1e83c8de3aa48b316b28057d53995272baf1260cwrowe<?xml version='1.0' encoding='UTF-8' ?>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<!DOCTYPE manualpage SYSTEM "/style/manualpage.dtd">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<manualpage metafile="ssl_howto.xml.meta">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<parentdocument href="./">SSL/TLS</parentdocument>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe <title>SSL/TLS Strong Encryption: How-To</title>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<summary>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<blockquote>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<p>The solution of this problem is trivial

1e83c8de3aa48b316b28057d53995272baf1260cwroweand is left as an exercise for the reader.</p>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<p class="cite">-- <cite>Standard textbook cookie</cite></p>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe</blockquote>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<p>How to solve particular security constraints for an SSL-aware

1e83c8de3aa48b316b28057d53995272baf1260cwrowewebserver is not always obvious because of the coherences between SSL,

1e83c8de3aa48b316b28057d53995272baf1260cwroweHTTP and Apache's way of processing requests. This chapter gives

1e83c8de3aa48b316b28057d53995272baf1260cwroweinstructions on how to solve such typical situations. Treat is as a first

1e83c8de3aa48b316b28057d53995272baf1260cwrowestep to find out the final solution, but always try to understand the

1e83c8de3aa48b316b28057d53995272baf1260cwrowestuff before you use it. Nothing is worse than using a security solution

1e83c8de3aa48b316b28057d53995272baf1260cwrowewithout knowing its restrictions and coherences.</p>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe</summary>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<section id="ciphersuites">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>Cipher Suites and Enforced Strong Security</title>

56e85d89d42a6980f31b800266649efbed338da3wrowe<ul>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<li><a href="#realssl">SSLv2 only server</a></li>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<li><a href="#onlystrong">strong encryption only server</a></li>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<li><a href="#upgradeenc">server gated cryptography</a></li>

37ad54b8fd2611b7a4f2b269eec3d27ed784a25dwrowe<li><a href="#strongurl">stronger per-directory requirements</a></li>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe</ul>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<section id="realssl">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create a real SSLv2-only server?</title>

94b262d3639149df0b02642a9daa6db8bff58577wrowe <p>The following creates an SSL server which speaks only the SSLv2 protocol and

94b262d3639149df0b02642a9daa6db8bff58577wrowe its ciphers.</p>

94b262d3639149df0b02642a9daa6db8bff58577wrowe

94b262d3639149df0b02642a9daa6db8bff58577wrowe <example><title>httpd.conf</title>

94b262d3639149df0b02642a9daa6db8bff58577wrowe SSLProtocol -all +SSLv2<br />

94b262d3639149df0b02642a9daa6db8bff58577wrowe SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP<br />

94b262d3639149df0b02642a9daa6db8bff58577wrowe </example>

94b262d3639149df0b02642a9daa6db8bff58577wrowe</section>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<section id="onlystrong">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create an SSL server which accepts strong encryption

1e83c8de3aa48b316b28057d53995272baf1260cwroweonly?</title>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe <p>The following enables only the seven strongest ciphers:</p>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe <example><title>httpd.conf</title>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe SSLProtocol all<br />

1e83c8de3aa48b316b28057d53995272baf1260cwrowe SSLCipherSuite HIGH:MEDIUM<br />

1e83c8de3aa48b316b28057d53995272baf1260cwrowe </example>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe</section>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<section id="upgradeenc">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create an SSL server which accepts strong encryption

1e83c8de3aa48b316b28057d53995272baf1260cwroweonly, but allows export browsers to upgrade to stronger encryption?</title>

5ac28f3fe2417368757f29cf381338357605fd52wrowe <p>This facility is called Server Gated Cryptography (SGC) and details

e1ad80c048e29e968221817698529d73098f07a4wrowe you can find in the <code>README.GlobalID</code> document in the

1e83c8de3aa48b316b28057d53995272baf1260cwrowe mod_ssl distribution. In short: The server has a Global ID server

1e83c8de3aa48b316b28057d53995272baf1260cwrowe certificate, signed by a special CA certificate from Verisign which

1e83c8de3aa48b316b28057d53995272baf1260cwrowe enables strong encryption in export browsers. This works as following:

37ad54b8fd2611b7a4f2b269eec3d27ed784a25dwrowe The browser connects with an export cipher, the server sends its Global

1e83c8de3aa48b316b28057d53995272baf1260cwrowe ID certificate, the browser verifies it and subsequently upgrades the

1e83c8de3aa48b316b28057d53995272baf1260cwrowe cipher suite before any HTTP communication takes place. The question

1e83c8de3aa48b316b28057d53995272baf1260cwrowe now is: How can we allow this upgrade, but enforce strong encryption.

1e83c8de3aa48b316b28057d53995272baf1260cwrowe Or in other words: Browser either have to initially connect with

94b262d3639149df0b02642a9daa6db8bff58577wrowe strong encryption or have to upgrade to strong encryption, but are

94b262d3639149df0b02642a9daa6db8bff58577wrowe not allowed to keep the export ciphers. The following does the trick:</p>

94b262d3639149df0b02642a9daa6db8bff58577wrowe <example><title>httpd.conf</title>

94b262d3639149df0b02642a9daa6db8bff58577wrowe # allow all ciphers for the initial handshake,<br />

94b262d3639149df0b02642a9daa6db8bff58577wrowe # so export browsers can upgrade via SGC facility<br />

94b262d3639149df0b02642a9daa6db8bff58577wrowe SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br />

94b262d3639149df0b02642a9daa6db8bff58577wrowe <br />

94b262d3639149df0b02642a9daa6db8bff58577wrowe &lt;Directory /usr/local/apache2/htdocs&gt;<br />

1e83c8de3aa48b316b28057d53995272baf1260cwrowe # but finally deny all browsers which haven't upgraded<br />

1e83c8de3aa48b316b28057d53995272baf1260cwrowe SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128<br />

1e83c8de3aa48b316b28057d53995272baf1260cwrowe &lt;/Directory&gt;

1e83c8de3aa48b316b28057d53995272baf1260cwrowe </example>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe</section>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<section id="strongurl">

1e83c8de3aa48b316b28057d53995272baf1260cwrowe<title>How can I create an SSL server which accepts all types of ciphers

1e83c8de3aa48b316b28057d53995272baf1260cwrowein general, but requires a strong ciphers for access to a particular

1e83c8de3aa48b316b28057d53995272baf1260cwroweURL?</title>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe <p>Obviously you cannot just use a server-wide <directive

1e83c8de3aa48b316b28057d53995272baf1260cwrowe module="mod_ssl">SSLCipherSuite</directive> which restricts the

1e83c8de3aa48b316b28057d53995272baf1260cwrowe ciphers to the strong variants. But mod_ssl allows you to reconfigure

8c8173f49dd7122e10636b3d20ae841551bd0b43wrowe the cipher suite in per-directory context and automatically forces

1e83c8de3aa48b316b28057d53995272baf1260cwrowe a renegotiation of the SSL parameters to meet the new configuration.

1e83c8de3aa48b316b28057d53995272baf1260cwrowe So, the solution is:</p>

1e83c8de3aa48b316b28057d53995272baf1260cwrowe <example>

# be liberal in general<br />

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br />

<br />

&lt;Location /strong/area&gt;<br />

# but https://hostname/strong/area/ and below<br />

# requires strong ciphers<br />

SSLCipherSuite HIGH:MEDIUM<br />

&lt;/Location&gt;

</example>

</section>

</section>

<section id="accesscontrol">

<title>Client Authentication and Access Control</title>

<ul>

<li><a href="#allclients">simple certificate-based client authentication</a></li>

<li><a href="#arbitraryclients">selective certificate-based client authentication</a></li>

<li><a href="#certauthenticate">particular certificate-based client authentication</a></li>

<li><a href="#intranet">intranet vs. internet authentication</a></li>

</ul>

<section id="allclients">

<title>How can I authenticate clients based on certificates when I know

all my clients?</title>

<p>When you know your user community (i.e. a closed user group

situation), as it's the case for instance in an Intranet, you can

use plain certificate authentication. All you have to do is to

create client certificates signed by your own CA certificate

<code>ca.crt</code> and then verify the clients against this

certificate.</p>

<example><title>httpd.conf</title>

# require a client certificate which has to be directly<br />

# signed by our CA certificate in ca.crt<br />

SSLVerifyClient require<br />

SSLVerifyDepth 1<br />

SSLCACertificateFile conf/ssl.crt/ca.crt

</example>

</section>

<section id="arbitraryclients">

<title>How can I authenticate my clients for a particular URL based on

certificates but still allow arbitrary clients to access the remaining

parts of the server?</title>

<p>For this we again use the per-directory reconfiguration feature

of <module>mod_ssl</module>:</p>

<example><title>httpd.conf</title>

SSLVerifyClient none<br />

SSLCACertificateFile conf/ssl.crt/ca.crt<br />

<br />

&lt;Location /secure/area&gt;<br />

SSLVerifyClient require<br />

SSLVerifyDepth 1<br />

&lt;/Location&gt;<br />

</example>

</section>

<section id="certauthenticate">

<title>How can I authenticate only particular clients for a some URLs based

on certificates but still allow arbitrary clients to access the remaining

parts of the server?</title>

<p>The key is to check for various ingredients of the client certificate.

Usually this means to check the whole or part of the Distinguished

Name (DN) of the Subject. For this two methods exists: The <module

>mod_auth_basic</module> based variant and the <directive

module="mod_ssl">SSLRequire</directive> variant. The first method is

good when the clients are of totally different type, i.e. when their

DNs have no common fields (usually the organisation, etc.). In this

case you've to establish a password database containing <em>all</em>

clients. The second method is better when your clients are all part of

a common hierarchy which is encoded into the DN. Then you can match

them more easily.</p>

<p>The first method:</p>

<example><title>httpd.conf</title><pre>

SSLVerifyClient none

&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;

SSLVerifyClient require

SSLVerifyDepth 5

SSLCACertificateFile conf/ssl.crt/ca.crt

SSLCACertificatePath conf/ssl.crt

SSLOptions +FakeBasicAuth

SSLRequireSSL

AuthName "Snake Oil Authentication"

AuthType Basic

AuthBasicProvider file

AuthUserFile /usr/local/apache2/conf/httpd.passwd

require valid-user

&lt;/Directory&gt;</pre>

</example>

<example><title>httpd.passwd</title><pre>

/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA

/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA

/C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA</pre>

</example>

<p>The second method:</p>

<example><title>httpd.conf</title><pre>

SSLVerifyClient none

&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;

SSLVerifyClient require

SSLVerifyDepth 5

SSLCACertificateFile conf/ssl.crt/ca.crt

SSLCACertificatePath conf/ssl.crt

SSLOptions +FakeBasicAuth

SSLRequireSSL

SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \

and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}

&lt;/Directory&gt;</pre>

</example>

</section>

<section id="intranet">

<title>How can I require HTTPS with strong ciphers and either basic

authentication or client certificates for access to a subarea on the

Intranet website for clients coming from the Internet but still allow

plain HTTP access for clients on the Intranet?</title>

<p>Let us assume the Intranet can be distinguished through the IP

network 192.160.1.0/24 and the subarea on the Intranet website has

the URL <code>/subarea</code>. Then configure the following outside

your HTTPS virtual host (so it applies to both HTTPS and HTTP):</p>

<example><title>httpd.conf</title><pre>

SSLCACertificateFile conf/ssl.crt/company-ca.crt

&lt;Directory /usr/local/apache2/htdocs&gt;

# Outside the subarea only Intranet access is granted

Order deny,allow

Deny from all

Allow from 192.168.1.0/24

&lt;/Directory&gt;

&lt;Directory /usr/local/apache2/htdocs/subarea&gt;

# Inside the subarea any Intranet access is allowed

# but from the Internet only HTTPS + Strong-Cipher + Password

# or the alternative HTTPS + Strong-Cipher + Client-Certificate

# If HTTPS is used, make sure a strong cipher is used.

# Additionally allow client certs as alternative to basic auth.

SSLVerifyClient optional

SSLVerifyDepth 1

SSLOptions +FakeBasicAuth +StrictRequire

SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128

# Force clients from the Internet to use HTTPS

RewriteEngine on

RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$

RewriteCond %{HTTPS} !=on

RewriteRule .* - [F]

# Allow Network Access and/or Basic Auth

Satisfy any

# Network Access Control

Order deny,allow

Deny from all

Allow 192.168.1.0/24

# HTTP Basic Authentication

AuthType basic

AuthName "Protected Intranet Area"

AuthBasicProvider file

AuthUserFile conf/protected.passwd

Require valid-user

&lt;/Directory&gt;</pre>

</example>

</section>

</section>

</manualpage>