Aplus-SSL-certificate

From Bitbull Wiki
Revision as of 05:39, 6 June 2025 by Chris (talk | contribs) (Created page with " SSL Labs A+ Cert =Introduction= Since Let's Encrypt, SSL Wildcard certificates have become freely available to everyone. Although they must be renewed...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

SSL Labs A+ Cert

1 Introduction

Since Let's Encrypt, SSL Wildcard certificates have become freely available to everyone. Although they must be renewed every three months, thanks to excellent integration into surrounding systems, this can be automated very well, e.g., with Ansible. However, an SSL certificate alone is not a guarantee for secure data transmission; a bit more is needed. In this article, we show an example of securing an Nginx web server and explain the individual steps. Our benchmark for the configuration is the rating from the SSL Labs Cert checker by Qualys, mentioned below.

2 Links

  • SSL Webserver Config Generator
https://ssl-config.mozilla.org
  • SSL Labs Cert Check Page
https://www.ssllabs.com/ssltest
  • HSTS Preload List
https://hstspreload.org
  • DNS CAA Test Site
https://caatest.co.uk

3 SSL Certificate

This step is fairly simple; it's easy to achieve a score of 100. Use a well-known or trusted Certificate Authority and ensure that the certificate and chain are in the correct order. The most important certificate configuration setting is the fingerprint hashing algorithm. Make sure you created a SHA256-signed certificate, not SHA1. Until recently, most certificates were signed with SHA1. However, with increasing computing power, it has become dangerously insecure. New certificates should be signed with SHA256.

4 SSL Settings

4.1 Protocol Support

  • Disable SSLv3
Has been considered vulnerable since 2014 and should definitely be refused.
  • TLSv1.2
This brings a score of 100% but may cause issues with older clients.
  • TLSv1.1&v1.2
Brings a score of 95% but may still cause issues with older clients.
  • TLS1.0~1.2
Brings a score of 90% and good compatibility with clients; an overall A+ rating is still possible.
  • Nginx Example:
# SSLv3 is broken by POODLE as of October 2014   
# ssl_protocols TLSv1.2; # Score=100
# ssl_protocols TLSv1.2 TLSv1.1; # Score=90
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # Score=95 (recommended)

4.2 Perfect Forward Secrecy

To increase the score for key exchange, we must increase the size of the key used for the DH exchange. Nginx by default uses 1024-bit keys from OpenSSL for the DH key exchange, resulting in a 1024-bit key. Ideally, we should use a key length that is smaller than our SSL certificate and usually 2048 or even 4096 bits. In many web server installations, default DH keys are reused. Using the same keys makes eavesdropping on communications easier. Whoever reads this send me an email, do not reveal, I will collect this. Therefore, a new key with custom DH parameters must be generated. So we will generate a new set of DH parameters and store them in a file.

  • This can be done with OpenSSL:
openssl dhparam -out /etc/nginx/dhparam.pem 4096
  • Nginx Example Config:
ssl_dhparam /etc/nginx/dhparam.pem;

4.3 Strong Algorithms (Cipher Suite)

The most difficult configuration decision on the server is the choice of supported cipher suites. With an almost infinite number of possible combinations, many of these algorithms have different functions, performance, encryption strength, and browser support. Many of them have known weaknesses that make them unsuitable for today's use. Using the latest version of a browser is usually enough to protect a single user, but unfortunately, many older browsers have insecure default settings. Therefore, when configuring the cipher suite, we must consider many options to ensure compatibility with as many browsers as possible without compromising security and performance.

Some algorithms have known or suspected vulnerabilities, and we can disable or restrict their use accordingly.

In particular, the following algorithms should be disabled:

  • MD5

The MD5 hashing algorithm is widely used but has known vulnerabilities. Today MD5 is known to be vulnerable to collisions, especially with GPUs. It is no longer safe to use.

  • RC4

RC4 encryption is also widely used and was even generally recommended. However, research showing theoretical vulnerabilities in RC4, and the plausibility of RC4 being attacked in the wild, are too credible to ignore.

  • SHA1

For the same reasons we generated a certificate request with SHA256 instead of SHA1, we must also disable cipher suites that use SHA1 as the hashing algorithm.

  • Rarely Used Ciphers

Some ciphers like Camellia, Seed, etc., are not common, and disabling them simplifies the configuration and reduces vulnerability.

  • Force Server Cipher Suite Preference

Many browsers, especially older ones, make poor cipher suite choices on their own. By enabling cipher suite ordering, the server chooses the best possible cipher from the list provided by the browser. This ensures that the best cipher is always preferred over weaker ones.

  • Score of 100%

To get a score of 100% in Cipher Strength, we must not only disable all old protocols but also all 128-bit ciphers. This is (still) not advisable for a globally accessible website because relatively modern browsers are required, and we usually cannot control what clients use. However, on supervised sites like webmail or corporate applications, it is advisable to implement maximum security.

5 Enabling HSTS

Unfortunately, SSL Labs does not clearly show what else must be done to achieve an A+ rating.

  • We must add the HTTP Strict Transport Security (HSTS) header.

Note that HSTS makes your site HTTPS-only. You can no longer use it over HTTP. If HTTP must still be available, the maximum achievable rating is A.

By enabling HSTS, users cannot connect over HTTP, and the use of HTTPS is always enforced. This means that after a client's first visit to the server, subsequent visits to HTTP pages are converted to HTTPS by the browser before any request occurs. This saves some load cycles and increases security, particularly against SSL-stripping attacks. HSTS also prevents redirects between HTTP and HTTPS and back, as well as many other common configuration mistakes.

Here is an nginx example configuration: 

add_header Strict-Transport-Security "max-age=31536000; 
includeSubDomains; preload" always;
  • 31536000 Seconds

Thus, the browser will remember for one year that it must always visit the site over HTTPS. If for any reason you want to disable HTTPS support for the website, you will have a problem with browsers that have already received the header. If you redirect HTTPS traffic back to HTTP, those browsers will again redirect to HTTPS, causing an infinite loop. If you are just experimenting with SSL and are not sure whether you want to activate it permanently for the site, HSTS is not the right choice.

  • includeSubDomains

The includeSubDomains setting instructs the browser to enable HSTS for subdomains as well. Remove this option if not all subdomains have been configured for HTTPS.

  • preload

On the first HTTP request, a browser is still potentially vulnerable. With the "preload" setting, we instruct the browser not to send any HTTP requests to the server. We achieve this by submitting the website to the HSTS Preload List. By submitting the website to the HSTS Preload List, we instruct the browser never to visit the website over HTTP. Adding to the preload list has semi-permanent consequences and is irreversible. Therefore, use this option only if HTTPS is consistently configured for the entire domain.

  • always

The "always" in the header instructs Nginx to attach this header with every possible response code, not just for status codes "200, 201, 204, 206, 301, 302, 303, 304, or 307." Note that an HSTS setting: add_header Strict-Transport-Security "max-age=63072000;"; with a duration ≥ 1 week is sufficient to achieve an 'A+'.

6 Further Options

6.1 OCSP Stapling

With every certificate a browser receives, it queries a certificate authority to check whether the certificate has expired. This causes additional latency and reduces security. Instead of the browser checking the status of the provided certificate, the server can verify it with the help of the Online Certificate Status Protocol (OCSP). The OCSP responses are signed by the certificate authority, so browsers can trust them even if they come directly from your server.

  • Nginx Example:
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# the CA & Intermediate CA file for your cert
ssl_trusted_certificate /path/to/certificate/ssl.crt; 
resolver 8.8.8.8 8.8.4.4 valid=300s; #Google DNS
resolver_timeout 10s;

The ssl_trusted_certificate is a reference to the file containing all trusted certificates (thus including the root certificate). This list is never sent to clients but is used for OCSP. The configuration setting resolver is needed so that Nginx can resolve DNS queries.

6.2 SSL Session Caching

To minimize the impact of SSL overhead on the server, the number of client handshakes can be reduced. The handshake is the most expensive part of delivering content over SSL. When resuming the session, the server provides the client with some information during the first TLS handshake. On a second connection, the client can use this information to skip the entire TLS handshake and immediately establish a secure connection. We can enable SSL cache to eliminate the need for a handshake for subsequent or parallel connections.

  • Nginx Example
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

6.3 DNS CAA

This is a specially shaped DNS record that specifies the Certificate Authority for a domain. Thus, a compromised Certificate Authority cannot generate malicious access to your site.

  • Here is a DNS example configuration:
bitbull.ch.		3600	IN	CAA	128 issue "letsencrypt.org"

7 Example Nginx Configuration

Was listed as a link at the beginning of the article.

Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Aplus-SSL-certificate&oldid=5895"