Ticket #795 (closed maintenance: fixed)
SHA1 Deprecation: Regenerate all certs using SHA256
Reported by: | chris | Owned by: | chris |
---|---|---|---|
Priority: | major | Milestone: | Maintenance |
Component: | Live server | Keywords: | |
Cc: | ade, paul, sam, annesley | Estimated Number of Hours: | 0.0 |
Add Hours to Ticket: | 0 | Billable?: | yes |
Total Hours: | 2.0 |
Description
SHA1 SSL certs and chains are now flagged at SSLLabs, see SHA1 Deprecation: What You Need to Know, however Gandi doesn't yet support SHA256, see SHAAAAAAAAAAAAA which links to this tweet, when they do support SHA256 all the keys, certs and chains will need updating.
Change History
comment:3 Changed 22 months ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.0 to 0.25
A new SHA512 cert has been ordered on ticket:820#comment:3, using the Mozilla intermediate compatibility guide is probably the pragmatic choice.
- Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- Versions: TLSv1, TLSv1.1, TLSv1.2
- RSA key size: 2048
- DH Parameter size: 2048 (1024 tolerable)
- Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
- Certificate signature: SHA-256
For Nginx (the version of Apache is too old for this AFAIK) we can generate a strong dhparam for PFS, on PenguinServer:
sudo -i cd /etc/ssl/transitionnetwork.org/ openssl dhparam 2058 > dhparam.pem Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ............................................................... chmod 600 dhparam.pem
And the same was done on PuffinServer.
Nginx will need a chained certificate.
comment:5 Changed 22 months ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.25 to 0.5
For the chained cert, on PenguinServer, following https://wiki.gandi.net/en/ssl/intermediate
sudo -i cd /etc/ssl/transitionnetwork.org/2015 wget "https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem" wget "http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt" openssl x509 -inform DER -in USERTrustRSAAddTrustCA.crt -out USERTrustRSAAddTrustCA.pem cat USERTrustRSAAddTrustCA.pem > gandi.pem cat GandiStandardSSLCA2.pem >> gandi.pem cat transitionnetwork.org.crt > transitionnetwork.org.chained.pem cat GandiStandardSSLCA2.pem >> transitionnetwork.org.chained.pem cat USERTrustRSAAddTrustCA.pem >> transitionnetwork.org.chained.pem chmod 600 *.*
To be continued...
comment:6 Changed 22 months ago by chris
- Add Hours to Ticket changed from 0.0 to 1.5
- Status changed from new to closed
- Resolution set to fixed
- Total Hours changed from 0.5 to 2.0
All the files in /etc/nginx/sites-available/ were edited to update the ciphers:
#ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:+RC4:RC4; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
Also these lines were added where appropriate:
ssl_prefer_server_ciphers on; add_header Strict-Transport-Security max-age=15768000;
We already had:
listen 443 ssl spdy; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Then the old files were moved out of the way and the new ones installed, Nginx checked and restarted:
cd /etc/ssl/transitionnetwork.org mv *.* 2014/ mv 2015/* . /etc/init.d/nginx configtest /etc/init.d/nginx restart
The server was checked at SSLLabs.com and we now have a A+ rating.
Transfering the key and cert to other two server first enable ssh to root account on ParrotServer by editing /etc/ssh/sshd_config and changing these lines:
#PermitRootLogin no PermitRootLogin yes
Restart sshd, make a new directory for the files:
mkdir /etc/ssl/transitionnetwork.org/2015 chmod 700 /etc/ssl/transitionnetwork.org/2015
Push the files from PenguinServer (keys and aliases were set up ages ago):
rsync -av /etc/ssl/transitionnetwork.org/*.* parrot:/etc/ssl/transitionnetwork.org/2015/
Re-edit sshd_config on ParrotServer and restart sshd to disable root logins.
Find the files on ParrotServer that migh need editing:
sudo -i cd /etc/apache2/ grep -rl SSL . ./conf.d/webarch.conf ./sites-available/tc ./sites-available/annesley ./sites-available/reconomy ./sites-available/reconredirect ./sites-available/ttt ./sites-available/ts ./mods-available/ssl.conf ./ports.conf
Manually edit the ones not in sites-available, adding / editing these lines as appropriate:
Header set Strict-Transport-Security "max-age=31536000" #SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS:!aNULL SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Do the same for /root/webarch/conf/apache.template and regenerate the configs in sites-available by running /usr/local/webarch/bin/buildapache-all, move the new cert and key into place:
cd /etc/ssl/transitionnetwork.org mv *.* 2014/ mv 2015/* .
Check, apache2ctl configtest and restart apache, and test at SSLLabs.com, we have a A+.
Repeat the above for PuffinServer and edit these Nginx config files:
- /var/aegir/config/server_master/nginx/vhost.d/chive.master.puffin.webarch.net
- /var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf
Changing:
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; add_header Strict-Transport-Security max-age=15768000; ssl_dhparam /etc/ssl/transitionnetwork.org/dhparam.pem;
Check the congig, /etc/init.d/nginx configtest, restart, and check the config at SSLLabs.com, and again we now have a A+.
Updated the wiki:SecurityInfo and https://wiki.transitionnetwork.org/Security page, to get the fingerprints:
openssl x509 -noout -in transitionnetwork.org.crt -fingerprint SHA1 Fingerprint=67:E3:06:44:B5:95:67:74:1A:7A:EC:E2:82:C5:FC:27:A7:01:9C:F7 openssl x509 -noout -in transitionnetwork.org.crt -fingerprint -sha256 SHA256 Fingerprint=19:BF:1D:C7:34:FB:12:D1:AB:69:6E:96:1A:E3:94:C0:B8:C0:F6:85:03:D2:8A:E9:57:42:61:B3:F2:95:39:28
Gandi now support SHA256 see:
The *.transitionnetwork.org cert expires on 24/01/2015 so that would be the time to switch to SHA256.