Ticket #795 (closed maintenance: fixed)

Opened 2 years ago

Last modified 22 months ago

SHA1 Deprecation: Regenerate all certs using SHA256

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Live server Keywords:
Cc: ade, paul, sam, annesley Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 2.0

Description

SHA1 SSL certs and chains are now flagged at SSLLabs, see SHA1 Deprecation: What You Need to Know, however Gandi doesn't yet support SHA256, see SHAAAAAAAAAAAAA which links to this tweet, when they do support SHA256 all the keys, certs and chains will need updating.

Change History

comment:1 Changed 2 years ago by chris

Gandi now support SHA256 see:

The *.transitionnetwork.org cert expires on 24/01/2015 so that would be the time to switch to SHA256.

comment:3 Changed 22 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 0.0 to 0.25

A new SHA512 cert has been ordered on ticket:820#comment:3, using the Mozilla intermediate compatibility guide is probably the pragmatic choice.

  • Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  • Versions: TLSv1, TLSv1.1, TLSv1.2
  • RSA key size: 2048
  • DH Parameter size: 2048 (1024 tolerable)
  • Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
  • Certificate signature: SHA-256

For Nginx (the version of Apache is too old for this AFAIK) we can generate a strong dhparam for PFS, on PenguinServer:

sudo -i
cd /etc/ssl/transitionnetwork.org/
openssl dhparam 2058 > dhparam.pem
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...............................................................
chmod 600 dhparam.pem 

And the same was done on PuffinServer.

Nginx will need a chained certificate.

comment:4 Changed 22 months ago by ed

  • Cc ade added; ed removed

add ADE removing ED

comment:5 Changed 22 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 0.25 to 0.5

For the chained cert, on PenguinServer, following https://wiki.gandi.net/en/ssl/intermediate

sudo -i
cd /etc/ssl/transitionnetwork.org/2015
wget "https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem"
wget "http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt"
openssl x509 -inform DER -in USERTrustRSAAddTrustCA.crt -out USERTrustRSAAddTrustCA.pem
cat USERTrustRSAAddTrustCA.pem > gandi.pem
cat GandiStandardSSLCA2.pem >> gandi.pem
cat transitionnetwork.org.crt > transitionnetwork.org.chained.pem
cat GandiStandardSSLCA2.pem >> transitionnetwork.org.chained.pem
cat USERTrustRSAAddTrustCA.pem >> transitionnetwork.org.chained.pem
chmod 600 *.*

To be continued...

comment:6 Changed 22 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 1.5
  • Status changed from new to closed
  • Resolution set to fixed
  • Total Hours changed from 0.5 to 2.0

All the files in /etc/nginx/sites-available/ were edited to update the ciphers:

        #ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:+RC4:RC4;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

Also these lines were added where appropriate:

        ssl_prefer_server_ciphers   on;
        add_header Strict-Transport-Security max-age=15768000;

We already had:

        listen 443 ssl spdy;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Then the old files were moved out of the way and the new ones installed, Nginx checked and restarted:

cd /etc/ssl/transitionnetwork.org
mv *.* 2014/
mv 2015/* .
/etc/init.d/nginx configtest
/etc/init.d/nginx restart

The server was checked at SSLLabs.com and we now have a A+ rating.

Transfering the key and cert to other two server first enable ssh to root account on ParrotServer by editing /etc/ssh/sshd_config and changing these lines:

#PermitRootLogin no  
PermitRootLogin yes

Restart sshd, make a new directory for the files:

mkdir /etc/ssl/transitionnetwork.org/2015
chmod 700 /etc/ssl/transitionnetwork.org/2015

Push the files from PenguinServer (keys and aliases were set up ages ago):

rsync -av /etc/ssl/transitionnetwork.org/*.* parrot:/etc/ssl/transitionnetwork.org/2015/

Re-edit sshd_config on ParrotServer and restart sshd to disable root logins.

Find the files on ParrotServer that might need editing:

sudo -i
cd /etc/apache2/ 
grep -rl SSL .
./conf.d/webarch.conf
./sites-available/tc
./sites-available/annesley
./sites-available/reconomy
./sites-available/reconredirect
./sites-available/ttt
./sites-available/ts
./mods-available/ssl.conf
./ports.conf

Manually edit the ones not in sites-available, adding / editing these lines as appropriate:

Header set Strict-Transport-Security "max-age=31536000"

#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS:!aNULL
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Do the same for /root/webarch/conf/apache.template and regenerate the configs in sites-available by running /usr/local/webarch/bin/buildapache-all, move the new cert and key into place:

cd /etc/ssl/transitionnetwork.org
mv *.* 2014/
mv 2015/* .

Check, apache2ctl configtest and restart apache, and test at SSLLabs.com, we have a A+.

Repeat the above for PuffinServer and edit these Nginx config files:

  • /var/aegir/config/server_master/nginx/vhost.d/chive.master.puffin.webarch.net
  • /var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf

Changing:

  #ssl_protocols                SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  #ssl_ciphers                  RC4:HIGH:!aNULL:!MD5;

  ssl_protocols                TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_dhparam /etc/ssl/transitionnetwork.org/dhparam.pem;

Check the congig, /etc/init.d/nginx configtest, restart, and check the config at SSLLabs.com, and again we now have a A+.

Updated the wiki:SecurityInfo and https://wiki.transitionnetwork.org/Security page, to get the fingerprints:

openssl x509 -noout -in transitionnetwork.org.crt -fingerprint
SHA1 Fingerprint=67:E3:06:44:B5:95:67:74:1A:7A:EC:E2:82:C5:FC:27:A7:01:9C:F7
openssl x509 -noout -in transitionnetwork.org.crt -fingerprint -sha256
SHA256 Fingerprint=19:BF:1D:C7:34:FB:12:D1:AB:69:6E:96:1A:E3:94:C0:B8:C0:F6:85:03:D2:8A:E9:57:42:61:B3:F2:95:39:28
Version 1, edited 22 months ago by chris (previous) (next) (diff)
Note: See TracTickets for help on using tickets.