Securing Apache/mod_ssl with SSL/TLS on RHEL7

Updated -

Securing Apache (httpd-2.4.6), mod_ssl (mod_ssl-2.4.6) that uses openssl

This article is part of the Securing Applications Collection

Configuration File

   /etc/httpd/conf.d/ssl.conf

shortform

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES
SSLCertificateKeyFile /etc/pki/tls/private/httpd.key
SSLCertificateFile /etc/pki/tls/certs/httpd.dh.crt
SSLCertificateChainFile /etc/pki/tls/certs/httpd-chain.crt

Protocols

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Provides general compatibility.

Higher security, reduced compatibility protocols

SSLProtocol All -SSLv2 -SSLv3

Enable TLSv1.0 for obsolete Browser Compatibility

Ciphers

    SSLCipherSuite kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES

Reasonable selection of strong ciphers

Higher compatibility, reduced security ciphers

SSLCipherSuite kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:RC4+RSA:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES

Include RC4+RSA for earlier IE compatibility.

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Allow very old browsers

Certificate Handling

Apache expects separate PEM format files for key and certificate, and another for the CA chain.

Key File

SSLCertificateKeyFile /etc/pki/tls/private/httpd.key

key should be readable only by User as defined in the main configuration file

Certificate File

SSLCertificateFile /etc/pki/tls/certs/httpd.dh.crt

Since the SSLCertificateFile can contain Diffie-Helman parameters to enable PFS it is necessary to maintain an additional pair of files.
The actual certificate should be placed in

/etc/pki/tls/certs/httpd.crt

Then the following should be run to create the combined file
This sequence should then be run periodically (weekly) to update the DH parameters, followed by a service reload.

openssl dhparam -out /etc/pki/tls/private/httpd.dh.param.tmp 2048
mv /etc/pki/tls/private/httpd.dh.param.tmp  /etc/pki/tls/private/httpd.dh.param
cat /etc/pki/tls/certs/httpd.crt /etc/pki/tls/private/httpd.dh.param >/etc/pki/tls/certs/httpd.dh.crt
systemctl reload httpd

Certificate Authority Chain

SSLCertificateChainFile /etc/pki/tls/certs/httpd-chain.crt

Intermediate and Root certificates for the SSLCertificateFile

1 Comments

Using a self-generated key is not recommended according to RFC-7919, instead use the ffdhe3072 or ffdhe4096 keys, as they are audited and proven to be safe.

ffdhe3072:

-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
N///////////AgEC
-----END DH PARAMETERS-----

ffdhe4096:

-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----

Furthermore, adding the so called DH temp-key to the SSLCertificateChainFile (which already contained the CA-bundle for the certificate) didn't work, but adding it to the SSLCertificateFile did.

The result can be tested with:

openssl s_client -connect <hostname>:443 -cipher DHE-RSA-AES128-GCM-SHA256

Output:

[...]
---
No client certificate CA names sent
Server Temp Key: DH, 4096 bits
---
SSL handshake has read 5409 bytes and written 673 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES128-GCM-SHA256
[...]

Specifying a DHE-Cipher is required in order to see the DH-key instead of the ECDH-key, which is way shorter.