I think SSL/TLS should be part of security hardening process. Only fools would not use cryptography technology in post-prism era. I think what Mr Snowden did, that was proved one thing: Richard Stallman and Phrack guys( I prefer use the term "philosophical anarchist") never lie to us;-) Well, I don't wanna bullshit anything about this controversial topic here...let's see how we can set up a HTTPS server with client auth.
Generate CA certificates:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# cp /usr/lib/ssl/misc/CA.sh .
root@d6-test:/opt/ssl# ./CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 2048 bit RSA private key
..................................+++
..............................................+++
writing new private key to './demoCA/private/./cakey.pem'
.............................................
.............................................
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MOT
Organizational Unit Name (eg, section) []:MOT
Common Name (e.g. server FQDN or YOUR name) []:hardened-shit
Email Address []:info@hardened-shit.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
c0:81:0e:bc:52:d0:19:5a
Validity
Not Before: Nov 19 02:08:14 2013 GMT
Not After : Nov 18 02:08:14 2016 GMT
Subject:
countryName = CN
stateOrProvinceName = Shanghai
organizationName = MOT
organizationalUnitName = MOT
commonName = hardened-shit
emailAddress = info@hardened-shit.com
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:38:4C:2F:FE:CF:E5:19:E9:AC:C5:03:6E:81:6A:D9:15:8F:A8:63
X509v3 Authority Key Identifier:
keyid:D5:38:4C:2F:FE:CF:E5:19:E9:AC:C5:03:6E:81:6A:D9:15:8F:A8:63
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Nov 18 02:08:14 2016 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
--------------------------------------------------------------------------------
Copy intermediate key and certificate:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# cp demoCA/private/cakey.pem ca.key
root@d6-test:/opt/ssl#
root@d6-test:/opt/ssl# cp demoCA/cacert.pem ca.crt
--------------------------------------------------------------------------------
Generate server key:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...+++
.................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
--------------------------------------------------------------------------------
Generate server CSR(Certificate Signing Request) with server key:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# openssl req -new -key server.key -out server.csr
...........................................
........................................
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MOT
Organizational Unit Name (eg, section) []:MOT
Common Name (e.g. server FQDN or YOUR name) []:hardened-shit
Email Address []:info@hardened-shit.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
--------------------------------------------------------------------------------
Genrate server certificate:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# openssl req -x509 -days 2048 -key server.key -in server.csr > server.crt
Enter pass phrase for server.key
--------------------------------------------------------------------------------
You can check out the cert or verify it:
openssl x509 -noout -text -in server.crt
openssl verify -CAfile ca.crt server.crt
Generate client's key:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# openssl genrsa -des3 -out client.key 2048
Generating RSA private key, 2048 bit long modulus
..........................................................................................................................................+++
........+++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:
--------------------------------------------------------------------------------
Client's CSR:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# openssl req -new -key client.key -out client.csr
.......................................................
..............................................
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MOT
Organizational Unit Name (eg, section) []:MOT
Common Name (e.g. server FQDN or YOUR name) []:hardened-shit
Email Address []:info@hardened-info.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Generate client's certificate with CA certificate's signature:
root@d6-test:/opt/ssl# openssl ca -in client.csr -out client.crt
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
c0:81:0e:bc:52:d0:19:5c
Validity
Not Before: Nov 19 02:28:13 2013 GMT
Not After : Nov 19 02:28:13 2014 GMT
Subject:
countryName = CN
stateOrProvinceName = Shanghai
organizationName = MOT
organizationalUnitName = MOT
commonName = hardened-shit
emailAddress = info@hardened-info.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A6:A5:D7:7C:C7:A8:C3:24:C7:90:14:76:84:15:43:D0:2C:0C:31:66
X509v3 Authority Key Identifier:
keyid:D5:38:4C:2F:FE:CF:E5:19:E9:AC:C5:03:6E:81:6A:D9:15:8F:A8:63
Certificate is to be certified until Nov 19 02:28:13 2014 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
--------------------------------------------------------------------------------
Convert to pkcs12 format, which can be identified by firefox:
--------------------------------------------------------------------------------
root@d6-test:/opt/ssl# openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.pfx
Enter pass phrase for client.key:
Enter Export Password:
Verifying - Enter Export Password:
--------------------------------------------------------------------------------
Enable SSL/TLS support in Apache2:
--------------------------------------------------------------------------------
root@hardened-shit:/opt# mv ssl /etc/ssl/hardened-shit
root@hardened-shit:/etc/apache2# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
root@hardened-shit:/etc/apache2# a2enmod ssl
Module ssl already enabled
edit /etc/apache2/sites-enabled/default-ssl:
SSLCertificateFile /etc/ssl/hardened-shit/server.crt
SSLCertificateKeyFile /etc/ssl/hardened-shit/server.key
SSLCertificateChainFile /etc/ssl/hardened-shit/ca.crt
SSLCACertificatePath /etc/ssl/hardened-shit/
SSLCACertificateFile /etc/ssl/hardened-shit/ca.crt
SSLVerifyClient require
SSLVerifyDepth 10
Disable port 80:
root@hardened-shit:/etc/apache2# a2dissite default
--------------------------------------------------------------------------------
Done....it should works.
btw: I highly recommend you to read these two articles if you want to know further: Hardening Your Web Server's SSL Ciphers, and TLS Perfect Forward Secrecy support with Apache
I only enable the secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLProtocol +TLSv1.2 +TLSv1.1
Showing posts with label openssl. Show all posts
Showing posts with label openssl. Show all posts
Wednesday, November 27, 2013
Thursday, March 28, 2013
Openssl renegotiation DoS attack is still an issue
Openssl renegotiate would causes DoS attack was disclosured in 2011,then THC released their DoS attack tools. This issue what we called CVE-2011-1473 until now the openssl upstream community doesn't give any solution. So, it seems they've been leaving this issue to the application developers( suck this shit in mind), such as Apache2 provide a optional config that you can disable renegotiation.
Let's see what Apache2 server would do in most cases:
shawn@fortress / $ openssl s_client -connect build.opensuse.org:443
..............................
..............................
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate) ---
R // Press R, then enter
RENEGOTIATING 140722018514592:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:592:
According to Vincent Bernat, a server will require 15 times the processing power of a client, which means an Intel i7 CPU laptop can kick a bunch of servers's ass. Plz take a look at my test data:
Test environment:SLES 11 SP2 , assigned 2 cores + 1GB memory in virtual machine
Case I:
Server: openssl s_server -key server-key.pem
Client: thc-ssl-dos 192.168.0.1 4433 --accept -l 10000
The worst case:
Cpu0 : 1.3%us, 1.7%sy, 0.0%ni, 97.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 53.1%us, 5.1%sy, 0.0%ni, 37.1%id, 0.0%wa, 0.0%hi, 0.7%si, 0.0%st
Case II: Vincent Bernat provided us an open source hardening/mitigation solution, which add some rate-limit/fixed hex data for filtering on the netfilter.
#sh iptables.sh
#iptables -A INPUT -d 192.168.0.1 -p tcp --dport 4433 -j LIMIT_RENEGOCIATION
Server: openssl s_server -key server-key.pem
Client: thc-ssl-dos 192.168.0.1 4433 --accept -l 10000
The worst case:
Cpu0 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 0.0%us, 0.7%sy, 0.0%ni, 99.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Well done, Vincent! Your solution works. But I'm not sure this may cause the side-effect. Vincent added some fixed hex data as filtering policy on the netfilter. What if the same hex data occurs? Is false positive possible?
Let's see what Apache2 server would do in most cases:
shawn@fortress / $ openssl s_client -connect build.opensuse.org:443
..............................
..............................
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate) ---
R // Press R, then enter
RENEGOTIATING 140722018514592:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:592:
According to Vincent Bernat, a server will require 15 times the processing power of a client, which means an Intel i7 CPU laptop can kick a bunch of servers's ass. Plz take a look at my test data:
Test environment:SLES 11 SP2 , assigned 2 cores + 1GB memory in virtual machine
Case I:
Server: openssl s_server -key server-key.pem
Client: thc-ssl-dos 192.168.0.1 4433 --accept -l 10000
The worst case:
Cpu0 : 1.3%us, 1.7%sy, 0.0%ni, 97.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 53.1%us, 5.1%sy, 0.0%ni, 37.1%id, 0.0%wa, 0.0%hi, 0.7%si, 0.0%st
Case II: Vincent Bernat provided us an open source hardening/mitigation solution, which add some rate-limit/fixed hex data for filtering on the netfilter.
#sh iptables.sh
#iptables -A INPUT -d 192.168.0.1 -p tcp --dport 4433 -j LIMIT_RENEGOCIATION
Server: openssl s_server -key server-key.pem
Client: thc-ssl-dos 192.168.0.1 4433 --accept -l 10000
The worst case:
Cpu0 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 0.0%us, 0.7%sy, 0.0%ni, 99.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Well done, Vincent! Your solution works. But I'm not sure this may cause the side-effect. Vincent added some fixed hex data as filtering policy on the netfilter. What if the same hex data occurs? Is false positive possible?
Subscribe to:
Posts (Atom)