Author |
|
jraute
Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany
|
Posted: Mon 22 Sep '14 16:44 Post subject: Apache and FIPS-ready |
|
|
We have apaches on win2008 R2 running as reverse proxy.
We have tried hard to make it as safe as possible regarding the ssl/tls connections.
But we haven't been able to configure it properly to get it FIPS-ready.
We included "SSLFIPS on" in the globals of our httpd.conf, but apache won't start. No errors in the log, just nothing, even if i define debug-level.
Any ideas? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
|
Back to top |
|
jraute
Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany
|
Posted: Tue 23 Sep '14 8:49 Post subject: |
|
|
I've tried the settings (they have been well known, i do remember a part of it as my own suggestion ), but it gives an A without FIPS-ready at SSL Report v1.10.31. |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Tue 23 Sep '14 9:46 Post subject: |
|
|
was OpenSSL compiled with FIPS?
If SSLFIPS is On and Apache will not start (re-reading your first post), chances are OpenSSL was not compiled with FIPS. No, you probably will not see anything in the error log since Apache failed before logs were even opened. It probably shows up in the Event Viewer.
My Apache 2.4.10 wrote: | SSLFIPS invalid, rebuild httpd and openssl compiled for FIPS |
If not, you will surely see it when starting at the command line. |
|
Back to top |
|
jraute
Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany
|
Posted: Tue 23 Sep '14 13:59 Post subject: |
|
|
(Btw. i've forgotten to give some information about the version.
It's the 2.4.10 Win64 version from apachelounge.)
Does someone know the requirements for FIPS?
Is SSLUseStapling etc. mandatory?
Can "FIPS-ready" be achieved with self signed certificates?
Thanks for the hint to look into the event log.
There is an error:
Quote: | The Apache service named reported the following error:
>>> SSLFIPS invalid, rebuild httpd and openssl compiled for FIPS. |
|
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
Posted: Tue 23 Sep '14 22:09 Post subject: |
|
|
jraute wrote: | I've tried the settings (they have been well known, i do remember a part of it as my own suggestion ), but it gives an A without FIPS-ready at SSL Report v1.10.31. |
I get the fips ready without fips flag while compilation of ossl. I gotta look into that when I'm back home next week. Testing it from my phone seems impossible |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1265 Location: Amsterdam, NL, EU
|
Posted: Tue 23 Sep '14 23:15 Post subject: |
|
|
jraute wrote: | I've tried the settings (they have been well known, i do remember a part of it as my own suggestion ), but it gives an A without FIPS-ready at SSL Report v1.10.31. |
You will get an A+ if you enable HSTS:
Quote: | This server supports HTTP Strict Transport Security with long duration. Grade set to A+. | I've got such a server, but it is not FIPS-ready either. I will experiment a little bit to see if I can achieve it.
Edit helaas, pindakaas:
The Apache service named reported the following error:
>>> SSLFIPS invalid, rebuild httpd and openssl compiled for FIPS .
Apache 2.4.10 VC9 32-bits
Edit 2 I had this config:
Code: | SSLProtocol -ALL +TLSv1.2 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:!aNULL:!MD5:!ADH |
When I changed the cyphersuite into the one from http://mariobrandt.de/archives/apache/apache-http-strict-transport-security-with-long-duration-817/ the server was FIPS-ready (without SSLFIPS on). I will not disclose anything by showing the SSLlabs verdict:
https://www.ssllabs.com/ssltest/analyze.html?d=sessiondatabase.net&hideResults=on |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
Posted: Wed 24 Sep '14 1:15 Post subject: |
|
|
jraute wrote: |
Does someone know the requirements for FIPS?
Is SSLUseStapling etc. mandatory?
Can "FIPS-ready" be achieved with self signed certificates?
|
1) that somewhere in the handbook from that test lab
2) I'm not sure, but it make sence for me to use it http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslusestapling
3) that is a point not to get the fips ready since the certificate is not valid / can not be checked from browser cause it doesn't know the issuer |
|
Back to top |
|
jraute
Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany
|
Posted: Wed 24 Sep '14 8:04 Post subject: |
|
|
Thanks for shedding light on this topic.
For me it seems a bit strange that FIPS-ready can be achieved without the SSLFIPS-switch turned on, but the main problem in my case for sure is to have an uncomplete certificate chain on my test-server, cuz there i use self signed certificates. |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1265 Location: Amsterdam, NL, EU
|
Posted: Wed 24 Sep '14 14:36 Post subject: |
|
|
Try this one for testing: http://freessl.com/
In the mean time I found out that enabling SSLv3 breaks the FIPS-readyness. SSLUseStapling is not needed. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
Posted: Wed 24 Sep '14 21:47 Post subject: |
|
|
Or use startssl.com |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1265 Location: Amsterdam, NL, EU
|
Posted: Fri 26 Sep '14 17:20 Post subject: |
|
|
I had a real challenge. My SSL setup already was A+ with Strict Transport Security (HSTS) and Robust Forward Secrecy. But I wanted the server to be FIPS-ready as well.
I started with this config:
Code: | SSLProtocol -ALL +TLSv1.2 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
|
This resulted in the following report by SSLLabs:
https://www.ssllabs.com/ssltest/analyze.html?d=sessiondatabase.net&hideResults=on
Not supported browsers:
Android 2.3.7
IE6 / XP
IE8 / XP
All Java's
That should be acceptable nowadays. Alas, one of our customers reported that the server was down. They happened to be using IE8 on XP. Yeah, really.
I went looking for a solution and stumbled across this description: https://github.com/client9/sslassert/wiki/IE-Supported-Cipher-Suites
Quote: | DES-CBC3-SHA unfortunately allows the BEAST attack and is very slow. However some XP machines are configured to be "FIPS Compliant" and ONLY this cipher will be used. It's not clear how wide-spread the configuration of "Windows XP + FIPS + Internet Explorer" is, but for maximum compatibility this cipher suite is required. |
I removed the !3DES from the config, added DES-CBC3-SHA as last cipher and tested this at SSLLabs: "BEAST attack; Not mitigated server-side". A pity, but the BEAST attack is not considered an issue by SSLLabs anymore.
Done? No, because I lost Robust Forward Secrecy in the process. So I had to look for a variant of DES-CBC3-SHA with Elliptic Curve cryptography. That happened to be EDH-RSA-DES-CBC3-SHA, so I added this one as well.
Final config:
Code: | SSLProtocol -ALL +TLSv1.2 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MD5:!aNULL:!eNULL:!EXP:!PSK:!SRP:!DSS |
I applied this setup to the server where I am hosting my PHP builds. SSLLabs report:
https://www.ssllabs.com/ssltest/analyze.html?d=phpdev.toolsforresearch.com
I lost the 100% score on cipher strength, but only Android 2.3.7, IE8 on XP and Java 8b132 are using the 112 bits cipher. Not really something to be worried about. |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1265 Location: Amsterdam, NL, EU
|
Posted: Sun 28 Sep '14 15:38 Post subject: |
|
|
jraute wrote: | (Btw. i've forgotten to give some information about the version.
It's the 2.4.10 Win64 version from apachelounge.) |
VC9, VC10 or VC11?
I have compiled SSL with the openssl-fips-2.0.8.tar.gz from openssl.org:
https://phpdev.toolsforresearch.com/openssl-1.0.1i-fips-2.4.10-x86-vc9.zip
However, if I replace my non-FIPS ssl*.dll and mod_ssl.so with the FIPS ones, I get this error messge:
Code: | [ssl:emerg] [pid 4980:tid 1208] AH01903: Failed to configure CA certificate chain! |
It does not matter if I add 'SSLFIPS on' or not. In both cases it fails.
If anyone manages to get this working, please share you config.
Last edited by Jan-E on Tue 07 Oct '14 19:00; edited 1 time in total |
|
Back to top |
|
jraute
Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany
|
Posted: Mon 29 Sep '14 8:23 Post subject: |
|
|
VC11, but the main problem is the chain, i think. |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1265 Location: Amsterdam, NL, EU
|
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Mon 29 Sep '14 19:57 Post subject: |
|
|
I find it odd that I have your same cyphers + 2 others, same protocols, same everything but certificates yet I get this for IE8/XP: Protocol or cipher suite mismatch
Mine is rather obvious it is not going to work with the red. What I would want to know is how during the browser emulation portion of the test it is able to pick up that cypher it is showing for IE8/XP. It is not one of your 4 configured cyphers.
I'm going to try building FIPS sometime this weak. I've done it before and when I ran this ssl labs test with FIPS I had a weaker score than without it. |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Tue 30 Sep '14 3:27 Post subject: |
|
|
Works for me but this is VC9 x86. I will also try vc11 x64.
HTTPS="on"
REQUEST_METHOD="GET"
REQUEST_SCHEME="https"
REQUEST_URI="/cgi-bin/printenv.pl"
SCRIPT_NAME="/cgi-bin/printenv.pl"
SERVER_ADDR="::1"
SERVER_NAME="localhost"
SERVER_PORT="443"
SERVER_PROTOCOL="HTTP/1.1"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.4.10 (Win32) OpenSSL/1.0.1i-fips"
SSL_TLS_SNI="localhost"
and
[Mon Sep 29 18:26:25.146400 2014] [ssl:notice] [pid 5424:tid 484] AH01884: Operating in SSL FIPS mode
Edit:
VC11 x64 same results
SERVER_SOFTWARE="Apache/2.4.10 (Win64) OpenSSL/1.0.1i-fips"
[Mon Sep 29 22:37:48.303677 2014] [ssl:notice] [pid 1752:tid 416] AH01884: Operating in SSL FIPS mode
A challenge was building 32bit fips on an x64 OS. |
|
Back to top |
|
ivanr
Joined: 27 Apr 2013 Posts: 6
|
Posted: Tue 30 Sep '14 11:52 Post subject: |
|
|
Jan-E wrote: |
Edit 2: In reality IE8 on XP is not able to connect to https://fips.sessiondatabase.net so the 'without support for IE8 on XP' is true after all. The SSLLabs report is not accurate on the point. |
No, it is accurate. Your configuration relies on Server Name Indication, which IE8 doesn't send, and you have a different configuration on the default host. You can verify this by connecting using "$ openssl s_client -connect hostname -cipher 3DES". |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1265 Location: Amsterdam, NL, EU
|
Posted: Tue 30 Sep '14 14:55 Post subject: |
|
|
To test the IE8 connectivity I changed the http-ssl.conf. I now have only one SSL Virtualhost:
Code: | <VirtualHost _default_:443>
ServerName fips.sessiondatabase.net:443
ServerAlias *.sessiondatabase.net:443 sessiondatabase.net:443
etc |
But IE8 on XP still cannot load https://fips.sessiondatabase.net/
And SSLLabs reports that correctly.
Last edited by Jan-E on Tue 30 Sep '14 15:23; edited 1 time in total |
|
Back to top |
|
ivanr
Joined: 27 Apr 2013 Posts: 6
|
Posted: Tue 30 Sep '14 15:12 Post subject: |
|
|
Jan-E wrote: | To test the IE8 connectivity I changed the http-ssl.conf. I now have only one SSL Virtualhost:
Code: | <VirtualHost _default_:443>
ServerName fips.sessiondatabase.net:443
ServerAlias *.sessiondatabase.net:443 sessiondatabase.net:443
etc |
But IE8 on XP still cannot load https://fips.sessiondatabase.net/
And SSLLabs reports that correctlt. |
True, but SSL Labs is now also showing that IE8/XP won't connect ("Protocol or cipher suite mismatch") |
|
Back to top |
|