■Apache2のTLS1.0、TLS1.1、SHA1を無効化してみる。
デフォルトではSSLProtocolでTLSv1、TLSv1.1が有効、SSLv3は無効。
SSLCipherSuiteでRC4、MD5は無効。
$ lsb_release -d
Description: Debian GNU/Linux 8.6 (jessie)
$ openssl version
OpenSSL 1.0.1t 3 May 2016
$ netstat -an | grep :443
tcp 0 0 172.31.31.254:443 0.0.0.0:* LISTEN
$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
SSLCipherSuite HIGH:!aNULL
SSLProtocol all -SSLv3
■基本的なテストの方法は以下と同じ。
openssl ciphersのDEAFULTとapache2のssl.conf
http://labunix.hateblo.jp/entry/20140211/1392048666
「openssl s_client」でSSLサーバのテストを行ってみる。
http://labunix.hateblo.jp/entry/20160531/1464706013
■デフォルトでMD5、RC4は無効、SHA1は有効。
$ echo "#digest";openssl ciphers -V 'HIGH:!aNULL' | awk -F= '{a[$(NF)]+=1}END{for(n in a){print n}}' | sed -e 's/(.*//g'
SHA384
AEAD
SHA256
SHA1
$ echo "#algorythm";openssl ciphers -V 'HIGH:!aNULL' | awk -F= '{a[$(NF-1)]+=1}END{for(n in a){print n}}' | sed -e 's/(.*//g'
Camellia
AESGCM
AES
Camellia
AESGCM
AES
■opensslコマンドでMD5、RC4は使おうと思えば使える。
$ echo "#digest";openssl ciphers -V | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}'
SHA384
AEAD
SHA256
MD5
SHA1
$ echo "#algorythm";openssl ciphers -V | awk -F= '{a[$(NF-1)]+=1}END{for(n in a){print n}}' | sed -e 's/(.*//g'
3DES
Camellia
AESGCM
SEED
AES
Camellia
AESGCM
AES
RC4
■わざわざ使おうと思う人はいないと思うけど。。。
SSL3、TLS1.0、TLS1.1、MD5、RC4を順に試す。
SSLv3については有効にしても対応していない様子。
$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
SSLCipherSuite HIGH:!aNULL:RC4:MD5
SSLProtocol all
$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
$ openssl s_client -connect 172.31.31.254:443 -ssl3 -debug 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, (NONE), Cipher is (NONE)
Protocol : SSLv3
Cipher : 0000
$ openssl s_client -connect 172.31.31.254:443 -tls1 -debug 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
^C
$ openssl s_client -connect 172.31.31.254:443 -tls1_1 -debug 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Protocol : TLSv1.1
Cipher : ECDHE-RSA-AES256-SHA
^C
$ openssl s_client -connect 172.31.31.254:443 -cipher MD5 2>&1 -debug | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is RC4-MD5
Protocol : TLSv1.2
Cipher : RC4-MD5
^C
$ openssl s_client -connect 172.31.31.254:443 -cipher RC4 2>&1 -debug | awk '/Protocol|Cipher|HTTP/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Protocol : TLSv1.2
Cipher : ECDHE-RSA-RC4-SHA
^C
■別の方法で試してもSSLv3は見つからない。
$ openssl ciphers -v | awk '{print $1}' | \
for CIPHER in `xargs`;do \
openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} 2>&1 | \
awk '/Protocol|Cipher|support/'; \
done | grep -A 4 "New.*RC4\|New.*MD5\|SSLv3\$"
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Secure Renegotiation IS supported
Protocol : TLSv1.2
Cipher : ECDHE-RSA-RC4-SHA
New, (NONE), Cipher is (NONE)
--
New, TLSv1/SSLv3, Cipher is RC4-SHA
Secure Renegotiation IS supported
Protocol : TLSv1.2
Cipher : RC4-SHA
New, TLSv1/SSLv3, Cipher is RC4-MD5
Secure Renegotiation IS supported
Protocol : TLSv1.2
Cipher : RC4-MD5
New, (NONE), Cipher is (NONE)
■SSLv3についてはOpenSSL 1.0.1rと1.0.1sの間でデフォルトで無効にされた様子。
$ w3m -dump https://abi-laboratory.pro/tracker/changelog/openssl/1.0.1t/log.html | grep "SSLv3\|^ *Major" | grep -B 1 SSLv3
Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
■nmapで確認してもSSLv3に関しては報告されない。
MD5、RC4についての報告のみ。
$ nmap -p 443 --script ssl-enum-ciphers 172.31.31.254 | awk '/MD5|RC4|SSL/'
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
■デフォルトでMD5、RC4が使えないことの確認。
$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
SSLCipherSuite HIGH:!aNULL
SSLProtocol all -SSLv3
$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
$ openssl s_client -connect 172.31.31.254:443 -cipher MD5 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, (NONE), Cipher is (NONE)
Protocol : TLSv1.2
Cipher : 0000
$ openssl s_client -connect 172.31.31.254:443 -cipher RC4 2>&1 | awk '/Protocol|Cipher|HTTP/'
New, (NONE), Cipher is (NONE)
Protocol : TLSv1.2
Cipher : 0000
■デフォルトでSSLv3が使えないことの確認
$ for PROTOCOL in -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls;do \
for CIPHER in $(openssl ciphers -v | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}');do \
echo -e "GET / HTTP/1.0\r\n" | \
openssl s_client -connect 172.31.31.254:443 ${PROTOCOL} -cipher ${CIPHER} -debug 2>&1 | \
grep "^HTTP.*200 OK" >/dev/null && echo "OK:${PROTOCOL},${CIPHER}"; \
done; \
done | tee PROTOCOL_CIPHER_LIST.log
OK:-tls1,SHA1
OK:-tls1_1,SHA1
OK:-tls1_2,SHA384
OK:-tls1_2,SHA1
$ openssl ciphers -v | awk '{print $1}' | \
for CIPHER in `xargs`;do \
openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} 2>&1 | \
awk '/Protocol|Cipher|support/'; \
done | grep -A 4 "New.*RC4\|New.*MD5\|SSLv3\$"
■TLSv1.0とTLS1.1も無効にする。
$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
SSLCipherSuite HIGH:!aNULL
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
$ openssl ciphers -V 'HIGH:!aNULL' | awk '/RC4|MD5/' | wc -l
0
$ echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect 172.31.31.254:443 -debug 2>&1 | awk '/Protocol|Cipher/'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
$ for PROTOCOL in -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls;do \
for CIPHER in $(openssl ciphers -v | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}');do \
echo -e "GET / HTTP/1.0\r\n" | \
openssl s_client -connect 172.31.31.254:443 ${PROTOCOL} -cipher ${CIPHER} -debug 2>&1 | \
grep "^HTTP.*200 OK" >/dev/null && echo "OK:${PROTOCOL},${CIPHER}"; \
done; \
done | tee PROTOCOL_CIPHER_LIST.log
OK:-tls1_2,SHA384
OK:-tls1_2,SHA1
$ for PROTOCOL in -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls;do \
for CIPHER in $(openssl ciphers -v | awk -F= '{a[$NF]+=1}END{for(n in a){print n}}');do \
echo -e "GET / HTTP/1.0\r\n" | \
openssl s_client -connect 172.31.31.254:443 ${PROTOCOL} -cipher ${CIPHER} -debug 2>&1; \
done; \
done > PROTOCOL_CIPHER_LIST.log
$ awk '/unknown/{a[$NF]+=1}END{for(n in a){print n,a[n]}}' PROTOCOL_CIPHER_LIST.log-ssl2 5
-dtls 5
$ awk '/Protocol|Cipher|HTTP|IS.*supported/' PROTOCOL_CIPHER_LIST.log | grep -A 3 -B 1 "IS supported"
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Secure Renegotiation IS supported
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
HTTP/1.1 200 OK
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA256
Secure Renegotiation IS supported
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-SHA256
New, (NONE), Cipher is (NONE)
--
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Secure Renegotiation IS supported
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA
HTTP/1.1 200 OK
■nmapスクリプトで使用可能と報告されているのは22個。
$ nmap -p 443 --script ssl-enum-ciphers 172.31.31.254 | grep -A 100 ^PORT | awk '/TLS_/{sum+=1;print;next}{print}END{print sum}'
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3: No supported ciphers found
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
22
■「s_client」接続でサポートされていると報告しているのも22個。
$ openssl ciphers -v | awk '{print $1}' | \
for CIPHER in `xargs`;do \
openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} 2>&1 | \
awk '/Protocol|Cipher|support/'; \
done | grep -B 1 -A 3 "IS supported" | grep "Proto.*:" | wc -l
22
$ openssl ciphers -v 'HIGH:!aNULL' | awk '{print $1}' | \
for CIPHER in `xargs`;do \
echo "#$CIPHER"; echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
awk '/^#|Protocol|Cipher|support/'; \
done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-SHA256
OK:TLSv1_2,#DHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA256-SHA
OK:TLSv1_2,#AES256-GCM-SHA384
OK:TLSv1_2,#AES256-SHA256
OK:TLSv1_2,#AES256-SHA
OK:TLSv1_2,#CAMELLIA256-SHA
OK:TLSv1_2,#ECDHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA128-SHA
OK:TLSv1_2,#AES128-GCM-SHA256
OK:TLSv1_2,#AES128-SHA256
OK:TLSv1_2,#AES128-SHA
OK:TLSv1_2,#CAMELLIA128-SHA
22
■ところで接続そのものはTLS1.2だが、SSLv3用のCIPHERが10個含まれている。
共通するのは、「SHA1」であること。
$ openssl ciphers -v 'HIGH:!aNULL' | awk '/SSLv3/{print $1}' | \
for CIPHER in `xargs`;do \
echo "#$CIPHER"; echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
awk '/^#|Protocol|Cipher|support/'; \
done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA256-SHA
OK:TLSv1_2,#AES256-SHA
OK:TLSv1_2,#CAMELLIA256-SHA
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA128-SHA
OK:TLSv1_2,#AES128-SHA
OK:TLSv1_2,#CAMELLIA128-SHA
10
$ openssl ciphers -v 'HIGH:!aNULL' | awk '/SHA /{print $1}' | \
for CIPHER in `xargs`;do \
echo "#$CIPHER"; \
echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
awk '/^#|Protocol|Cipher|support/'; \
done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-AES256-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA256-SHA
OK:TLSv1_2,#AES256-SHA
OK:TLSv1_2,#CAMELLIA256-SHA
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-AES128-SHA
OK:TLSv1_2,#DHE-RSA-CAMELLIA128-SHA
OK:TLSv1_2,#AES128-SHA
OK:TLSv1_2,#CAMELLIA128-SHA
10
■次のステップはSHA1を無効にすることになる。
$ openssl ciphers -v 'HIGH:!aNULL:!SHA1' | awk '{print $1}' | \
for CIPHER in `xargs`;do \
echo "#$CIPHER"; \
echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
awk '/^#|Protocol|Cipher|support/'; \
done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-SHA256
OK:TLSv1_2,#AES256-GCM-SHA384
OK:TLSv1_2,#AES256-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA256
OK:TLSv1_2,#AES128-GCM-SHA256
OK:TLSv1_2,#AES128-SHA256
12
■以下のようにするとSHA1も無効となる。
この最後の設定だけ行えば、表題の目的は達成する。
$ awk '!/#/&&(/CipherSuite|Protocol/)' /etc/apache2/mods-available/ssl.conf
SSLCipherSuite HIGH:!aNULL:!SHA1
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
$ sudo systemctl restart apache2.service ;netstat -an | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
$ openssl ciphers -v | awk '{print $1}' | \
for CIPHER in `xargs`;do \
echo "#$CIPHER"; \
echo "GET / HTTP/1.0 \r\n" | openssl s_client -connect 172.31.31.254:443 -cipher ${CIPHER} -tls1_2 -debug 2>&1 | \
awk '/^#|Protocol|Cipher|support/'; \
done | grep -B 2 -A 2 "IS supported" | awk '/^#/{sum+=1;print "OK:TLSv1_2,"$0}END{print sum}'
OK:TLSv1_2,#ECDHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#ECDHE-RSA-AES256-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-GCM-SHA384
OK:TLSv1_2,#DHE-RSA-AES256-SHA256
OK:TLSv1_2,#AES256-GCM-SHA384
OK:TLSv1_2,#AES256-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#ECDHE-RSA-AES128-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-GCM-SHA256
OK:TLSv1_2,#DHE-RSA-AES128-SHA256
OK:TLSv1_2,#AES128-GCM-SHA256
OK:TLSv1_2,#AES128-SHA256
12
$ nmap -p 443 --script ssl-enum-ciphers 172.31.31.254 | grep -A 100 ^PORT | awk '/TLS_/{sum+=1;print;next}{print}END{print sum}'
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3: No supported ciphers found
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
12