ssl_howto.xml revision 5f54f5b43c1ead4d85990835cb6a7e94da0085ac
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<!-- $Revision: 1.9 $ -->
1e83c8de3aa48b316b28057d53995272baf1260cwrowe Copyright 2002-2004 The Apache Software Foundation
1e83c8de3aa48b316b28057d53995272baf1260cwrowe Licensed under the Apache License, Version 2.0 (the "License");
1e83c8de3aa48b316b28057d53995272baf1260cwrowe you may not use this file except in compliance with the License.
1e83c8de3aa48b316b28057d53995272baf1260cwrowe You may obtain a copy of the License at
1e83c8de3aa48b316b28057d53995272baf1260cwrowe Unless required by applicable law or agreed to in writing, software
1e83c8de3aa48b316b28057d53995272baf1260cwrowe distributed under the License is distributed on an "AS IS" BASIS,
1e83c8de3aa48b316b28057d53995272baf1260cwrowe WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1e83c8de3aa48b316b28057d53995272baf1260cwrowe See the License for the specific language governing permissions and
1e83c8de3aa48b316b28057d53995272baf1260cwrowe limitations under the License.
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<blockquote>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<p>The solution of this problem is trivial
1e83c8de3aa48b316b28057d53995272baf1260cwroweand is left as an exercise for the reader.</p>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<p class="cite">-- <cite>Standard textbook cookie</cite></p>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe</blockquote>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<p>How to solve particular security constraints for an SSL-aware
1e83c8de3aa48b316b28057d53995272baf1260cwrowewebserver is not always obvious because of the coherences between SSL,
1e83c8de3aa48b316b28057d53995272baf1260cwroweHTTP and Apache's way of processing requests. This chapter gives
1e83c8de3aa48b316b28057d53995272baf1260cwroweinstructions on how to solve such typical situations. Treat is as a first
1e83c8de3aa48b316b28057d53995272baf1260cwrowestep to find out the final solution, but always try to understand the
1e83c8de3aa48b316b28057d53995272baf1260cwrowestuff before you use it. Nothing is worse than using a security solution
1e83c8de3aa48b316b28057d53995272baf1260cwrowewithout knowing its restrictions and coherences.</p>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>Cipher Suites and Enforced Strong Security</title>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<li><a href="#onlystrong">strong encryption only server</a></li>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<li><a href="#upgradeenc">server gated cryptography</a></li>
37ad54b8fd2611b7a4f2b269eec3d27ed784a25dwrowe<li><a href="#strongurl">stronger per-directory requirements</a></li>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create a real SSLv2-only server?</title>
94b262d3639149df0b02642a9daa6db8bff58577wrowe <p>The following creates an SSL server which speaks only the SSLv2 protocol and
94b262d3639149df0b02642a9daa6db8bff58577wrowe its ciphers.</p>
94b262d3639149df0b02642a9daa6db8bff58577wrowe SSLProtocol -all +SSLv2<br />
94b262d3639149df0b02642a9daa6db8bff58577wrowe SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP<br />
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create an SSL server which accepts strong encryption
1e83c8de3aa48b316b28057d53995272baf1260cwroweonly?</title>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe <p>The following enables only the seven strongest ciphers:</p>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe SSLProtocol all<br />
1e83c8de3aa48b316b28057d53995272baf1260cwrowe SSLCipherSuite HIGH:MEDIUM<br />
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create an SSL server which accepts strong encryption
1e83c8de3aa48b316b28057d53995272baf1260cwroweonly, but allows export browsers to upgrade to stronger encryption?</title>
5ac28f3fe2417368757f29cf381338357605fd52wrowe <p>This facility is called Server Gated Cryptography (SGC) and details
e1ad80c048e29e968221817698529d73098f07a4wrowe you can find in the <code>README.GlobalID</code> document in the
1e83c8de3aa48b316b28057d53995272baf1260cwrowe mod_ssl distribution. In short: The server has a Global ID server
1e83c8de3aa48b316b28057d53995272baf1260cwrowe certificate, signed by a special CA certificate from Verisign which
1e83c8de3aa48b316b28057d53995272baf1260cwrowe enables strong encryption in export browsers. This works as following:
37ad54b8fd2611b7a4f2b269eec3d27ed784a25dwrowe The browser connects with an export cipher, the server sends its Global
1e83c8de3aa48b316b28057d53995272baf1260cwrowe ID certificate, the browser verifies it and subsequently upgrades the
1e83c8de3aa48b316b28057d53995272baf1260cwrowe cipher suite before any HTTP communication takes place. The question
1e83c8de3aa48b316b28057d53995272baf1260cwrowe now is: How can we allow this upgrade, but enforce strong encryption.
1e83c8de3aa48b316b28057d53995272baf1260cwrowe Or in other words: Browser either have to initially connect with
94b262d3639149df0b02642a9daa6db8bff58577wrowe strong encryption or have to upgrade to strong encryption, but are
94b262d3639149df0b02642a9daa6db8bff58577wrowe not allowed to keep the export ciphers. The following does the trick:</p>
94b262d3639149df0b02642a9daa6db8bff58577wrowe # allow all ciphers for the initial handshake,<br />
94b262d3639149df0b02642a9daa6db8bff58577wrowe # so export browsers can upgrade via SGC facility<br />
94b262d3639149df0b02642a9daa6db8bff58577wrowe SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br />
1e83c8de3aa48b316b28057d53995272baf1260cwrowe # but finally deny all browsers which haven't upgraded<br />
1e83c8de3aa48b316b28057d53995272baf1260cwrowe SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128<br />
1e83c8de3aa48b316b28057d53995272baf1260cwrowe </Directory>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create an SSL server which accepts all types of ciphers
1e83c8de3aa48b316b28057d53995272baf1260cwrowein general, but requires a strong ciphers for access to a particular
1e83c8de3aa48b316b28057d53995272baf1260cwroweURL?</title>
1e83c8de3aa48b316b28057d53995272baf1260cwrowe <p>Obviously you cannot just use a server-wide <directive
1e83c8de3aa48b316b28057d53995272baf1260cwrowe module="mod_ssl">SSLCipherSuite</directive> which restricts the
1e83c8de3aa48b316b28057d53995272baf1260cwrowe ciphers to the strong variants. But mod_ssl allows you to reconfigure
8c8173f49dd7122e10636b3d20ae841551bd0b43wrowe the cipher suite in per-directory context and automatically forces
1e83c8de3aa48b316b28057d53995272baf1260cwrowe a renegotiation of the SSL parameters to meet the new configuration.
1e83c8de3aa48b316b28057d53995272baf1260cwrowe So, the solution is:</p>
good when the clients are of totally different type, i.e. when their