読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

Apache2のTLS1.0、TLS1.1、SHA1を無効化してみる。。

■Apache2のTLS1.0、TLS1.1、SHA1を無効化してみる。
 デフォルトではSSLProtocolでTLSv1、TLSv1.1が有効、SSLv3は無効。
 SSLCipherSuiteでRC4、MD5は無効。

$ lsb_release -d
Description:	Debian GNU/Linux 8.6 (jessie)

$ openssl version
OpenSSL 1.0.1t  3 May 2016

$ netstat -an | grep :443
tcp        0      0 172.31.31.254:443       0.0.0.0:*               LISTEN

$  awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
	SSLCipherSuite HIGH:!aNULL
	SSLProtocol all -SSLv3

■基本的なテストの方法は以下と同じ。

 openssl ciphersのDEAFULTとapache2のssl.conf
 http://labunix.hateblo.jp/entry/20140211/1392048666

 「openssl s_client」でSSLサーバのテストを行ってみる。
 http://labunix.hateblo.jp/entry/20160531/1464706013

■デフォルトでMD5、RC4は無効、SHA1は有効。

$ echo "#digest";openssl ciphers -V 'HIGH:!aNULL' | awk -F= '{a[$(NF)]+=1}END{for(n in a){print n}}' | sed -e 's/(.*//g'
#digest
SHA384
AEAD
SHA256
SHA1

$ echo "#algorythm";openssl ciphers -V 'HIGH:!aNULL' | awk -F= '{a[$(NF-1)]+=1}END{for(n in a){print n}}' | sed -e 's/(.*//g'
#algorythm
Camellia
AESGCM
AES
Camellia
AESGCM
AES

■opensslコマンドでMD5、RC4は使おうと思えば使える。

$ echo "#digest";openssl ciphers -V | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}'
#digest
SHA384
AEAD
SHA256
MD5 
SHA1

$ echo "#algorythm";openssl ciphers -V | awk -F= '{a[$(NF-1)]+=1}END{for(n in a){print n}}' | sed -e 's/(.*//g' 
#algorythm
3DES
Camellia
AESGCM
SEED
AES
Camellia
AESGCM
AES
RC4

■わざわざ使おうと思う人はいないと思うけど。。。
 SSL3、TLS1.0、TLS1.1、MD5、RC4を順に試す。
 SSLv3については有効にしても対応していない様子。

$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
	SSLCipherSuite HIGH:!aNULL:RC4:MD5
	SSLProtocol all 

$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     

$ openssl s_client -connect 172.31.31.254:443 -ssl3 -debug 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, (NONE), Cipher is (NONE)
    Protocol  : SSLv3
    Cipher    : 0000

$ openssl s_client -connect 172.31.31.254:443 -tls1 -debug 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
^C

$ openssl s_client -connect 172.31.31.254:443 -tls1_1 -debug 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
^C

$ openssl s_client -connect 172.31.31.254:443 -cipher MD5 2>&1 -debug | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is RC4-MD5
    Protocol  : TLSv1.2
    Cipher    : RC4-MD5
^C

$ openssl s_client -connect 172.31.31.254:443 -cipher RC4 2>&1 -debug | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-RC4-SHA
^C

■別の方法で試してもSSLv3は見つからない。

$ openssl ciphers -v | awk '{print $1}' | \
    for CIPHER in `xargs`;do \
      openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} 2>&1 | \
        awk '/Protocol|Cipher|support/'; \
    done | grep -A 4 "New.*RC4\|New.*MD5\|SSLv3\$"
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Secure Renegotiation IS supported
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-RC4-SHA
New, (NONE), Cipher is (NONE)
--
New, TLSv1/SSLv3, Cipher is RC4-SHA
Secure Renegotiation IS supported
    Protocol  : TLSv1.2
    Cipher    : RC4-SHA
New, TLSv1/SSLv3, Cipher is RC4-MD5
Secure Renegotiation IS supported
    Protocol  : TLSv1.2
    Cipher    : RC4-MD5
New, (NONE), Cipher is (NONE)

■SSLv3についてはOpenSSL 1.0.1rと1.0.1sの間でデフォルトで無効にされた様子。

$ w3m -dump https://abi-laboratory.pro/tracker/changelog/openssl/1.0.1t/log.html | grep "SSLv3\|^ *Major" | grep -B 1 SSLv3
  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.

■nmapで確認してもSSLv3に関しては報告されない。
 MD5、RC4についての報告のみ。

$ nmap -p 443 --script ssl-enum-ciphers 172.31.31.254 | awk '/MD5|RC4|SSL/'
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong

■デフォルトでMD5、RC4が使えないことの確認。

$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
        SSLCipherSuite HIGH:!aNULL
        SSLProtocol all -SSLv3

$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     

$ openssl s_client -connect 172.31.31.254:443 -cipher MD5 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, (NONE), Cipher is (NONE)
    Protocol  : TLSv1.2
    Cipher    : 0000

$ openssl s_client -connect 172.31.31.254:443 -cipher RC4 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, (NONE), Cipher is (NONE)
    Protocol  : TLSv1.2
    Cipher    : 0000

■デフォルトでSSLv3が使えないことの確認

$ for PROTOCOL in -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls;do \
     for CIPHER in $(openssl ciphers -v | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}');do \
       echo -e "GET / HTTP/1.0\r\n" | \
       openssl s_client -connect 172.31.31.254:443 ${PROTOCOL} -cipher ${CIPHER} -debug 2>&1 | \
       grep "^HTTP.*200 OK" >/dev/null && echo "OK:${PROTOCOL},${CIPHER}"; \
     done; \
   done | tee PROTOCOL_CIPHER_LIST.log
OK:-tls1,SHA1
OK:-tls1_1,SHA1
OK:-tls1_2,SHA384
OK:-tls1_2,SHA1

$ openssl ciphers -v | awk '{print $1}' | \
    for CIPHER in `xargs`;do \
      openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} 2>&1 | \
        awk '/Protocol|Cipher|support/'; \
    done | grep -A 4 "New.*RC4\|New.*MD5\|SSLv3\$"

■TLSv1.0とTLS1.1も無効にする。

$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
        SSLCipherSuite HIGH:!aNULL
	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

$ openssl ciphers -V 'HIGH:!aNULL' | awk '/RC4|MD5/' | wc -l
0

$ echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect 172.31.31.254:443 -debug 2>&1 | awk '/Protocol|Cipher/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

$ for PROTOCOL in -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls;do \
    for CIPHER in $(openssl ciphers -v | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}');do \
      echo -e "GET / HTTP/1.0\r\n" | \
      openssl s_client -connect 172.31.31.254:443 ${PROTOCOL} -cipher ${CIPHER} -debug 2>&1 | \
      grep "^HTTP.*200 OK" >/dev/null && echo "OK:${PROTOCOL},${CIPHER}"; \
    done; \
  done | tee PROTOCOL_CIPHER_LIST.log
OK:-tls1_2,SHA384
OK:-tls1_2,SHA1


$ for PROTOCOL in -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls;do \
    for CIPHER in $(openssl ciphers -v | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}');do \
      echo -e "GET / HTTP/1.0\r\n" | \
      openssl s_client -connect 172.31.31.254:443 ${PROTOCOL} -cipher ${CIPHER} -debug 2>&1; \
    done; \
  done > PROTOCOL_CIPHER_LIST.log

$ awk '/unknown/{a[$NF]+=1}END{for(n in a){print n,a[n]}}' PROTOCOL_CIPHER_LIST.log-ssl2 5
-dtls 5

$ awk '/Protocol|Cipher|HTTP|IS.*supported/' PROTOCOL_CIPHER_LIST.log | grep -A 3 -B 1 "IS supported"
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Secure Renegotiation IS supported
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
HTTP/1.1 200 OK
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA256
Secure Renegotiation IS supported
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-SHA256
New, (NONE), Cipher is (NONE)
--
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Secure Renegotiation IS supported
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA
HTTP/1.1 200 OK

■nmapスクリプトで使用可能と報告されているのは22個。

$ nmap -p 443 --script ssl-enum-ciphers 172.31.31.254 | grep -A 100 ^PORT | awk '/TLS_/{sum+=1;print;next}{print}END{print sum}'
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
22

■「s_client」接続でサポートされていると報告しているのも22個。

$ openssl ciphers -v | awk '{print $1}' | \
    for CIPHER in `xargs`;do \
      openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} 2>&1 | \
        awk '/Protocol|Cipher|support/'; \
    done | grep -B 1 -A 3 "IS supported" | grep "Proto.*:" | wc -l
22

$ openssl ciphers -v 'HIGH:!aNULL' | awk '{print $1}' | \
    for CIPHER in `xargs`;do \
     echo "#$CIPHER"; echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
        awk '/^#|Protocol|Cipher|support/'; \
    done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-SHA256
OK:TLSv1_2,#DHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA256-SHA
OK:TLSv1_2,#AES256-GCM-SHA384
OK:TLSv1_2,#AES256-SHA256
OK:TLSv1_2,#AES256-SHA
OK:TLSv1_2,#CAMELLIA256-SHA
OK:TLSv1_2,#ECDHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA128-SHA
OK:TLSv1_2,#AES128-GCM-SHA256
OK:TLSv1_2,#AES128-SHA256
OK:TLSv1_2,#AES128-SHA
OK:TLSv1_2,#CAMELLIA128-SHA
22

■ところで接続そのものはTLS1.2だが、SSLv3用のCIPHERが10個含まれている。
 共通するのは、「SHA1」であること。

$ openssl ciphers -v 'HIGH:!aNULL' | awk '/SSLv3/{print $1}' | \
    for CIPHER in `xargs`;do \
      echo "#$CIPHER"; echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
        awk '/^#|Protocol|Cipher|support/'; \
    done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA256-SHA
OK:TLSv1_2,#AES256-SHA
OK:TLSv1_2,#CAMELLIA256-SHA
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA128-SHA
OK:TLSv1_2,#AES128-SHA
OK:TLSv1_2,#CAMELLIA128-SHA
10

$ openssl ciphers -v 'HIGH:!aNULL' | awk '/SHA /{print $1}' | \
    for CIPHER in `xargs`;do \
      echo "#$CIPHER"; \
      echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
        awk '/^#|Protocol|Cipher|support/'; \
    done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA256-SHA
OK:TLSv1_2,#AES256-SHA
OK:TLSv1_2,#CAMELLIA256-SHA
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA128-SHA
OK:TLSv1_2,#AES128-SHA
OK:TLSv1_2,#CAMELLIA128-SHA
10

■次のステップはSHA1を無効にすることになる。

$ openssl ciphers -v 'HIGH:!aNULL:!SHA1' | awk '{print $1}' | \
    for CIPHER in `xargs`;do \
      echo "#$CIPHER"; \
      echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
        awk '/^#|Protocol|Cipher|support/'; \
    done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-SHA256
OK:TLSv1_2,#AES256-GCM-SHA384
OK:TLSv1_2,#AES256-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA256
OK:TLSv1_2,#AES128-GCM-SHA256
OK:TLSv1_2,#AES128-SHA256
12

■以下のようにするとSHA1も無効となる。
 この最後の設定だけ行えば、表題の目的は達成する。

$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
	SSLCipherSuite HIGH:!aNULL:!SHA1
	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     

$ openssl ciphers -v | awk '{print $1}' | \
    for CIPHER in `xargs`;do \
      echo "#$CIPHER"; \
      echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
        awk '/^#|Protocol|Cipher|support/'; \
    done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-SHA256
OK:TLSv1_2,#AES256-GCM-SHA384
OK:TLSv1_2,#AES256-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA256
OK:TLSv1_2,#AES128-GCM-SHA256
OK:TLSv1_2,#AES128-SHA256
12

$ nmap -p 443 --script ssl-enum-ciphers 172.31.31.254 | grep -A 100 ^PORT | awk '/TLS_/{sum+=1;print;next}{print}END{print sum}'
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
12