0

After upgrading Apache and PHP to the latest version on Ubuntu 12.01 LTS the SSL sites on it became inaccessible, stating error, "ssl_error_no_cypher_overlap".

I have tried generating a new Self-Signed SSL certificate using openssl req -x509 -nodes -days 1826 -newkey rsa:2048 -keyout apache_x509_RSA-2048_days-1826_013115.key -out apache_x509_RSA-2048_days-1826_013115.crt

But when I run: /etc/ssl/our_certs# sslscan --no-failed mydomain.com

I see:

                   _
           ___ ___| |___  ___ __ _ _ __                                           
          / __/ __| / __|/ __/ _` | '_ \                                          
          \__ \__ \ \__ \ (_| (_| | | | |                                         
          |___/___/_|___/\___\__,_|_| |_|                                         

                  Version 1.8.2                                                   
             http://www.titania.co.uk                                             
        Copyright Ian Ventura-Whiting 2009                                        

Testing SSL server mydomain.com on port 443

  Supported Server Cipher(s):
    Accepted  SSLv3  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
    Accepted  SSLv3  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  SSLv3  256 bits  AES256-SHA
    Accepted  SSLv3  256 bits  CAMELLIA256-SHA
    Accepted  SSLv3  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  128 bits  CAMELLIA128-SHA

  Prefered Server Cipher(s):
    SSLv3  256 bits  ECDHE-RSA-AES256-SHA

  SSL Certificate:
    Version: 2
    Serial Number: -17181615592741643472
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=PH/ST=NCR/L=Manila/O=Our_Company/CN=mydomain.com/emailAddress=support@snowweb.net
    Not valid before: Sep  5 00:40:40 2013 GMT
    Not valid after: Sep  3 00:40:40 2023 GMT
    Subject: /C=PH/ST=NCR/L=Manila/O=Our_Company/CN=mydomain.com/emailAddress=support@mydomain.com
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
      Public-Key: (2048 bit)
      Modulus:
          00:df:c2:a9:69:9b:df:09:25:b9:6d:15:d2:2e:3c:
          d2:bf:48:40:97:7f:c9:d5:9b:d0:0c:13:0d:26:67:
          98:3e:be:fe:0a:fd:e7:da:24:90:7c:f4:51:de:6e:
          a0:98:2a:e1:23:fb:cc:0c:ab:1d:53:6a:f5:d6:f9:
          51:b4:d5:f4:f3:1b:9c:25:fa:39:83:f4:3c:3b:f4:
          c1:50:5f:b0:8d:8e:13:53:fb:05:be:4d:5c:b9:98:
          a8:58:15:76:5a:18:b9:fb:88:a8:ec:a1:c4:4e:83:
          d6:7d:9a:ce:1f:91:68:31:ae:fa:64:90:8a:e0:77:
          51:ad:ba:46:98:d8:c1:c6:1c:3d:93:c3:5f:c2:28:
          8a:0d:6f:05:58:15:d8:df:81:05:20:de:18:cf:98:
          8c:12:42:27:b4:40:5e:fb:b5:98:94:d0:d2:ae:41:
          a5:b5:a2:60:39:9f:f7:56:a0:e8:fb:6c:2c:64:d7:
          82:11:96:9f:f0:27:e1:6b:7d:fd:2c:0d:be:82:ee:
          df:39:ff:8f:f2:db:cf:0b:01:c3:31:93:a5:35:83:
          2c:4f:b2:a8:4b:66:4e:66:79:79:01:91:ef:d0:bb:
          75:6c:e3:ca:95:e2:b8:fe:3c:81:21:7b:58:49:7e:
          21:a5:12:1f:eb:8a:40:c6:4d:80:78:0f:4e:0a:3b:
          a2:2d
      Exponent: 65537 (0x10001)
    X509v3 Extensions:
      X509v3 Subject Key Identifier:
        B3:66:DF:F6:36:5C:F6:B0:A5:AF:D0:09:80:0A:88:58:04:B4:C6:04
      X509v3 Authority Key Identifier:
        keyid:B3:66:DF:F6:36:5C:F6:B0:A5:AF:D0:09:80:0A:88:58:04:B4:C6:04

      X509v3 Basic Constraints:
        CA:TRUE
  Verify Certificate:
    self signed certificate

If I understand correctly both SSL 2 and 3 are now considered insecure and I need to be using TLSv1, v1.1 or v1.2?

What I need to know is how to generate a certificate which uses those TLS versions and anything else that it should also accept?

I should perhaps mention that the certificate is to be used on multiple domains. Thanks.

Additional Info:

openssl version -a

OpenSSL 1.0.1 14 Mar 2012
built on: Fri Jan  9 17:52:49 UTC 2015
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

apache2 -v

Server version: Apache/2.4.10 (Ubuntu)
Server built:   Jul 22 2014 22:57:50

php -v

PHP 5.5.21-1+deb.sury.org~precise+2 (cli) (built: Jan 26 2015 20:02:42)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies

uname -a

Linux s2.mydomain.com 3.13.0-34-generic #60~precise1-Ubuntu SMP Wed Aug 13 15:55:33 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
MadHatter
  • 79,770
  • 20
  • 184
  • 232
Peter White
  • 586
  • 1
  • 7
  • 17
  • I note that according to the sslscan, the supported ciphers are only SSLv3 which seems to be the problem - I think Firefox and Chrome have both removed support for those, requiring us to use TLS instead, but my server doesn't seem to be supporting that. Is this because of a deficiency in the certificate or in the server config? – Peter White Jan 31 '15 at 05:47
  • The supported ciphers are not SSLv3 only. They just show up as SSLv3 because they were introduced in SSLv3. And because TLSv1.0 is basically SSLv3 no cipher will ever show up as TLSv1.0. Although your configuration should be able to support the newer TLSv1.2 ciphers – ontrack Jan 31 '15 at 13:26
  • 1
    Also, because you are regenerating certs anyway. You should probably generate a sha2 certificate from now on after you've solved your problem. Because sha1 as a signature algorithm is deprecated. – ontrack Jan 31 '15 at 13:28
  • @ontrack Thanks for the heads-up on sha1. I'll check into that. – Peter White Jan 31 '15 at 18:24

2 Answers2

5

The certificate does not determine whether the connection uses TLS or SSL; that is entirely up to the configuration of the webserver (apache in this case).

The configuration option you need to look at is SSLProtocol, probably using:

SSLProtocol all -SSLv2 -SSLv3

if you want to disable the SSL protocols but leave all the versions of TLS.

Craig Miskell
  • 4,216
  • 1
  • 16
  • 16
  • Thanks Craig, but I just tried that and restarted apache and I'm still seeing the same error. – Peter White Jan 31 '15 at 05:40
  • 2
    Not sure what else to suggest. As you say in your comment to the main question, yes, SSLv3 is not supported anymore. But the problem is with Apache, not the certificate. Something in Apache is not enabling TLS (which is odd; typically it "just works"). – Craig Miskell Jan 31 '15 at 05:54
  • Appreciate your thoughts Craig. Hopefully someone else might have encountered this - meanwhile I'll keep studying SSL. – Peter White Jan 31 '15 at 06:03
0

In addition to the SSLProtocol directive mentioned earlier, which governs the versions of the SSL/TLS protocol will be accepted in new connections, a second directive is used to configure to configure the Cipher Suite the client is permitted to negotiate in the SSL/TLS handshake phase.

That is the SSLCipherSuite directive. In theory it is possible to allow the TLS protocol but to exclude all cryptographic cyphers that are actually included in the TLS spec :). A reasonable configuration is:

SSLCipherSuite ALL:!ADH:!EXPORT:RC4+RSA:+HIGH:-MEDIUM:-LOW

a slightly "better" option is to give some precedence to cryptographic cypers that offer forward secrecy e.g.:

SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:ALL:!ADH:!EXPORT:RC4+RSA:+HIGH:-MEDIUM:-LOW

As a general note, while apache in theory it is configured primarily with the httpd.conf configuration file, that configuration file can include modular sections from additional files. (i.e. the conf.d/*.conf files and Ubuntu specific sites-enabled/*.conf) The order matters! When a some directives occur multiple times often only the last occurrence is applied. So check all includes!

HBruijn
  • 77,029
  • 24
  • 135
  • 201