Tag Archives: ssl

Pen 0.34.0 released

Available here:

http://siag.nu/pub/pen/

And also here:

https://sourceforge.net/projects/penloadbalancer/files/Source/

Sander van Burken noticed that it wasn’t possible to specify a listening address
in the configuration file when using UDP: it was created as TCP even if -U was
used on the command line.

Harry G. Coin found that Pen would use the CARP address as local address in
upstream connections. An expected behaviour, but undesirable when CARP is used
with two instances of Pen. A new configuration option allows another source
address to be specified.

Vincent Bernat added support for OpenSSL 1.1.0. OpenSSL 1.0.2 is still supported.

Full list of changes:

161028 Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
This fixes issue #28.

161024 Allow setting local address for upstream connections. This fixes issue #31.
New penctl command "source" to set this option.

160914 Fixed issue #30: UDP not working in combination with a configuration file.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

How to get A+ on Qualys SSL Labs Test

This requires the version of Pen currently in Git, or 0.27.4 when that is released in a few days.

Qualys-A+

For this exercise, we’ll throw compatibility with older operating systems and browsers out and only focus on maxing out security.

Certificate

First, we need a 4096 bit private key. In the following, replace “your.domain” with the real domain name you’re going to protect.

openssl genrsa -out your.domain.key 4096
openssl req -sha256 -new -key your.domain.key -out your.domain.csr

Your private key is in the file your.domain.key. The file your.domain.csr contains your certificate signing request, which needs to be sent to your certification authority. The details of that procedure is different depending on the CA, but should result in you having your new certificate in your possession. Save the certificate as your.domain.crt.

The final piece of information you need is the CA’s certificate, which the CA will provide. Save the certificate as intermediate.crt.

Assuming you managed to cobble together all these files in the directory /etc/pen, the certificate installation is now finished.

Protocol Support

This is easy. Nobody supports SSL 2.0 anymore. SSL 3.0 is only for IE6 on Windows XP, a dwindling user base. TLS 1.0 is still acceptable, but this is not an exercise in acceptability (or compatibility). Throw out everything but TLS 1.2 by putting the following in /etc/pen/https.cfg:

ssl_option no_sslv2
ssl_option no_sslv3
ssl_option no_tlsv1
ssl_option no_tlsv1.1

Cipher Strength

We want ECDHE support for perfect forward secrecy, we want 256 bits encryption, and we want to prefer the best ciphers. These lines in /etc/pen/https.cfg provide that:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_option cipher_server_preference

Strict Transport Security

The final piece of the puzzle is HSTS, which we accomplish by putting this in our Apache config:

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

Finally, enable mod_headers and restart Apache:

a2enmod headers
service apache2 restart

Start Pen

The command line for Pen looks like this:

/usr/local/bin/pen -u pen -C /var/run/pen/https.ctl -F /etc/pen/https.cfg -p /var/run/pen/https.pid -K /etc/pen/your.domain.key -E /etc/pen/your.domain.crt -G /etc/pen/intermediate.crt -S 2 443

That’s quite a bit to type. If you’re using Systemd, like the CentOS system that was used for this example, here’s the full unit file to be installed into /usr/lib/systemd/system:

[Unit]
Description=Pen load balancer (https)
[Service]
Type=forking
PIDFile=/var/run/pen/https.pid
ExecStart=/usr/local/bin/pen -u pen -C /var/run/pen/https.ctl -F /etc/pen/https.cfg -p /var/run/pen/https.pid -K /etc/pen/your.domain.key -E /etc/pen/your.domain.crt -G /etc/pen/intermediate.crt -S 2 443

See this post for more on Pen and Systemd.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Pen 0.27.3 released

Available here:

http://siag.nu/pen/

And also here:

https://sourceforge.net/projects/penloadbalancer/files/Source/

Several new configuration options dealing with securing SSL.

ssl_option no_sslv2 turns off SSL2. This has been the default for ages. Nobody should use SSL2 anymore.

ssl_option no_sslv3 turns off SSL3, sacrificing compatibility with Windows XP but also “sacrificing” the associated vulnerabilities.

ssl_option no_tlsv1 turns off TLS1, again sacrificing a bit of compatibility for a bit of security.

ssl_option cipher_server_preference Prefer the ciphers listed at the beginning of the cipher list (see next item).

ssl_ciphers CIPHERS Specify a list of ciphers to support. By default, Pen will use whatever OpenSSL thinks the default should be, and that list will be different depending on the version of OpenSSL and the options used when compiling OpenSSL.

See here for a suggested configuration with intermediate compatibility but still good security:

Perfect Forward Secrecy

The default maximum number of connections has been 256 since Pen’s inception in 2000. Today that is ridiculously conservative since Pen will gladly handle tens of thousands of connections on a Raspberry Pi:

The Great Load Balancer Shootout…
Let’s double that one more time

The default is now bumped to 500; still very conservative.

Full list of changes since 0.27.2:

150330 Added autoconf check that the ECDHE is available and not disabled.
Bumped default max connections and listen queue to 500.

150326 Support for ECDHE cipher suites.

150325 New commands ssl_option and ssl_ciphers to individually disable
insecure protocols and ciphers.

150324 Updated penctl.1 with the new command.

150322 New knob to tweak max number of pending nonblocking connection
attempts: pending_max N (default 100).

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Perfect Forward Secrecy

One of the new features in 0.27.3 will be perfect forward secrecy for SSL.

http://www.computerworld.com/article/2473792/encryption/perfect-forward-secrecy-can-block-the-nsa-from-secure-web-pages–but-no-one-uses-it.html
http://en.wikipedia.org/wiki/Forward_secrecy
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html

Enabling perfect forward secrecy involves picking an up to date version of OpenSSL compiled with the right options and using the appropriate ciphersuite. Do note that older clients (Windows XP) are at odds with secure SSL configuration – there’s no way to get both right at the same time. This suggested configuration is a compromise:

ssl_option no_sslv2
ssl_option no_sslv3
#ssl_option no_tlsv1
ssl_option cipher_server_preference
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

This configuration won’t work with IE6 on XP; hopefully nobody uses that anymore. The extremely long string at the end is the ciphersuite suggested by Mozilla for intermediate compatibility at the time of writing. For the full story, see here:

https://wiki.mozilla.org/Security/Server_Side_TLS

Facebooktwittergoogle_plusredditpinterestlinkedinmail