On 8 December 2014 at 22:44, Sander Rijken <san...@sanderrijken.nl> wrote:
> System is Ubuntu 12.04 LTS server, with openssl 1.0.1 and haproxy 1.5.9
>
>     OpenSSL> version
>     OpenSSL 1.0.1 14 Mar 2012
>
>
> I'm currently using the following, started with the suggested [stanzas][1]
> (formatted for readability, it is one long line in my config):
>
>     bind 0.0.0.0:443 ssl crt mycert.pem no-tls-tickets ciphers \
>         ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384: \
>
> ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: \
>
> ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256: \
>         AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
>
> [1]: https://gist.github.com/rnewson/8384304
>
> ssllabs.com indicates FS is not used. When I disable all algorithms except
> the ECDHE ones, I get SSL connection error (ERR_SSL_PROTOCOL_ERROR), so
> something on the system doesn't support FS.
>
> Any ideas?

I'm not best placed to help you debug your setup, but you might diff
your versions and setup against what I have on my personal site, which
SSLlabs says has "Robust" forward secrecy. I followed the server-side
recommendations of the "Modern" setup, here:
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

Here's some data you can check against, along with the commands I used
to generate it:

------------------------------------------------
user:~$ /usr/sbin/haproxy -vv
HA-Proxy version 1.5.8 2014/10/31
Copyright 2000-2014 Willy Tarreau <w...@1wt.eu>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
  OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.30 2012-02-04
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

user:~$ ldd /usr/sbin/haproxy
    linux-gate.so.1 =>  (0xffffe000)
    libcrypt.so.1 => /lib/i386-linux-gnu/i686/cmov/libcrypt.so.1 (0xb76b4000)
    libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb769b000)
    libssl.so.1.0.0 =>
/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 (0xb7641000)
    libcrypto.so.1.0.0 =>
/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb7483000)
    libpcre.so.3 => /lib/i386-linux-gnu/libpcre.so.3 (0xb7445000)
    libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb72e0000)
    libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb72dc000)
    /lib/ld-linux.so.2 (0xb76f9000)

user:~$ apt-cache policy openssl haproxy | grep -i -e install -e ^[a-z]
openssl:
  Installed: 1.0.1e-2+deb7u13
haproxy:
  Installed: 1.5.8-1~bpo70+1

user:~$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

user:~$ openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5

user:~$ grep -e ssl -e bind -e crt /etc/haproxy/haproxy.cfg
    ssl-default-bind-ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
  ssl-default-bind-options no-sslv3
  tune.ssl.default-dh-param 2048
  bind :443 ssl crt /etc/ssl/haproxy.pem

user:/# openssl x509 < /etc/ssl/haproxy.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: XXX
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate
Signing, CN=StartCom Class 1 Primary Intermediate Server CA
        Validity
            Not Before: Nov 10 00:09:25 2014 GMT
            Not After : Nov 11 18:09:38 2015 GMT
        Subject: C=GB, CN=XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    XXX
                Exponent: XXX
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Subject Key Identifier:
                XXX
            X509v3 Authority Key Identifier:
                keyid:XXX

            X509v3 Subject Alternative Name:
                XXX
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.23223.1.2.3
                  CPS: http://www.startssl.com/policy.pdf
                  User Notice:
                    Organization: StartCom Certification Authority
                    Number: 1
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.startssl.com/crt1-crl.crl

            Authority Information Access:
                OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
                CA Issuers -
URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt

            X509v3 Issuer Alternative Name:
                URI:http://www.startssl.com/
    Signature Algorithm: sha256WithRSAEncryption
        XXX

------------------------------------------------

HTH,
Jonathan

Reply via email to