Encryption
SSL/TLS
Free Certificates
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. This uses the Automated Certificate Management Environment (ACME) protocol. ACME Clients:
These days I prefer to let pfSense manage the certificate creation and renewal and use a post-renewal script to push the certificate(s) to the machines that need them.
Testing
- SSL Labs SSL Tester
- Security Certificate Revocation Awareness Test
- How To Use OpenSSL s_client To Check and Verify SSL/TLS Of HTTPS Webserver
Server Name Indication (SNI)
SNI allows you to determine where to route traffic based on host name
Allows you to use a single TCP port to provide access to multiple services, depending on the hostname the client is trying to connect to. In addition, each service can have its own unique SSL certificate. This is the most useful way to avoid requirement of a dedicated IP address for each DNS name on a web server.
Test with:
Working example:
root@jeremybryansmith:~# echo "" | openssl s_client -servername opencontrolcenter.com -connect opencontrolcenter.com:443 | grep 'CN =' depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate 0 s:CN = opencontrolcenter.com i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 subject=CN = opencontrolcenter.com issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Non-working example:
root@jeremybryansmith:~# echo "" | openssl s_client -servername gitlab.jeremybryansmith.com -connect gitlab.jeremybryansmith.com:443 2>/dev/null | grep 'CN ='
0 s:CN = apttechnologysystems.com
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
subject=CN = apttechnologysystems.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Key Management
SSH Key Management
Key Creation
As of March 2020, the most secure key type is ed25519.
FYI: ed25519 keys are always 256-bit.
USER="jeremy"
DOMAIN="jbsnet.xyz"
KEY_TYPE="ed25519"
KEY_FILENAME="${USER}+${KEY_TYPE}@${DOMAIN}"
KEY_COMMENT="$KEY_FILENAME"
ssh-keygen -t "${KEY_TYPE}" -C "${KEY_COMMENT}" -f "${KEY_FILENAME}"
Which results in the following files being created:
jeremy+ed25519@jbsnet.xyz jeremy+ed25519@jbsnet.xyz.pub
Older clients may not support ed25519, but fuck them.
Secure Configuration
Using crypto is only the first step. You need to ensure that the tools you use are locked down to enforce only the protocols that are not known to be weak.
SSH
Server Config
Ciphers
As of 2015-12-04, the best Ciphers setting in /etc/ssh/sshd_config is:
Ciphers aes192-ctr,aes256-ctr,arcfour256,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour
MACs
As of 2015-12-04, the best MACs setting in /etc/ssh/sshd_config is:
- Disable anything using MD5
- Disable anything using less than 128 bits
- Disable anything not using -etm mode
Use the following config file:
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com
SSL/TLS Key Management
Key Creation
If you need a SSL/TLS cert that is signed by a root authority for public use in a web browser or other SSL/TLS client, use Let’s Encrypt to get free SSL certificates.
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. In Public Beta 2015-12-03.
Converting
Before you can convert anything, you'll need to know what the various formats are.
- pem
- der
- text
From pem to text
openssl x509 -in your-cert.pem -noout -text
From pem to der
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
Secure SSL/TLS Ciphers
See https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet
Stunnel
As of 2018-07-02, using TLS 1.3 with stunnel, this is the most secure configuration (TLS 1.2 and 1.3 only):
verify = 2 sslVersion = all options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1 options = CIPHER_SERVER_PREFERENCE options = DONT_INSERT_EMPTY_FRAGMENTS ciphers = TLS13-AES-256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
Apache
As of 2018-07-02, using TLS 1.2 with apache, this is the most secure configuration (TLS 1.2 only):
SSLEngine On SSLProtocol TLSv1.2 SSLHonorCipherOrder On SSLProtocol -ALL +TLSv1.2 SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 !ECDHE-RSA-AES256-SHA384 !ECDHE-RSA-AES128-SHA256 !ECDHE-RSA-AES256-SHA !ECDHE-RSA-AES128-SHA !DHE-RSA-AES256-SHA256 !DHE-RSA-AES256-SHA !DHE-RSA-AES128-SHA256 !DHE-RSA-AES128-SHA" # Enable HSTS Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"