Once the TLS is enabled and displayed to the public, it is necessary to ensure its security. This is easy to do using online services such as Qualys SSL Labs, which performs a free and thorough analysis of your security setup. Based on the results, we can set the default security configuration by controlling protocols and ciphers.
Important
Real-world testing is essential to the security of your server as the small configuration flaws may drive to severe security violations and data loss. Because recommended security practices change constantly in response to research and emerging threats, periodic security audits are essential to good server administration.
On the Qualys SSL Labs site, enter the fully qualified domain name of your server in the form www.example.com. After two minutes, you will receive a grade (from A to F) for your site and a comprehensive breakdown of the findings. Though the overview shows that the configuration is mostly sound, the detailed report flags several potential problems. For example:
- The RC4 cipher is supported for older browsers.
RC4 is a quick and secure cipher used to encrypt TLS data-streams that are known to have several serious weaknesses. If you don’t have valid reasons to support legacy browsers, then you must disable this. - Old TLS versions are supported.
The configuration supports TLS 1.0 (already deprecated) and TLS 1.1 (on a path to deprecation). Only TLS 1.2 has been recommended since 2018.
To correct the TLS configuration
- Open the configuration file /etc/httpd/conf.d/ssl.conf in a text editor and comment out the following lines by typing “#” at the beginning of each:
#SSLProtocol all -SSLv3
#SSLProxyProtocol all -SSLv3 - Add the following directives:
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLProxyProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
These directives explicitly disable SSL versions 2 and 3, as well as TLS versions 1.0 and 1.1. The server now refuses to accept encrypted connections with clients using anything except TLS 1.2. The verbose wording in the directive communicates more clearly, to a human reader, what the server is configured to do.
Note
Disabling TLS versions 1.0 and 1.1 in this manner blocks a small percentage of outdated web browsers from accessing your site.
To modify the list of allowed ciphers
- Open the configuration file /etc/httpd/conf.d/ssl.conf and find the section with commented-out examples for configuring SSLCipherSuite and SSLProxyCipherSuite.
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLProxyProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
Leave these as they are, and add the following directives:Note
Though shown here on several lines for readability, each of these two directives must be on a single line without spaces between the cipher names.SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:
ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:
!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:
ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:
!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHAThese ciphers are a subset of the much longer list of supported ciphers in OpenSSL. They were selected and ordered according to the following criteria:
- Support for forwarding secrecy
- Strength
- Speed
- Specific ciphers before cipher families
- Allowed ciphers before denied ciphers
Note that the high-ranking ciphers have ECDHE in their names, for Elliptic Curve Diffie-Hellman Ephemeral; the ephemeral indicates forward secrecy. Also, RC4 is now among the forbidden ciphers near the end.
We recommend that you use an explicit list of ciphers instead relying on defaults or terse directives whose content isn’t visible.
Important
The cipher list shown here is just one of many possible lists; for instance, you might want to optimize a list for speed rather than forward secrecy.If you anticipate a need to support older clients, you can allow the DES-CBC3-SHA cipher suite.
Finally, each update to OpenSSL introduces new ciphers and deprecates old ones. Keep your EC2 Amazon Linux instance up to date, watch for security announcements from OpenSSL, and be alert to reports of new security exploits in the technical press. For more information, see Predefined SSL Security Policies for Elastic Load Balancing in the User Guide for Classic Load Balancers.
- Uncomment the following line by removing the “#”:
#SSLHonorCipherOrder on
This command forces the server to prefer high-ranking ciphers, including (in this case) those that support forward secrecy. With this directive turned on, the server tries to establish a strong secure connection before falling back to allowed ciphers with lesser security. - Restart Apache. If you test the domain again on Qualys SSL Labs, you should see that the RC4 vulnerability is gone.
We hope this guide helped you with this easy process. If you are unable to use these instructions, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.