the web (not true, I know) * many sites refer to this centos doc and many people use it DoubleYikes! Back to our site: http://httpd.apache.org/docs/current/en/ssl/ssl_howto.html#onlystrong Our "only strong" recommendation for good performance is: SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5 Now, I am not the ultimate expert on this, but as I read Ivan Ristić this is not really recommended nowadays any more. (Here is SSLLabs doc on SSL config advice https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices which is generic for all servers). Then, more interesting, people might stumble on the "Mozilla SSL Configuration Generator" at https://mozilla.github.io/server-side-tls/ssl-config-generator/ which gives a complete Apache configuration where you select version and your security policy (ahem) and people will get: SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS I would guess that this is what people *copy* into their server configs and which then will get never, or only sporadically updated. TripleYikes! So, the question is: what do we want this generator actually to say? My idea is that when people select Apache httpd 2.4.28, they will see SSLPolicy modern instead. And I do not see how that can work with mod_macro as well as with a mod_ssl config directive. But I am listening. Thanks for the patience, -Stefan