How to Achieve A+ Results in SSLlabs Test
17 Jul 2015 | Jindřich Zechmeister
Instructions are for anyone who manages their own server and wants to have the best possible SSL/TLS settings on their server. The instructions will help you no matter if you pay attention to maximal security or if you are simply competitive and want the best results possible. The SSLlabs test is a recognized authority and the best known SSL/TLS test. The instructions are meant for the web server Apache. Other popular web servers will come later.
Default Configuration is Not Suitable
Default SSL/TLS configuration in Debian, which is used in Zoner's Cloud server got a C in the SSLlabs test. The main objection is about enabling the SSLv3 protocol, which is not used on the Internet anymore for security reasons.
The main issues of the outdated default configuration:- SSLv3 is enabled
- RC4 encryption is enabled
- it does not support Forward Secrecy
If you adjust the default configuration you can get an A evaluation and thanks to HTTP Strict Transport Security even the highest possible evaluation A+.
Steps Towards Better Security
For better security it is necessary to solve the problems mentioned above. In general it is true that settings parameters can be set up either for the whole server (mod_ssl) or for specific websites (vhosts).
Disabling the SSLv3 Protocol
Disabling the dated SSLv3 protocol is very simple. You can disable it either for your hosts or for the whole server. The support of three TLS protocols is plenty for your web visitors. Older SSLv2 and SSLv3 protocols are not used for security reasons.
Adjust in /etc/apache2/mods-available/ssl.conf:SSLProtocol all -SSLv2 -SSLv3
Disabling the RC4 encryption
The RC4 encryption is considered problematic because it is the vector of BEAST vulnerability. Nowadays it is used on servers only to maintain compatibility with Internet Explorer on Windows XP. If RC4 is disabled on the server, the dated versions of Internet Explorer will have a problem connecting to the website from the Windows XP system (the decision whether to maintain the compatibility is up to you, I recommend disabling it.
Disabling the encryption is simple. It is enough to put an exclamation mark in front of the unwanted encryption and the server will stop using it. An exclamation mark by an abbreviation means that it should not be used. The order of encryption then determines the order of preference in which they should be used by the server during handshake.
Adjust in etc/apache2/mods-available/ssl.conf:SSLCipherSuite ... !RC4
Forward Secrecy
Forward Secrecy is designed to protect transferred information against later deciphering (for instance after a private key has been stolen). The prerequisite for a functional Forward Secrecy are two Diffie-Hellman algorhithms for key exchange DHE and ECDHE. You will find more about the use of Forward Secrecy in the article SSL Labs: Deploying Forward Secrecy. If you do not want to study the topic, it is enough to set up the encryptions below in configuration.Adjust in /etc/apache2/mods-available/ssl.conf:
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
Getting a Bonus Plus
After making the changes above, your server should get a mark A. To get A+ you need to set up HTTP Strict Transport Security.Setting Up HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) improves the security of a visitor's connection with the server because it does not allow communication by any protocol other than HTTPS. It does not let an attacker lower the level of encryption (downgrade attack) or to use unencrypted HTTP. You will find more information in a Wikepedia article HTTP Strict Transport Security.
Adjust configuration of Apache file (/etc/apache2/sites-enabled/website.conf or /etc/apache2/httpd.conf) and add the following line to VirtualHost:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomain
[...]
For proper function, you need to enable headers (sudo a2enmod headers). Apache will restart after the configuration.
Visit Our Reference Server
We have prepared a brief informative website TheBestSSL for you. The above mentioned information is there and the configuration mentioned has been applied on the server. This configuration gets an A+ in SSLlabs test. You can use it as inspiration when setting up your SSL. On the website TheBestSSL you can test your domain with the SSLlabs server test straightaway.
You have probably noticed that the evaluation consists of 4 partial evaluations of individual security elements. The certificate, SSL/TLS protocol configuration, key exchange (protocol) configuration and the cipher strength are evaluated. I will not describe the details of the evaluation methodology here because it is described in a separate document by SSLlabs.
The website TheBestSSL does not reach 100 for Key Exchange because of a bug in Apache (Bug #1219804- Support custom DH parameter file in apache 2.4), which is solved in the Apache version 2.4 and the problem is going to be repaired on the website after an update to a new version of Debian. After that Apache will respect a higher level of the Diffie-Hellman parameter than the current 1024b.
Other functions mentioned by the SSLlabs verifier, such as TLS_FALLBACK_SCSV and Public Key Pinning (HPKP) are noticeably more advanced and beyond the scope of this article. For TLS_FALLBACK_SCSV support it is enough to own a modern version OpenSSL. If your server does not support this function, update the package with OpenSSL. The HPKP configuration is described in the article HTTP Public Key Pinning Extension HPKP for Apache, NGINX and Lighttpd.
A note: In order to achieve an evaluation of 100%, our server's compatibility with browsers is set up very aggressively. For example, it only uses TLS 1.2 protocol which causes problems to many dated clients. Reference configuration is not really suitable for a production website, which is visited by older browsers and mobile clients. For example, Androids up to version 4.3, Internet Explorer 6-8 and Java will have a problem.
For sensible compatibility it is necessary to use the TLS 1.0 and TLS 1.1 protocols. Surprisingly, many clients (especially mobile ones) do not support the latest TLS version. With TLS 1.0 and 1.1 support your server will only not be able to connect to IE 6 on Win XP, because it requires RC4 support (TLS 1.0 is in initial mode in IE 6 disabled).
You will find a complete overview of SSL/TLS support for different clients on Wiki: Transport Layer SecurityTLS certificate specialist
Certificated Sales Expert Plus
e-mail: jindrich.zechmeister(at)zoner.com