2

我有一个站点https://warsoftheheroes.eu/使用带有 SSL 的 Apache 和 Let's Encrypt 证书托管。在开发者工具的 Chrome/Chromium 浏览器中 -> 安全我看到这条消息:

Obsolete Connection Settings

The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).

这是我的 Apache SSL 配置:

<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
Listen 443

<VirtualHost _default_:443>
    ServerName localhost
    Include /etc/apache2/vhosts.d/default_vhost.include
    ErrorLog /var/log/apache2/ssl_error_log
    <IfModule log_config_module>
            TransferLog /var/log/apache2/ssl_access_log
    </IfModule>
    SSLEngine on
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
    SSLHonorCipherOrder On
    SSLCertificateFile /home/wof/ssl/fullchain1.pem
    SSLCertificateKeyFile /home/wof/ssl/privkey1.pem
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/var/www/localhost/cgi-bin">
            SSLOptions +StdEnvVars
    </Directory>
    <IfModule setenvif_module>
            BrowserMatch ".*MSIE.*" \
                    nokeepalive ssl-unclean-shutdown \
                    downgrade-1.0 force-response-1.0
    </IfModule>
    <IfModule log_config_module>
            CustomLog /var/log/apache2/ssl_request_log \
                    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </IfModule>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>

# vim: ts=4 filetype=apache

我应该在这个配置文件中改变什么来摆脱这个过时的密钥交换?

4

2 回答 2

2

根据SSLLabs 测试,您的站点不支持任何 ECDHE 密码,即使看起来您已经在服务器配置中配置了这些密码。由于 TLS 1.2 支持(你有)和 ECDHE 支持(你没有)都添加到 OpenSSL 1.0.1 中,我猜你有一个 OpenSSL 版本,它编译时不支持 ECC(因此 ECDHE) .

据我所知,旧版本的 RHEL(以及 CentOS 也是如此)和 Fedora 出厂时出于专利原因删除了 ECC 支持,因此您可以检查您是否使用了受影响的系统之一。的输出openssl ciphers -V为您提供支持哪些密码,您应该检查那里是否支持 ECDHE。

于 2017-05-10T15:32:11.757 回答
1

对不起我之前的错误。混合了一些东西。

这是如何查看服务器上支持哪些密码以及它们的首选顺序:

nmap --script ssl-enum-ciphers -p 443 warsoftheheroes.eu

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-10 17:23 CEST
Nmap scan report for warsoftheheroes.eu (81.163.204.80)
Host is up (0.051s latency).
rDNS record for 81.163.204.80: pppoe-static-a-80.interblock.pl
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

如您所见,TLSv1.2 的第三个选项是 TLS_RSA_WITH_AES_128_GCM_SHA256,它是您在配置中启用的“AES128”的一部分。

Steffen Ullrich 关于缺少 ECDHE 支持的说法可能是正确的,这可能就是为什么带有 RSA 密钥交换的密码排在第三位的原因。我认为如果支持 ECDHE 密码,它们将是首选。

于 2017-05-10T15:11:21.087 回答