Month: October 2014

   When I tested my SSL server by “Qualys SSL Labs – Projects / SSL Server Test” for this dust, the test gave me following Reds and Oranges (^_^;).
 
||Reds||

1. Trusted : No NOT TRUSTED <<---- Because I use a self-sighed certificate that the Labs doesn't know. So I ignore the message with confidence ha-ha.
2. IE 6 / XP No FS ¹ No SNI ² : Protocol or cipher suite mismatch : Fail³ <<---- My SSL server user is only me, and I don't use IE 6 / XP. So I ignore the message.
3. Fail³ They say “Only first connection attempt simulated. Browsers tend to retry with a lower protocol version.” My SSL server doesn’t accept lower protocols, but it’s no problem for me.

   As above I have nothing to be done about Reds.

||Oranges||

1. Prefix handling : Not valid for “www.o6asan.com” :CONFUSING
2. Signature algorithm : SHA1withRSA : WEAK
3. Chain issues : Contains anchor <<---- Ivan Ristić replied about “Chain issues Contains anchor”. So I ignore the message.
4. Not in trust store <<---- Because I use a self-sighed certificate. So I ignore the message.
5. Downgrade attack prevention : No, TLS_FALLBACK_SCSV not supported
6. Forward Secrecy : With some browsers

   As above I have something to be done about 1, 2, 5 and 6. First I handle 5 and 6 because I need to re-create a new certificate for 1 and 2.

1. I update Apache 2.4.10 (httpd-2.4.10-win32-VC11.zip) to October 20 version. Because it was built with openssl-1.0.1j which supported TLS_FALLBACK_SCSV.
2. I uncommented SSLHonorCipherOrder on and changed SSLCipherSuite Directive value in the httpd-ssl.conf.
   HIGH:MEDIUM:!aNULL:!MD5
   ↓
   EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP
!PSK !SRP !DSS
   　　　Ref : Configuring Apache, Nginx, and OpenSSL for Forward Secrecy
   ↓　I changed on Dec. 23 because of RC4.
   EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH
EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
   　　　Ref : RC4 in TLS is Broken: Now What?
   IF your server should support some mobile OS/browser or legacy ones, you need more additional configuration. But the above is enough to my server.

After them the test gives me “Downgrade attack prevention : Yes, TLS_FALLBACK_SCSV supported” and “Forward Secrecy : Yes (with most browsers) ROBUST”.

   Second I handle 1 and 2.
   The 1 is caused by my self-sighed certificate only has o6asan.com as its Common Name. So I have to create a new certificate supporting both o6asan.com and www.o6asan.com. But there is a problem that I want to use only one IP address for my SSL server. Nowadays we have the solution for this issue that is called SNI(Server Name Indication) though all OS/browser haven’t supported it yet. I can use a wildcard certificate or SAN for SNI. I use SANs because I don’t want to allow my SSL server to accept all sub domains though I can restrict them by Apache configuration.
   The 2 is caused by my creation of the certificate by OpenSSL default, which is set to use SHA1. So I’ll use default_md = sha256 for the new certificate.
　On 28th, I re-read Server Name Indication. Is SNI a different story from wildcard certificate / SAN? I don’t understand them still now. Difficult.

   I copy the file openssl.cnf(← this is the default name) from Apche24conf folder to c:openssl-1.0.1x-winxxssl(← this is the default location) and customize like the followings.

Change values and uncomment a line.
1. dir = ./demoCA —->> dir = X:/demoCA <<----Need an exact path
2. default_crl_days = 30 —->> default_crl_days = 365
3. default_md = default —->> default_md = sha256
4. default_bits = 1024 —->> default_bits = 2048
5. # req_extensions = v3_req —->> req_extensions = v3_req

Adding lines.
1. subjectAltName = @alt_names to [ v3_req ] area.
2. [ alt_names ]
DNS.1 = example.com
DNS.2 = www.example.com to just before [ v3_ca ] area.
    
   You can add your domains, like DNS.1, DNS.2, DNS.3, ….
3. If you make a client certificate, add the followings to the end of the openssl.cnf.
   [ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
nsComment = "OpenSSL Certificate for SSL Client"

   Now I’ll create new certificate. (Ref : WordPress: Administration Over SSL #1)

||Create myCA||
1. Make myCA folder at X:/
2. Make two folders and a file named private, newcerts and index.txt in the myCA.
3. Run cmd.exe as Administrator
   pushd X:myCA
echo 01 > serial
openssl req -new -keyout privatecakey.pem -out careq.pem
openssl ca -selfsign -in careq.pem -extensions v3_ca -out cacert.pem
copy cacert.pem (Drive_SV):Apache24confssl.crt
copy cacert.pem my_ca.crt
   　　Note) (Drive_SV) is a partition for server components on my home server PC.

||Create Server Cert||
1. pushd X:myCA
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
2. Check multiple SANs in the CSR (Can you see ‘Subject Alternative Name’ area in it?)
   openssl req -text -noout -in server.csr
3. openssl ca -in server.csr -out server.crt -extensions v3_req
copy server.key cp_server.key
openssl rsa <cp_server.key> server.key
copy server.key (Drive_SV):Apache24conf
copy server.crt (Drive_SV):Apache24conf

||Create Client Cert||
1. pushd X:myCA
openssl req -new -keyout client.key -out client.csr
openssl ca -policy policy_anything -extensions ssl_client -in client.csr -out client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out clientcert.p12

References about SANs : FAQ/subjectAltName (SAN), Multiple Names on One Certificate.

   I have a self-sighed certificate with SANs and SHA256 now. Mission complete!!

   Did you already handle “POODLE” issue, i.e. CVE-2014-3566? OpenSSL Security Advisory [15 Oct 2014] is also related to this.

   First, as a web site operator:
   I haven’t got the new version build with 1.0.1j from Apache Lounge yet, so I’ve done the workaround I read on “SSL v3 goes to the dogs – POODLE kills off protocol”.

   I added the SSLProtocol All -SSLv3 to my httpd-ssl.conf and restarted the httpd.exe. Before this, SSL Server Test gave me “This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C”. But after this, it gave me “This server is not vulnerable to the POODLE attack because it doesn’t support SSL 3”. Actually, I use Apache 2.4 and OpenSSL 1.0.1, so at my mod_ssl ‘SSLProtocol all’ means ‘SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2’ according to　SSLProtocol Directive.

   Second, as a user:
   I did the following workaround. See “How to protect your browser”.

Edit(Oct.18):
PHP 5.6.1 —>> PHP 5.6.2 ChangeLog.
phpMyAdmin 4.2.9.1 —>> phpMyAdmin 4.2.10 ChangeLog.