I'm trying to get the 100% rating on Internet.nl and am very close. I think the only missing portion is the "Ciphers (Algorithm selections)" and I'm not sure of the best way to correct this. The issue is below, thanks so much for any help or suggestions. Code: Ciphers (Algorithm selections)close Verdict: Your web server supports one or more insufficiently secure ciphers. Technical details: Web server IP address Affected ciphers Status IPV6 address: AES256-CCM8 insufficient ... AES128-CCM8 insufficient ... AES256-SHA256 phase out ... AES128-GCM-SHA256 phase out ... AES128-SHA256 phase out ... CAMELLIA256-SHA256 phase out ... CAMELLIA128-SHA256 phase out ... CAMELLIA256-SHA phase out ... AES128-SHA phase out ... AES256-SHA phase out ... CAMELLIA128-SHA phase out ... AES256-GCM-SHA384 phase out IPV4 address: AES256-CCM8 insufficient ... AES128-CCM8 insufficient ... AES256-SHA256 phase out ... AES128-GCM-SHA256 phase out ... AES128-SHA256 phase out ... CAMELLIA256-SHA256 phase out ... CAMELLIA128-SHA256 phase out ... CAMELLIA256-SHA phase out ... AES128-SHA phase out ... AES256-SHA phase out ... CAMELLIA128-SHA phase out ... AES256-GCM-SHA384 phase out
For 100%, you need to enable the HTTPS redirect. You can do this in ISPConfig, in the settings for that web, in the redirect tab. To improve the security of your SSL connections (and fix the cipher issue): Code: nano /etc/apache2/mods-available/ssl.conf Add the following (comment out existing settings that become duplicate in this file, like SSLProtocol) Code: SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384" SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLOpenSSLConfCmd ECDHParameters Automatic SSLOpenSSLConfCmd Curves prime256v1:secp384r1 SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/ffdhe4096.pem" Then you have to create the ffdhe4096 file: Code: nano /etc/ssl/private/ffdhe4096.pem Paste: Code: -----BEGIN DH PARAMETERS----- MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e 8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= -----END DH PARAMETERS----- You will have to use a custom vhost template for Apache, and comment out SSLProtocol and SSLCipherSuite settings there: Code: cp /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/vhost.conf.master nano /usr/local/ispconfig/server/conf-custom/vhost.conf.master Do a resync of your websites through the panel after (Tools -> Resync) Restart Apache2: Code: systemctl restart apache2
Ahh I'm SO sorry Thom, I totally forgot to mention I'm using Nginx. However I guess the information you posted will still be useful for those using Apache. Thanks again, and no rush.
No problem Though I don't use nginx, so I would not know the exact equivalents. For the ciphers, I think it would be Code: ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384
Use these settings for nginx: https://ssl-config.mozilla.org/#ser...fig=intermediate&openssl=1.1.1d&guideline=5.6
Ok interesting. I assume I just add the cypher parts? As the files in /etc/nginx/sites-enabled already have some of the settings. Also can this be added in ISPconfig under the site-options-nginx directives, or does it need to be directly in /etc/nginx/sites-enabled/domain, cuz I assume it would be overwritten if inside /etc/nginx/sites-enabled Would actually appreciate if someone could identify which parts need to be added as well, if not I'll try to play around with it this weekend. Or should this actually be added inside Nginx.conf? So it's available for all sites? Thanks
It depends what you want. The guide by @Th0m applies also to nginx, just with different config files. In general, config options get overwritten by later entries. Meaning the nginx default gets overwritten by nginx config file which gets overwritten by vhost config file. The SSL settings in ispconfig are set on a "per vhost" basis meaning that this will overwrite the previous settings. If you want to set that globaly you have to delete the per-vhost-setting and use the global setting or you change the per-vhost-setting. That is what Th0m suggested (deleting individual config). However, if you only want this for one domain, you can also overwrite it with the custom setting from the web interface. So for nginx copy the /usr/local/ispconfig/server/conf/nginx_vhost.conf.master to /usr/local/ispconfig/server/conf-custom/ and delete the ssl settings (the cipher ones, not the certificates) Then the options from the global nginx config file will be used and you can set them to the suggested options. Once you have tested this with one web (the file needs to be recreated, so you can just make a minor change like a comment in the custom conf directive) then you apply it to all the webs via Options->Resync->Web You probably also have to create the dhparam file. These settings should be enough for the beginning (to delete from vhost.conf and insert in global nginx config) Code: # curl https://ssl-config.mozilla.org/ffdhe4096.txt > /etc/ssl/private/ffdhe4096.pem ssl_dhparam /etc/ssl/private/ffdhe4096.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; [edit] exchanged 2048 with 4096
Wow thanks for the clarification, I'll give it a shot this weekend and see if it works for 1 site, then update the whole server via your instructions. I assume to test one site, it's enough to just paste the below into the web interface, it should override the existing values since the Ispconfig nginx directives are written at the end. Code: # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/ssl/private/ffdhe4096.pem ssl_dhparam /etc/ssl/private/ffdhe4096.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; And of course create the dhparam file.
Code: # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/ssl/private/ffdhe4096.pem should be Code: curl https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem > /etc/ssl/private/ffdhe4096.pem
Hi guys, so I tried this on the weekend, and while I got closer, no longer showing insufficient cypher, I now got a cypher order problem. Just to clarify what I did, I ran this on the command line while su root to create the file : Code: curl https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem > /etc/ssl/private/ffdhe4096.pem Then I copied these to my nginx directive in the ispconfig interface. Code: ssl_dhparam /etc/ssl/private/ffdhe4096.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; It resolve the insufficient cypher, but now I have the cypher order issue below. Code: Cipher orderclose Verdict: Your web server does not prefer 'Good' over 'Sufficient' over 'Phase out' ciphers ('II-A'). Technical details: Web server IP address First found affected cipher pair Violated rule # ('II-B') IPV6 address DHE-RSA-AES128-GCM-SHA256 ... ECDHE-RSA-AES256-GCM-SHA384 None IPV4 address DHE-RSA-AES128-GCM-SHA256 ... ECDHE-RSA-AES256-GCM-SHA384 None I tried to search for a solution, and found this on Reddit, I've tried the suggested cypher on here, but I still get the cypher order issue. Any idea guys? This is the link to Reddit I tried. https://www.reddit.com/r/security/comments/ehkrz9/internetnl_compliance_test_apache_cipher_order/ And the cypher they suggested was : Code: SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 And of course I used ssl_cyphers instead of SSLCypherSuite, which is for Apache.
So I did some more testing, and can get 100% if I turn "ON" the " ssl_prefer_server_ciphers", but even though it's at 100%, I still get a warning about cypher order : Code: Cipher orderclose Verdict: Your web server does not offer ciphers in accordance with the prescribed ordering within a particular security level ('II-B'). Technical details: Web server IP address First found affected cipher pair Violated rule # ('II-B') IPV6 address ECDHE-RSA-AES128-GCM-SHA256 ... ECDHE-RSA-AES256-GCM-SHA384 4 IPV4 address ECDHE-RSA-AES128-GCM-SHA256 ... ECDHE-RSA-AES256-GCM-SHA384 4 You'll notice now the cypher order error has 4 violated rules instead of "none" from before. However I have resolved this by using the Reddit suggestion for cyphers : Code: SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 So now with those changes, I'm at 100% and no warnings. Are those changes ok to make, or should I fix it some other way?
As long as all your clients can connect, you are good. The problem with some old clients is that they only support old ciphers. I don't know about your users, for me it would be OK. Enforcing the cipher order has pros and cons. You will 'only' get 97% with not enforcing cipher order. However, as they write: If you only have 'good' ciphers, it is recommended to have ssl_prefer_server_ciphers off. The thing is: An attacker will only offer bad ciphers and then the server can not choose a good one. If the server offers only good ciphers, the client can choose the best one for him, which can lead to faster connections. Anyway, for small sites (lets say, smaller than amazon) it has no practical implications.
That's great information. I'd like to keep it where more client can connect and can live with 97% as long as it's secure. So I'll switch the "ssl_prefer_server_ciphers" back to "Off", but what about the cyphers? Which list should I go with? Code: From Reddit: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 Listed by Thom: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384 Listed by Steini86: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; Maybe they are all the same but in different order? it's just so difficult to read
reddit's and steini86s' lists are identical reddit and steini86 both include DHE-RSA-AES128-GCM-SHA256, which is missing from thoms' list. thom's list has ECDHE-ECDSA-AES256-SHA384, which is missing from the other two. as for what to use yourself, depends on your security requirements. these may be useful links: https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html https://www.ssl.com/guide/ssl-best-practices/
Nobody can tell you that. That is something you as a server administrator needs to know. As always: It depends. I looked up which clients connected to my site and then choose ciphers which all of them could work with. If you have only modern clients, you could use TLS1.3 only and completely remove the cipher list (There are only good ciphers for TLS1.3, so no specification needed). But that is only supported by: and newer. So, for example Android9 users will not be able to connect with these settings. The "intermediate" list with TLS1.2 supports: If you have even older clients, you have to adapt accordingly. Sometimes you don't think of all the clients you have, so its good to study the logs. For example, when I activated TLS1.3 only a few years ago only for my private Nextcloud I thought that all my computers support it but it turned out that the desktop app couldn't and failed with a cryptic error message. Took me days to figure out why it failed ... To find out which ciphers are being used (for more details see: https://community.centminmod.com/th...and-ssl-cipher-usage-statistics-logging.4985/) (untested, because I do not use nginx, so please report back if it worked) In nginx.conf add Code: log_format ssl_custom '$ssl_protocol $ssl_cipher $request'; In your custom conf field add: Code: access_log /tmp/sslstats.log ssl_custom; (you could also safe it to the standard log file if you want that permanently) After some time use "grep TLSv1.2/ /tmp/sslstats.log" to find out which clients still use TLS1.2 [edit] Just as a reference for others: For Apache I added Code: CustomLog "/var/log/apache2/ssl_request_log" "%{SSL_PROTOCOL}x %{SSL_CIPHER}x %H" to /etc/apache2/apache2.conf file to see the TLS version, cipher used and the request protocol. I then used Code: awk '{print $X}' /var/log/apache2/ssl_request_log | sort | uniq -c | sort -rn | awk '{print $2, $1}' with X=1 to see TLS version, X=2 for Cipher and X=3 for protocol version. Don't forget to delete the logfile and logging at some point in the future
This is fantastic information, I'll setup the logging and report back. I think for me the idea is to have a fairly open, but secure, setup that I can push globally in custom confs. Then for sites that require more security, they can run their own individual hardened list via the nginx directives on the web interface. I'll do a little more reading to see which combination works best for both. Thanks again.
