NGINX + HTTPS 101: The basics & getting started
-
Upload
nick-sullivan -
Category
Technology
-
view
2.129 -
download
1
Transcript of NGINX + HTTPS 101: The basics & getting started
NGINX + HTTPS 101The Basics & Getting Started Sept 23, 2015 Nick Sullivan (@grittygrease)
#nginx #nginxconf
NGINX + HTTPS 101
2
What is HTTPS?
Protocol Versions
Cipher Suites
Configuring nginx
Bonus: Configuring HSTS
Backend HTTPS
Double Bonus: OCSP Stapling
Checking your configuration
What is HTTPS?
3
HTTPS = HTTP + Security• Security: SSL or TLS
• Provides data encryption and server authentication
• Negotiation of keys happens in the “handshake”
4
5
Why set up HTTPS?• User privacy
• SEO bump
• Put in front of HTTPS-incapable services
• General good practice
6
😀
😯
What are the downsides?• Operational complexity
• Extra latency (two round-trips for first connection)
• CPU cost
7
What you need to set up HTTPS• A set of protocols you support
• A set of ciphers you support in order of preference
• A certificate and a private key signed by a trusted Certificate Authority
8
Protocol Versions
9
A bit of history• SSL v2.0 released in 1995 by Netscape
• SSL v3.0 released in 1996 fixes major issues with v2
• TLS v1.0 released in 1999 by IETF: minor tweaks to SSLv3
• TLS v1.1 released in 2006 with minor tweaks
• TLS v1.2 released in 2008 with improved hashes and AEAD mode
10
A bit of history• SSL v2.0 released in 1995 - Broken by design
• SSL v3.0 released in 1996 - Broken by POODLE (Nov 2014)
• TLS v1.0 released in 1999 - Weakened by BEAST (2011) and Lucky 13 (2013)
• TLS v1.1 released in 2006 - Weakened by Lucky 13 (2013) and RC4 (2013, 2015)
• TLS v1.2 released in 2008 - Only safe with AEAD mode ciphers
11
Client Compatibility for TLS 1.2• Chrome >= 30
• Android >= 5.0
• Firefox >= 27
• Internet Explorer/Edge >= 11
• Safari Mac >= 7
• iOS >= 5
• Note: iOS 9 applications require TLS 1.2 support
12
~75%
Client Compatibility for TLS 1.0• Basically everything except Windows XP SP2 and earlier
13
Configuration options• High security, low compatibility
ssl_protocols TLSv1.2;
• Medium security, high compatibility
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
• Low security, maximum compatibility
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
14
Top Grade
SSL Labs
Cipher Suites
15
Cipher Suites• Complicated string describing the type of crypto used
• Defined by openssl (check your ciphers with $ openssl ciphers)
Example:
ECDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:
16
Cipher Suites
17
ECDHE-RSA-AES256-GCM-SHA384
Key Exchange - Certificate Key - Transport Cipher - Integrity
Server Cipher Suites• Client lists supported cipher suites in order of preference
• Server takes intersection of client list and server supported cipher list
• Server selects preferred cipher of remaining
18
Cipher Suite NegotiationAES256-GCM-SHA384: ECDHE-RSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256: AES256-GCM-SHA384:
19
ECDHE-RSA-AES256-GCM-SHA384 AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
Recommended Cipher SuitesCloudFlare’s suggestions:
github.com/cloudflare/sslconfig
EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
• Mozilla has their own suggestions:
https://mozilla.github.io/server-side-tls/ssl-config-generator/
20
Certificates
21
What is a certificate?• Organization name
• Public key
• Issuer name
• Rights
• Validity period
• Hostnames
• Digital signature by issuer
22
23
What is a trusted certificate?• When certificate is issued by a Certificate Authority (CA) that browsers trust
24
How do I get a certificate?• Create a key pair
• A private key
• A certificate signing request (contains your public key)
• Get a CA to create a certificate from the CSR
• Usually costs $$$
25
How do create a CSR and private key?• Using CFSSL
$ cfssl print-defaults csr > csr.json
$ cfssl genkey csr.json | cfssljson -bare
• Using OpenSSL
$ openssl genrsa -out key.pem 2048
$ openssl req -new -sha256 -key key.pem -out key.csr
26
How to get a free certificate• StartSSL.com: follow the instructions, get a headache
27
Certificate chain• Need to include all certificates in trust
chain up to the root
• If CA did not provide, try `cfssl bundle`
28
Configuring nginx
29
NGINX configurations parameters• Basic features
• ssl_certificate, ssl_certificate_key
• ssl_protocols
• ssl_ciphers
30
NGINX configurations parameters• Before you start: Find out the version of OpenSSL you are using
• Recommend at least 1.0.1p
$ openssl version
OpenSSL 0.9.8zd 8 Jan 2015
31
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
}
32
Certificate Chain
Private key
• Session caching — faster connections from existing clients
• ssl_session_timeout 1d;
• ssl_session_cache shared:SSL:50m;
• Session tickets — advanced version
• Works with Chrome and Firefox
Extra options
33
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
}
34
Protocols
Ciphers
• Prefer server cipher preference
• ssl_prefer_server_ciphers on;
Additional fields
35
Multiple domains, same certificatessl_certificate multiSAN.crt;
ssl_certificate_key multiSAN.key;
server {
listen 443 ssl;
server_name www.example.com;
...
}
server {
listen 443 ssl;
server_name www.example.org;
...
}
36
Backend HTTPS
37
• Encrypt to the server behind nginx
• Need a list of trusted CAs
Encryption on the backend
38
http {
server {
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
39
Protocols
CiphersTrusted CAs
• Internal CA
• You can create your own certificates for the services behind nginx
• Requires managing your own public key infrastructure
• Public CA
• Need certificate from publicly trusted CA
• Root store already present on machine (e.g. Ubuntu: /etc/ssl/certs/ca-certificates.crt)
Options for trusted CAs
40
Checking your configuration
41
Bonus: Configuring HSTS
44
• HTTP header cached by browser
• Browser always attempts HTTPS
• Maximum age defined in seconds
• Preload list for Chrome and Firefox
• Requires 6 month HSTS
• Requires includeSubdomains
What is HSTS?
45
• Prevent hijacking of HTTP
Why?
46
• Prevents people from visiting HTTP version of site
• If HTTPS config is broken (expired certificate), site is broken
Risks
47
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
}
48
Max-age: 6 months
Double Bonus: Configuring OCSP Stapling
49
• Certificates can not only expire, they can be revoked
• OCSP (Online Certificate Status Protocol) can be queried to check status
• Can slow down requests since it requires another connection
• OCSP Stapling: server pre-fetches OSCP response
• Saves a round-trip by the client
What is OCSP Stapling?
50
How much faster?DNS (1334ms)
TCP handshake (240ms)
SSL handshake (376ms)
Follow certificate chain (1011ms)
DNS to CA (300ms)
TCP to CA (407ms)
OCSP to CA #1 (598ms)
TCP to CA #2 (317ms)
OCSP to CA #2 (444ms)
Finish SSL handshake (1270ms)
51
~30%
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
}
52
Get this file from your CA
Questions?
53
NGINX + HTTPS 101The Basics & Getting Started
Nick Sullivan @grittygrease