On 2013-10-15 00:39, Piotr Sikora wrote:
Hi Julien,
I spent some time hacking on my SSL conf recently. Nothing new, but I
figured I'd share it with the group:
https://jve.linuxwall.info/blog/index.php?post/2013/10/12/A-grade-SSL/TLS-with-Nginx-and-StartSSL
Feel free to comment here.
a few pointers for configuring state-of-the-art TLS on Nginx.
Far from it, from the top:
build_static_nginx.sh
You should be using:
--with-openssl=../openssl-1.0.1e
--with-openssl-opt="enable-ec_nistp_64_gcc_128"
instead of compiling OpenSSL yourself and playing with CFLAGS & LDFLAGS.
Afaik, the above dynamically links openssl. Am I wrong?
listen 443;
ssl on;
That's deprecated syntax, you should be using:
listen 443 ssl;
noted, but that doesn't impact security
ssl_dhparam /path/to/dhparam.pem;
While there is nothing wrong with it per se, DH params are only used
by DHE, which is simply too slow to be used.
Are you saying you would rather use non-PFS ciphers than wait an extra 15ms
to complete a DHE handshake? I wouldn't.
ssl_session_timeout 5m;
Not only doesn't it change anything (5m is the default value), but
it's way too low value to be used.
Few examples from the real world:
Google : 28h
Facebook : 24h
CloudFlare: 18h
Twitter : 4h
Interesting information, which I didn't have before. May I ask how you
collected it?
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
SSLv3 is still out there, so you shouldn't be dropping support for it
unless you know the consequences very well... This definitely
shouldn't be a general recommendation.
ssl_ciphers
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';
Why would you put ECDSA cipher suites here when you're using RSA
certificate?
Because someone else might use DSA certificates.
You should also disable:
- DHE cipher suites, because they're too slow compared to the alternative,
No. The alternatives aren't available everywhere.
- CAMELLIA cipher suites (if you're using AES-NI), because they're too
slow compared to the alternative.
Again, I don't control clients. I push down unwanted ciphers, but I won't
disable them unless they are obviously broken (MD5, ...).
Overall, that's far from the state-of-the-art SSL configuration for
nginx. The only good thing about it is that it's using OCSP and
achieves "A" grade on ssllabs.com, which can tell you a lot about the
quality of the tests they're running.
I appreciate the feedback, but no need to be rude about it ;)
- Julien
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
