src/practical_settings.tex

   1 \section{Recommendations on practical settings}
   2
   3
   4 \subsection{SSL}
   5
   6 %%% NOTE: we do not need to list this all here, can move to an appendix
   7 %At the time of this writing, SSL is defined in RFCs:
   8 %
   9 %\begin{itemize}
  10 %\item RFC2246 - TLS1.0
  11 %\item RFC3268 - AES
  12 %\item RFC4132 - Camelia
  13 %\item RFC4162 - SEED
  14 %\item RFC4279 - PSK
  15 %\item RFC4346 - TLS 1.1
  16 %\item RFC4492 - ECC
  17 %\item RFC4785 - PSK\_NULL
  18 %\item RFC5246 - TLS 1.2
  19 %\item RFC5288 - AES\_GCM
  20 %\item RFC5289 - AES\_GCM\_SHA2\_ECC
  21 %\item RFC5430 - Suite B
  22 %\item RFC5487 - GCM\_PSK
  23 %\item RFC5489 - ECDHE\_PSK
  24 %\item RFC5932 - Camelia
  25 %\item RFC6101 - SSL 3.0
  26 %\item RFC6209 - ARIA
  27 %\item RFC6367 - Camelia
  28 %\item RFC6655 - AES\_CCM
  29 %\item RFC7027 - Brainpool Curves
  30 %\end{itemize}
  31
  32 \subsubsection{Overview of SSL Server settings}
  33
  34 Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others.
  35 We followed the recommendations by Ivan Ristic's SSL/TLS Deployment Best Practices\footnote{\url{https://www.ssllabs.com/projects/best-practices/index.html}} document (see section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers.
  36
  37 The results of following his adivce is a categorisation of cipher suites.
  38
  39 \begin{center}
  40 \begin{tabular}{| l | l | l | l | l|}
  41 \hline
  42 & Version   & Key\_Exchange  & Cipher    & MAC       \\ \hline
  43 \cellcolor{green}prefer  & TLS 1.2   & DHE\_DSS   & AES\_256\_GCM   & SHA384        \\ \hline
  44     &   & DHE\_RSA   & AES\_256\_CCM   & SHA256        \\ \hline
  45     &   & ECDHE\_ECDSA   & AES\_256\_CBC   &       \\ \hline
  46     &   & ECDHE\_RSA &   &       \\ \hline
  47     &   &   &   &       \\ \hline
  48 \cellcolor{orange}consider    & TLS 1.1   & DH\_DSS    & AES\_128\_GCM   & SHA       \\ \hline
  49     & TLS 1.0   & DH\_RSA    & AES\_128\_CCM   &       \\ \hline
  50     &   & ECDH\_ECDSA    & AES\_128\_CBC   &       \\ \hline
  51     &   & ECDH\_RSA  & CAMELLIA\_256\_CBC  &       \\ \hline
  52     &   & RSA   & CAMELLIA\_128\_CBC  &       \\ \hline
  53     &   &   &   &       \\ \hline
  54 \cellcolor{red}avoid
  55 & SSL 3.0   & NULL  & NULL  & NULL      \\ \hline
  56     &   & DH\_anon   & RC4\_128   & MD5       \\ \hline
  57     &   & ECDH\_anon & 3DES\_EDE\_CBC  &       \\ \hline
  58     &   &   & DES\_CBC   &       \\ \hline
  59     &   &   &   &       \\ \hline
  60 \cellcolor{blue}{\color{white}special }
  61 &   & PSK   & CAMELLIA\_256\_GCM  &       \\ \hline
  62     &   & DHE\_PSK   & CAMELLIA\_128\_GCM  &       \\ \hline
  63     &   & RSA\_PSK   & ARIA\_256\_GCM  &       \\ \hline
  64     &   & ECDHE\_PSK & ARIA\_256\_CBC  &       \\ \hline
  65     &   &   & ARIA\_128\_GCM  &       \\ \hline
  66     &   &   & ARIA\_128\_CBC  &       \\ \hline
  67     &   &   & SEED  &       \\ \hline
  68 \end{tabular}
  69 \end{center}
  70
  71
  72 Note that the entries marked as "special" are cipher suites which are not common to all clients (webbrowsers etc).
  73
  74
  75 \subsubsection{Clients}
  76
  77 Next we tested the cipher suites above on the following clients:
  78
  79 \begin{itemize}
  80 \item Chrome 30.0.1599.101 Mac OS X 10.9
  81 \item Safari 7.0 Mac OS X 10.9
  82 \item Firefox 25.0 Mac OS X 10.9
  83 \item Internet Explorer 10 Windows 7
  84 \item Apple iOS 7.0.3
  85 \end{itemize}
  86
  87
  88 The result of testing the cipher suites with these clients gives us the following result and a preference order.
  89 Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering.
  90
  91 \begin{table}[h]
  92 \small
  93     \begin{tabular}{|l|l|l|l|l|}
  94     \hline
  95     Pref & Cipher Suite                                   & ID         & Browser                     \\ \hline
  96     1    & TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 &     0xC024 & Safari                      \\ \hline
  97     2    & TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384   &     0xC028 & Safari                      \\ \hline
  98     3    & TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA256     &     0x006B & Safari, Chrome              \\ \hline
  99     4    & TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA    &     0xC00A & Safari, Chrome, Firefox, IE \\ \hline
 100     5    & TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA      &     0xC014 & Safari, Chrome, Firefox, IE \\ \hline
 101     6    & TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA        &     0x0039 & Safari, Chrome, Firefox     \\ \hline
 102     7    & TLS\_DHE\_DSS\_WITH\_AES\_256\_CBC\_SHA        &     0x0038 & Firefox, IE                 \\ \hline
 103     8    & TLS\_DHE\_RSA\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0088 & Firefox                     \\ \hline
 104     9    & TLS\_DHE\_DSS\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0087 & Firefox                     \\ \hline
 105     \end{tabular}
 106 \end{table}
 107
 108 \FloatBarrier
 109
 110 The same data again, specifying the OpenSSL name:
 111
 112 \begin{table}[h]
 113 \small
 114 \FloatBarrier
 115     \begin{tabular}{|l|l|l|}
 116     \hline
 117     Cipher Suite                                   & ID            & OpenSSL Name                  \\ \hline
 118     TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 &     0xC024 &     ECDHE-ECDSA-AES256-SHA384 \\ \hline
 119     TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384   &     0xC028 &     ECDHE-RSA-AES256-SHA384   \\ \hline
 120     TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA256     &     0x006B &     DHE-RSA-AES256-SHA256     \\ \hline
 121     TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA    &     0xC00A &     ECDHE-ECDSA-AES256-SHA    \\ \hline
 122     TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA      &     0xC014 &     ECDHE-RSA-AES256-SHA      \\ \hline
 123     TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA        &     0x0039 &     DHE-RSA-AES256-SHA        \\ \hline
 124     TLS\_DHE\_DSS\_WITH\_AES\_256\_CBC\_SHA        &     0x0038 &     DHE-DSS-AES256-SHA        \\ \hline
 125     TLS\_DHE\_RSA\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0088 &     DHE-RSA-CAMELLIA256-SHA   \\ \hline
 126     TLS\_DHE\_DSS\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0087 &     DHE-DSS-CAMELLIA256-SHA   \\ \hline
 127     \end{tabular}
 128 \end{table}
 129
 130
 131
 132 Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers
 133
 134 \subsubsection{Apache}
 135
 136 Note: a "\textbackslash" (backslash) denotes a line continuation which was wrapped due to formatting reasons here. Do not copy it verbatim.
 137
 138 \begin{verbatim}
 139   SSLProtocol ALL -SSLv2
 140   SSLHonorCipherOrder On
 141   SSLCipherSuite  ECDH+AESGCM:DH+AESGCM:\
 142     ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:\
 143     DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES256-SHA:\
 144     ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:\
 145     DHE-DSS-AES256-SHA:\DHE-RSA-CAMELLIA256-SHA:\
 146     DHE-DSS-CAMELLIA256-SHA:!ADH:!AECDH:!MD5:!DSS
 147 \end{verbatim}
 148
 149 %XXXX   ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
 150
 151
 152
 153 \subsubsection{nginx}
 154
 155
 156 \subsubsection{openssl.conf settings}
 157
 158 %\subsubsection{Differences in SSL libraries: gnutls vs. openssl vs. others}
 159
 160 \subsubsection{IMAPS}
 161 \subsubsection{SMTP: opportunistic TLS}
 162 % do we need to documment starttls in detail?
 163 %\subsubsection{starttls?}
 164
 165 \subsection{SSH}
 166
 167 \subsection{OpenVPN}
 168
 169 \subsection{PGP}
 170
 171 \subsection{PRNG settings}