<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 8/29/2020 5:16 PM, Thierry Moreau
A weird observation from my experimentation with open source
I installed an Apache server with a single TLS profile which I
believed robust in spite of being a bit outdated. I prioritized
Diffie-Hellman for «forward secrecy», considered RSA, AES128 CBC,
and SHA valid choices despite a bulk encryption key size in the
low range. I assumed that a recent openssl library would implement
the most needed countermeasures for known veakenesses in TLS 1.0.
I configured the thing HTTPS-only and requiring client certificate
in all cases. Indeed I recorded that a friendly certificate
«subject public key» was used in the connection (through apache
SSL environment variables ...).
In essence, it appears to work as intended.
The Firefox version 76.0.1 reported
«TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 128 bit keys, TLS 1.0» as the
technical details for the security of the web page.
In essence, it appears to work as intended ... but
The firefox browser qualifies this as «broken encryption». «Your
connection to this website uses weak encryption and is not
private. Other people can view your information or modify the
website's behavior. Information sent over the Internet without
encryption can be seen by other people while it is in transit.»
And the security icon on the left of the URL entry field is
Am I too old to craft an apache/openssl secure configuration?
Indeed I am reluctant to chase a configuration including
Diffie-Hellman forward secrecy that would fate better in the
Firefox security assessment.
How can I claim that this is secure to third parties?
- Thierry Moreau
(In case you want to try with a different client browser, this
listens on the public Internet but requires a client certificate.
Since I trust only individually selected end-entity certificates
as roots of trust, you need to send me your application
«out-of-band» with a motivation letter ... OK, off-list e-mail
might allow you a short cryptoperiod of trust -- I reserve the
right to limit the not-after field in the certificate. Public key
algorithms other than RSA or with short modulus will be rejected
without contacting the applicant!)
<p>These days, the preference is for at least version 1.2 of TLS. I
have used the following two configuration lines in my Apache2
<pre>SSLProtocol -all +TLSv1.2 +TLSv1.3</pre>
<p>For what it's worth, Qualys claims to be an "SSL Lab" that offers
an analysis tool at <a class="moz-txt-link-freetext" href="https://www.ssllabs.com/ssltest/analyze.html">https://www.ssllabs.com/ssltest/analyze.html</a>.
I have no idea how reliable the tool actually is, but with the
configuration lines above, my site receives a grade of "A". (The
certificate is provided by LetsEncrypt.)</p>
<p> - Ken<br>