On 8 December 2014 at 22:44, Sander Rijken <[email protected]> wrote: > System is Ubuntu 12.04 LTS server, with openssl 1.0.1 and haproxy 1.5.9 > > OpenSSL> version > OpenSSL 1.0.1 14 Mar 2012 > > > I'm currently using the following, started with the suggested [stanzas][1] > (formatted for readability, it is one long line in my config): > > bind 0.0.0.0:443 ssl crt mycert.pem no-tls-tickets ciphers \ > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384: \ > > ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: \ > > ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256: \ > AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3 > > [1]: https://gist.github.com/rnewson/8384304 > > ssllabs.com indicates FS is not used. When I disable all algorithms except > the ECDHE ones, I get SSL connection error (ERR_SSL_PROTOCOL_ERROR), so > something on the system doesn't support FS. > > Any ideas?
I'm not best placed to help you debug your setup, but you might diff your versions and setup against what I have on my personal site, which SSLlabs says has "Robust" forward secrecy. I followed the server-side recommendations of the "Modern" setup, here: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Here's some data you can check against, along with the commands I used to generate it: ------------------------------------------------ user:~$ /usr/sbin/haproxy -vv HA-Proxy version 1.5.8 2014/10/31 Copyright 2000-2014 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.30 2012-02-04 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. user:~$ ldd /usr/sbin/haproxy linux-gate.so.1 => (0xffffe000) libcrypt.so.1 => /lib/i386-linux-gnu/i686/cmov/libcrypt.so.1 (0xb76b4000) libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb769b000) libssl.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 (0xb7641000) libcrypto.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb7483000) libpcre.so.3 => /lib/i386-linux-gnu/libpcre.so.3 (0xb7445000) libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb72e0000) libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb72dc000) /lib/ld-linux.so.2 (0xb76f9000) user:~$ apt-cache policy openssl haproxy | grep -i -e install -e ^[a-z] openssl: Installed: 1.0.1e-2+deb7u13 haproxy: Installed: 1.5.8-1~bpo70+1 user:~$ openssl version OpenSSL 1.0.1e 11 Feb 2013 user:~$ openssl ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 user:~$ grep -e ssl -e bind -e crt /etc/haproxy/haproxy.cfg ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK ssl-default-bind-options no-sslv3 tune.ssl.default-dh-param 2048 bind :443 ssl crt /etc/ssl/haproxy.pem user:/# openssl x509 < /etc/ssl/haproxy.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: XXX Signature Algorithm: sha256WithRSAEncryption Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA Validity Not Before: Nov 10 00:09:25 2014 GMT Not After : Nov 11 18:09:38 2015 GMT Subject: C=GB, CN=XXX Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: XXX Exponent: XXX X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Key Identifier: XXX X509v3 Authority Key Identifier: keyid:XXX X509v3 Subject Alternative Name: XXX X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.23223.1.2.3 CPS: http://www.startssl.com/policy.pdf User Notice: Organization: StartCom Certification Authority Number: 1 X509v3 CRL Distribution Points: Full Name: URI:http://crl.startssl.com/crt1-crl.crl Authority Information Access: OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca CA Issuers - URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt X509v3 Issuer Alternative Name: URI:http://www.startssl.com/ Signature Algorithm: sha256WithRSAEncryption XXX ------------------------------------------------ HTH, Jonathan
