Getting Perfect Forward Secrecy Question
Hello,
I run a VPS that GoDaddy leases me running CentOS 6.8 with Apache 2.4.18 and OpenSSL 1.0.1e-fips. If I wanted to enable "Perfect" Forward Secrecy (the Elliptic Curve Diffie-Hellman and the Diffie-Hellman cipher suites), would I need to custom compile OpenSSL and curl? Does cPanel support this? What I mean by that is if my OpenSSL library supports ECDHE and DHE, would the cPanel services like webmail, WHM, etc support it as well?
I'd like to say I'm still learning this stuff so bear with me if some of my questions are kind of simple. I'm still trying to learn everything and I'm very new to running a server on the internet, although I do have a good experience with various Linux distro's.
My limited understanding of this stuff is OpenSSL handles the SSL certificates I have and implements the various cipher suites. Is that correct?
I'm getting a bit confused. I type openssl ciphers and I see:
To me, that looks like openSSL already has DHE and ECDHE support compiled in. If that's the case, I wonder why ssllabs.com says my site does NOT support Forward Secrecy. Thanks!
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-IDEA-CBC-MD5:KRB5-DES-CBC3-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5
To me, that looks like openSSL already has DHE and ECDHE support compiled in. If that's the case, I wonder why ssllabs.com says my site does NOT support Forward Secrecy. Thanks!
-
I believe I have now figured this out and no longer need help. I'm now getting an A+ rating. I had to enable HSTS as well and mess with some of the ciphers and make sure the order was honored. Thanks though! 0 -
I believe I have now figured this out and no longer need help. I'm now getting an A+ rating. I had to enable HSTS as well and mess with some of the ciphers and make sure the order was honored. Thanks though!
Hello, I'm happy to see you were able to address the issue. Feel free to post the full steps you took to ensure this was addressed for other users who may experience a similar issue. Thanks!0 -
cPanelMichael, I will describe what I did but I would like to make a suggestion that I think cPanel should highly consider implementing. Right now, there are a few issues with 56.0.27 with configuring Apache from the WHM interface. I strongly feel that there should be some options that are just missing under Service Configuration -> Apache Configuration -> Global Configuration. We can configure the SSL Cipher Suite or use the default and we can configure the SSL / TLS Protocols (or use the default). However, there's no option to honor the SSL cipher order. This is important for "Perfect" Forward Secrecy. Also, there's no option to enable HTTP Strict Transport Security (HSTS). Enabling HSTS won't affect Forward Secrecy but it will allow a user to receive a score of A+ on Qualys SSL Lab test and more importantly, it should prevent man-in-the-middle attacks all together. According to Wikipedia, HSTS is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. HTTP Strict Transport Protocol forces any HTTP requests to be sent over HTTPS. Now that SSL certificates can be obtained for free by Let's Encrypt, there's no reason websites shouldn't have an SSL certificate, even if they're not dealing with sensitive information. If your website pulls pictures or other data from non-secure (HTTP) websites, enabling HTTP Strict Transport Protocol will prevent these pictures / data from being successfully pulled. You'll either have to not enable HTTP Strict Transport Protocol or (the better option in my opinion), store those files locally on your site, or (the best option out of all of them), contact the other domain owners and convince them to obtain an SSL certificate (perhaps a free one from Let's Encrypt?) right now, the only way to enable it is by editing files using the terminal (via SSH) as far as I can tell. These are the steps that I took to enable "Perfect" Forward Secrecy and HSTS: In WHM, I went to Service Configuration -> Apache Configuration -> Global Configuration. I then scrolled down to the SSL Cipher Suite and entered my own. This is the value I entered: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
I got this list from the Apache mailing list. A doctor suggested them and I feel that it's a very good list. It disables weak ciphers but still provides the majority of clients to connect. It will disable XP users running IE 6 though along with Java 6. However, this shouldn't be a real problem for anyone anymore I feel. If you're running XP and connecting to the internet with IE 6, you probably should upgrade. The more websites that drop support for IE 6, the better, especially seeing how IE 8 can be installed in Windows XP now. ======================== Enable HTTP Strict Transport Protocol ======================== Log into your server via SSH, run su to become root, copy ssl_vhost.default to ssl_vhost.local and use your favorite text editor to edit the ssl_vhost.local file.su cp -p /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local nano -w /var/cpanel/templates/apache2_4/ssl_vhost.local
The cp program copies the file, the -p option tells cp to preserve permissions on the new file. The -w that I passed to nano tells nano not to wrap long lines. Inside ssl_vhost.local, the very first line should be something like:
Directly under that add the following text:# Enable HTTP Strict Transport Security Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
So, the first three lines of that file should now look something like this:# Enable HTTP Strict Transport Security Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Save that file (if you're in nano, hit CTRL-X and then hit enter to accept the default file name, ssl_vhost.local). ======================== Enable Forward Secrecy ======================== The next part that's important is telling Apache to honor the cipher list order. Copying main.default to main.local and modify main.local.cp -p /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local nano -w /var/cpanel/templates/apache2_4/main.local
In this file, we're looking for the following line:[% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]
If you're using nano, you can just hit CTRL-W, copy and then paste that text in search field and then hit enter to search for it. Once you find it, directly under that add the following text::SSLHonorCipherOrder on
So, in the end, the main.local file should look like this:[% IF main.sslprotocol.item.sslprotocol.length %]SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %] SSLHonorCipherOrder on
Save the file (if in nano, just hit ctrl-x and then enter to save as the default name (main.local). Restart apache:service httpd restart
======================== Whitelist SSL Labs in csf / lfd ======================== If you're running something like csf / lfd, you're going to want to whitelist Qualys SSL Lab's servers so they don't get blocked. I did this by adding the following entry to /etc/csf/csf.ignore64.41.200.0/24 # SSL Lab's server (for scanning our SSL certs)
Keep in mind, this will whitelist all IP addresses from 64.41.200.1 to 64.41.200.255. You can remove the line afterwards if you'd like. You might need to restart csf / lfd in order for the changes to take affect. ======================== Test your SSL certificates ======================== By going to SSL Server Test (Powered by Qualys SSL Labs) you can verify that HSTS and / or Forward Secrecy are both enabled. Enter your domain name and if you don't want your results posted publically, make sure you check the little box that says Do not show the results on the boards. If you did everything correctly, you should NOT get the warning at the top of the results saying Forward Secrecy is not enabled and you should see a green bar that now says: HTTP Strict Transport Security (HSTS) with long duration deployed on this server. You can also search the page for the words Forward Secrecy and you should see something that says: Yes (with most browsers) ROBUST The only reason it doesn't say with all browsers is because for compatibility with certain browsers, we allow weaker ciphers. SSL Labs shows a list of clients that it tries connecting with and their versions. IE 8 for XP does not support Forward Secrecy, at least not by default. I didn't want to disable TLSv1.0 and lose support for XP people so I left that protocol enabled. Could you tell me why there isn't an option for HSTS and why there's no option to honor the cipher list order? If there were an option for HSTS, there should also be an option for the max-age value. That max age value should be set to 6 months or higher. Thanks!0 -
One thing to note is that if you follow these directions to enable Forward Secrecy, because of the cipher suite I picked, your server is NOT mitigating BEAST attacks. There are only two ways that I know of to prevent BEAST attacks. 1) Only support SSL / TLS protocols TLSv1.1 and TLSv1.2. Remove support for TLSv1.0, SSL2, and SSL3. 2) Enable RC4 for an SSL cipher. For 1) I didn't feel enough clients supported TLSv1.1 and TLSv1.2. I felt a good majority still supported only TLSv1. For 2) I didn't feel RC4 was strong enough. BEAST has been pretty much dealt with on the client side now. Unless a person is using an extremely old client, it cannot be used to gain data. So hackers would only be able to grab data from users using really, really outdated browsers. I felt leaving TLSv1.0 enabled outweighed the small chance that someone was still vulnerable to BEAST. Remember also, BEAST isn't a very easy exploit to use. If the user is using an old client, I'm sure there's easier exploits a hacker could use instead of BEAST. If someone smarter than me was to come along, I bet they might be able to find a better cipher list or a better order for those ciphers. I haven't played around too much with the cipher list / order but if I get some time, I might. Just a thought. 0 -
I can't seem to edit my post now but I did forget to tell people to rebuild the Apache conf file. This should be before you restart Apache but after you finish editing all the files. You do this by running: /scripts/rebuildhttpdconf
There was a new version of cPanel released the other day, v56.0.28. When I ran EasyApache 3, there were error messages with some of my .local files. So what I did was delete the main.local and ssl_vhost.local and then I copied main.default to main.local and ssl_vhost.default to ssl_vhost.local and made the changes to the two files again. This fixed the error messages with EasyApache 30 -
Did you have any issues with main.local's changes being honored? When I add ssl_vhost.local I can see those changes make it to httpd.conf after running rebuildhttpconf, however, none of the changes in main.local seem to be utilized. In fact if I edit main.default as a test and then run /scripts/rebuildhttpconf those don't seem to be coming through either. Using EasyApache 4 too, not EasyApache 3. 0 -
Nevermind, figured it out. I couldn't find any documentation on it, but if you are using EasyApache 4 and you look at the directory: /var/cpanel/templates/apache2_4 besides having main.default, there is also a new file: ea4_main.default That is the one actually being utilized, main.default must be for EasyApache 3. Once I made the changes in ea4_main.default and then ran: /scripts/rebuildhttpdconf Everything was correctly placed in: /etc/apache2/conf/httpd.conf Hope this helps someone in the future :) 0 -
Firstly a huge thank you to Spork Schivago for a very helpful and informative step by step on this. And Bigwebmaster for the extra information for those of us who've been silly / brave enough to make the leap to EA4. I really think that with such a big issue on internet security that this should be way easier. I really don't like hacking my way round these issues as often changes made are simply overwritten at the next update and you end up with bigger problems when you think you're covered. The beauty of WHM /cPanel is meant to be that people without this in-depth level of knowledge (like me) can keep updated and protect themselves easily - that's what you pay for. I know versions and revisions take a long time in the pipeline but we have known about the direction SSL is going in for years and WHM are often so slow to take up the reins on relatively small changes. Once I made the changes in ea4_main.default
In this file it says: DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE So would you copy this as suggested for the ea3 guidance? It says to use include file `pre_main_global.conf`however there are many to choose from on the system: /home/virtfs/USER/usr/local/apache.ea3/conf_pre_ea3/includes/pre_main_global.conf /home/virtfs/USER/usr/local/apache.ea3/conf/includes/pre_main_global.conf /home/virtfs/USER/etc/apache2/conf.d/includes/pre_main_global.conf /root/backup/conf/includes/pre_main_global.conf /usr/local/apache.ea3/conf_pre_ea3/includes/pre_main_global.conf /usr/local/apache.ea3/conf/includes/pre_main_global.conf /etc/apache2/conf.d/includes/pre_main_global.conf0 -
What I have done which has seemed to work is navigate to: /etc/apache2/conf.d/includes/pre_main_gloobal.conf mine was blank so I simply added: # Enable HTTP Strict Transport Security Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" SSLHonorCipherOrder on
This should also mean that there is no overwriting with future updates. This got the A+ rating on SSL Labs0 -
Also I realized above I didn't mention using: ea4_main.local I copied ea4_main.default to ea4_main.local and then made the changes to the local version. The default will probably be overwritten during updates. Remember these are the templates that get used to actually create: /etc/httpd/conf/httpd.conf So the purpose of that automatically generated message is for it to be passed to the generated httpd.conf. These templates themselves, if using the .local version aren't automatically generated. For the Enable HTTP Strict Transport Security, I put that directly in: ea4_main.local You might be able to find a way to get the includes to work for this too, but just remember that this is the template that is used to generate the output. I even updated my template to include more information at the top: # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # Direct modifications to the Apache configuration file WILL be lost upon subsequent # regeneration of this configuration file, or an Apache update. # # To have your modifications retained, you should create/edit administrator-specific # include files: # # [% paths.dir_conf_includes %]/pre_main_global.conf # [% paths.dir_conf_includes %]/pre_virtualhost_global.conf # [% paths.dir_conf_includes %]/post_virtualhost_global.conf # # Edit templates used to create this file at: # # /var/cpanel/templates/apache2_4 # # To see if whatever changes you make show up at: # # /etc/httpd/conf/httpd.conf # # Run the following: # # /scripts/rebuildhttpdconf # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #0 -
I really think that with such a big issue on internet security that this should be way easier. I really don't like hacking my way round these issues as often changes made are simply overwritten at the next update and you end up with bigger problems when you think you're covered.
Hello, We do offer a document on PCI compliance at: PCI Compliance and Software Versions - cPanel Knowledge Base - cPanel Documentation However, to your point, I suggest voting and adding feedback to the following feature request: Unify PCI Compliance options on one screen This suggest a single interface to manage all PCI compliance settings. Thank you.0 -
Thanks everyone for these tips. I was able to get an A+ rating from ssllabs by using these simplified steps: At Home / Service Configuration / Apache Configuration / Global Configuration, I set: SSL Cipher Suite: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS (as per Spork's suggestion) SSL/TLS Protocols: All -SSLv2 -SSLv3 -TLSv1 (for my limited audience, I chose to disable TLSv1.0 but maybe not right choice for big public websites yet) Then at Home / Service Configuration / Apache Configuration / Include Editor, I edited Pre Main Include (All Versions) and pasted these two lines: Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" SSLHonorCipherOrder on I then rebuilt Apache and I'm getting A+ ratings. Note that I have a mix of always-SSL and never-SSL websites hosted on my server, and they all continue to work fine. The header Strict-Transport-Security is even returned on my never-SSL websites, which doesn't seem right, but the docs at Wikipedia say it is always ignored on non-SSL responses and that matches my experience so far. ssllabs shows the header being returned/recognized on my SSL websites. This blog post from last year also suggests editing Pre Main Include ( Getting an A+ on SSL Labs test in on all cPanel domains in 5 minutes - kris.io : virtualization & cloud ) rather than directly editing conf files. I mention this since it's easier to edit Pre Main Include and it might persist better & avoid closing you off from future updates to the core conf templates. 0 -
@0884094 - Thanks for that info - huge help! 0 -
Thanks everyone for these tips...Then at Home / Service Configuration / Apache Configuration / Include Editor, I edited Pre Main Include (All Versions) and pasted these two lines: Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" SSLHonorCipherOrder on ...
The only concern I have with setting the HSTS using the Apache Configuration / Include Editor is that I think this will make it fail a security scan with a lot of auditing software (software like Nessus). Don't quote me on this, but I believe the HTTP Strict-Transport-Security header should only be set for HTTPS connections and never for HTTP. If they detect it, you get a low warning message. This isn't necessarily bad, but I don't think it's right. Are there any includes for SSL specific stuff? I couldn't find one, hence the reason I went through using the templates. The problem with the templates isn't so much them getting replaced. cPanel doesn't replace the .local templates, but they do update the .default templates. And every time a .default template is updated, the .local templates need to be updated to match. This makes it a pain in the butt to administer, at least in my opinion. I think if there isn't an include file for SSL specific stuff, cPanel might want to consider adding one, so we could add SSL specific Apache directives and not have to use templates anymore at all. Thanks!0 -
What I have done which has seemed to work is navigate to: /etc/apache2/conf.d/includes/pre_main_gloobal.conf mine was blank so I simply added:
# Enable HTTP Strict Transport Security Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" SSLHonorCipherOrder on
This should also mean that there is no overwriting with future updates. This got the A+ rating on SSL Labs
I believe this sets HTTP Strict Transport Security header globally and not just for HTTPS connections, doesn't it? I need to check into it because I can't remember for certain, but I almost remember we're not supposed to do that. This would cause issues with certain auditing software, but even more importantly, I think this prevents people from getting on the HSTS preload list. Here's a list of requirements:1. Serve a valid certificate. 2. Redirect from HTTP to HTTPS on the same host, if you are listening on port 80. 3. Serve all subdomains over HTTPS. In particular, you must support HTTPS for the www subdomain if a DNS record for that subdomain exists. 4. Serve an HSTS header on the base domain for HTTPS requests: The max-age must be at least eighteen weeks (10886400 seconds). The includeSubDomains directive must be specified. The preload directive must be specified. If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (rather than the page it redirects to). For more details on HSTS, please see RFC 6797. Here is an example of a valid HSTS header: Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
#4 is the one I'm questioning. Serve an HSTS header on the base domain for HTTPS requests. It doesn't say serve an HSTS header on the base domain. It specifically says for HTTPS requests. I think the reason I didn't use the include editors was because I could not find a way to set it only for the SSL domains / subdomains. I could only find a way to do it using the templates. Maybe someone a little more familiar with the Apache Includes could chime in and let me know if there's an include file that's only valid for SSL connections? Thanks!0 -
Thanks everyone for these tips. I was able to get an A+ rating from ssllabs by using these simplified steps: At Home / Service Configuration / Apache Configuration / Global Configuration, I set: SSL Cipher Suite: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS (as per Spork's suggestion) SSL/TLS Protocols: All -SSLv2 -SSLv3 -TLSv1 (for my limited audience, I chose to disable TLSv1.0 but maybe not right choice for big public websites yet) Then at Home / Service Configuration / Apache Configuration / Include Editor, I edited Pre Main Include (All Versions) and pasted these two lines: Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" SSLHonorCipherOrder on I then rebuilt Apache and I'm getting A+ ratings.
Thanks for this. There's just one extra step I had to perform - At Home / Service Configuration / Apache Configuration / Include Editor, in the Pre VirtualHost include remove the "Header" line. (This prevents sending 2 headers and getting the "Server provided more than one HSTS header" error from the Qualys report0
Please sign in to leave a comment.
Comments
16 comments