add README for non-git users
[ach-master.git] / src / practical_settings.tex
1 \section{Recommendations on practical settings}
2
3
4 \subsection{SSL}
5
6 At the time of this writing, SSL is defined in RFCs:    
7
8 \begin{itemize}
9 \item RFC2246 - TLS1.0          
10 \item RFC3268 - AES             
11 \item RFC4132 - Camelia         
12 \item RFC4162 - SEED            
13 \item RFC4279 - PSK             
14 \item RFC4346 - TLS 1.1         
15 \item RFC4492 - ECC             
16 \item RFC4785 - PSK\_NULL               
17 \item RFC5246 - TLS 1.2         
18 \item RFC5288 - AES\_GCM                
19 \item RFC5289 - AES\_GCM\_SHA2\_ECC             
20 \item RFC5430 - Suite B         
21 \item RFC5487 - GCM\_PSK                
22 \item RFC5489 - ECDHE\_PSK              
23 \item RFC5932 - Camelia         
24 \item RFC6101 - SSL 3.0         
25 \item RFC6209 - ARIA            
26 \item RFC6367 - Camelia         
27 \item RFC6655 - AES\_CCM                
28 \item RFC7027 - Brainpool Curves                
29 \end{itemize}
30
31 \subsubsection{Overview of SSL Server settings}
32
33 Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others. 
34 We followed the recommendations by Ivan Ristic's \cite{RisticSSLTLSDeploymentBestPractices}SSL/TLS Deployment Best Practices document (section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers.
35
36 The results of following his adivce is a categorisation of cipher suites.
37
38 \begin{center}
39 \begin{tabular}{| l | l | l | l | l|}
40 \hline
41 & Version   & Key\_Exchange  & Cipher    & MAC       \\ \hline
42 \cellcolor{green}prefer  & TLS 1.2   & DHE\_DSS   & AES\_256\_GCM   & SHA384        \\ \hline
43     &   & DHE\_RSA   & AES\_256\_CCM   & SHA256        \\ \hline
44     &   & ECDHE\_ECDSA   & AES\_256\_CBC   &       \\ \hline
45     &   & ECDHE\_RSA &   &       \\ \hline
46     &   &   &   &       \\ \hline
47 \cellcolor{orange}consider    & TLS 1.1   & DH\_DSS    & AES\_128\_GCM   & SHA       \\ \hline
48     & TLS 1.0   & DH\_RSA    & AES\_128\_CCM   &       \\ \hline
49     &   & ECDH\_ECDSA    & AES\_128\_CBC   &       \\ \hline
50     &   & ECDH\_RSA  & CAMELLIA\_256\_CBC  &       \\ \hline
51     &   & RSA   & CAMELLIA\_128\_CBC  &       \\ \hline
52     &   &   &   &       \\ \hline
53 \cellcolor{red}avoid   
54 & SSL 3.0   & NULL  & NULL  & NULL      \\ \hline
55     &   & DH\_anon   & RC4\_128   & MD5       \\ \hline
56     &   & ECDH\_anon & 3DES\_EDE\_CBC  &       \\ \hline
57     &   &   & DES\_CBC   &       \\ \hline
58     &   &   &   &       \\ \hline
59 \cellcolor{blue}{\color{white}special }
60 &   & PSK   & CAMELLIA\_256\_GCM  &       \\ \hline
61     &   & DHE\_PSK   & CAMELLIA\_128\_GCM  &       \\ \hline
62     &   & RSA\_PSK   & ARIA\_256\_GCM  &       \\ \hline
63     &   & ECDHE\_PSK & ARIA\_256\_CBC  &       \\ \hline
64     &   &   & ARIA\_128\_GCM  &       \\ \hline
65     &   &   & ARIA\_128\_CBC  &       \\ \hline
66     &   &   & SEED  &       \\ \hline
67 \end{tabular}
68 \end{center}
69
70
71 Note that the entries marked as "special" are cipher suites which are not common to all clients (webbrowsers etc).
72
73
74 \subsubsection{Clients}
75  
76 Next we tested the cipher suites above on the following clients:
77
78 \begin{itemize}
79 \item Chrome 30.0.1599.101 Mac OS X 10.9
80 \item Safari 7.0 Mac OS X 10.9
81 \item Firefox 25.0 Mac OS X 10.9
82 \item Internet Explorer 10 Windows 7
83 \item Apple iOS 7.0.3
84 \end{itemize}
85
86
87 The result of testing the cipher suites with these clients gives us the following result and a preference order. 
88 Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering.
89
90 \begin{table}
91     \begin{tabular}{|l|l|l|l|l|}
92     \hline
93     Pref & Cipher Suite                                   & ID         & Browser                     \\ \hline
94     1    & TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 &     0xC024 & Safari                      \\ \hline
95     2    & TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384   &     0xC028 & Safari                      \\ \hline
96     3    & TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA256     &     0x006B & Safari, Chrome              \\ \hline
97     4    & TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA    &     0xC00A & Safari, Chrome, Firefox, IE \\ \hline
98     5    & TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA      &     0xC014 & Safari, Chrome, Firefox, IE \\ \hline
99     6    & TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA        &     0x0039 & Safari, Chrome, Firefox     \\ \hline
100     7    & TLS\_DHE\_DSS\_WITH\_AES\_256\_CBC\_SHA        &     0x0038 & Firefox, IE                 \\ \hline
101     8    & TLS\_DHE\_RSA\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0088 & Firefox                     \\ \hline
102     9    & TLS\_DHE\_DSS\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0087 & Firefox                     \\ \hline
103     \end{tabular}
104 \end{table}
105
106 \FloatBarrier
107
108 The same data again, specifying the OpenSSL name:
109
110 \begin{table}[h]
111     \begin{tabular}{|l|l|l|}
112     \hline
113     Cipher Suite                                   & ID            & OpenSSL Name                  \\ \hline
114     TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 &     0xC024 &     ECDHE-ECDSA-AES256-SHA384 \\ \hline
115     TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384   &     0xC028 &     ECDHE-RSA-AES256-SHA384   \\ \hline
116     TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA256     &     0x006B &     DHE-RSA-AES256-SHA256     \\ \hline
117     TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA    &     0xC00A &     ECDHE-ECDSA-AES256-SHA    \\ \hline
118     TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA      &     0xC014 &     ECDHE-RSA-AES256-SHA      \\ \hline
119     TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA        &     0x0039 &     DHE-RSA-AES256-SHA        \\ \hline
120     TLS\_DHE\_DSS\_WITH\_AES\_256\_CBC\_SHA        &     0x0038 &     DHE-DSS-AES256-SHA        \\ \hline
121     TLS\_DHE\_RSA\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0088 &     DHE-RSA-CAMELLIA256-SHA   \\ \hline
122     TLS\_DHE\_DSS\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0087 &     DHE-DSS-CAMELLIA256-SHA   \\ \hline
123     \end{tabular}
124 \end{table}
125
126
127 Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers
128
129 \subsubsection{Apache}
130
131 Note: a "\textbackslash" (backslash) denotes a line continuation which was wrapped due to formatting reasons here. Do not copy it verbatim.
132
133 \begin{verbatim}
134   SSLProtocol ALL -SSLv2
135   SSLHonorCipherOrder On
136   SSLCipherSuite  ECDH+AESGCM:DH+AESGCM:\
137     ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:\
138     DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES256-SHA:\
139     ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:\
140     DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:\
141     !ADH:!AECDH:!MD5:!DSS
142 \end{verbatim}
143
144 %XXXX   ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
145
146
147
148 \subsubsection{nginx}
149
150
151 \subsubsection{openssl.conf settings}
152
153 %\subsubsection{Differences in SSL libraries: gnutls vs. openssl vs. others}
154
155 \subsubsection{IMAPS}
156 \subsubsection{SMTP: opportunistic TLS}
157 % do we need to documment starttls in detail?
158 %\subsubsection{starttls?}
159
160 \subsection{SSH}
161
162 \subsection{OpenVPN}
163
164 \subsection{PGP}
165
166 \subsection{PRNG settings}