61c93bd3c7
Change-Id: I2ee596f6e40986e33ccbdc606220d755c249c4d3
264 lines
12 KiB
XML
264 lines
12 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<chapter xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook" xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="ch020_ssl-everywhere"><?dbhtml stop-chunking?>
|
||
<title>SSL Proxies and HTTP Services</title>
|
||
<para>OpenStack endpoints are HTTP services providing APIs to both end-users on public networks and to other OpenStack services within the same deployment operating over the management network. It is highly recommended these requests, both those internal and external, operate over SSL.</para>
|
||
<para>In order for API requests to be encrypted by SSL it's necessary to position the API services behind a proxy that will establish and terminate SSL sessions. The following table offers a non-exhaustive list of software services that can proxy SSL traffic for API requests:</para>
|
||
<itemizedlist><listitem>
|
||
<para><link xlink:href="http://www.apsis.ch/pound">Pound</link></para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><link xlink:href="https://github.com/bumptech/stud">Stud</link></para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><link xlink:href="http://nginx.org/">nginx</link></para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><link xlink:href="http://www.apache.org/">Apache httpd</link></para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Hardware appliance SSL acceleration proxies</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
<para>It is important to be mindful of the size of requests that will be processed by any chosen SSL proxy.</para>
|
||
<section xml:id="ch020_ssl-everywhere-idp44384">
|
||
<title>Examples</title>
|
||
<para>Below we provide some sample recommended configuration settings for enabling SSL in some of the more popular web servers/SSL terminators. Note that we have SSL v3 enabled in some of these examples as this will be required in many deployments for client compatibility.</para>
|
||
<para>Before we delve into the configurations, we briefly discuss the ciphers' configuration element and its format. A more exhaustive treatment on available ciphers and the OpenSSL cipher list format can be found at: <link xlink:href="https://www.openssl.org/docs/apps/ciphers.html">ciphers</link>.</para>
|
||
<programlisting>
|
||
ciphers = "HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM"
|
||
</programlisting>
|
||
<para>or</para>
|
||
<programlisting>
|
||
ciphers = "kEECDH:kEDH:kRSA:HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM"
|
||
</programlisting>
|
||
<para>Cipher string options are separated by ":", while "!" provides negation of the immediately following element. Element order indicates preference unless overridden by qualifiers such as HIGH. Let us take a closer look at the elements in the above sample strings.</para>
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term><code>kEECDH:kEDH</code></term>
|
||
<listitem>
|
||
<para>Ephemeral Elliptic Curve Diffie-Hellman (abbreviated as EECDH and ECDHE).</para>
|
||
<para>Ephemeral Diffie-Hellman (abbreviated either as EDH or DHE) uses prime field groups.</para>
|
||
<para>Both approaches provide <link xlink:href="http://en.wikipedia.org/wiki/Forward_secrecy">Perfect Forward Secrecy (PFS)</link>.</para>
|
||
<para>Ephemeral Elliptic Curves require the server to be configured with a named curve, and provide better security than prime field groups and at lower computational cost. However, prime field groups are more widely implemented, and thus typically both are included in list.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>kRSA</code></term>
|
||
<listitem>
|
||
<para>Cipher suites using the <link xlink:href="http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29">RSA</link> exchange, authentication or either respectively.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>HIGH</code></term>
|
||
<listitem>
|
||
<para>Selects highest possible security cipher in the negotiation phase. These typically have keys of length 128 bits or longer.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>!RC4</code></term>
|
||
<listitem>
|
||
<para>No RC4. RC4 has flaws in the context of TLS/SSL V3. See <link xlink:href="cr.yp.to/streamciphers/rc4biases-20130708.pdf"> On the Security of RC4 in TLS and WPA</link>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>!MD5</code></term>
|
||
<listitem>
|
||
<para>No MD5. MD5 is not collision resistant, and thus not acceptable for Message Authentication Codes (MAC) or signatures.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>!aNULL:!eNULL</code></term>
|
||
<listitem>
|
||
<para>Disallows clear text</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>!EXP</code></term>
|
||
<listitem>
|
||
<para>Disallows export encryption algorithms, which by design tend to were weak, typically using 40 and 56 bit keys.</para>
|
||
<para>US Export restrictions on cryptography systems have been lifted and no longer need to be supported.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>!LOW:!MEDIUM</code></term>
|
||
<listitem>
|
||
<para>Disallows low (keys 56 or 64 bits long) and medium (128 bit long keys) ciphers because of their vulnerability to brute force attacks (example 2-DES). This constraint leaves acceptable Triple Data Encryption Standard (Triple DES) also known as Triple Data Encryption Algorithm (TDEA) and the Advanced Encryption Standard (AES), each of which has keys greater than equal to 128 bits and thus more secure.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
<varlistentry>
|
||
<term><code>Protocols</code></term>
|
||
<listitem>
|
||
<para>Protocols are enabled/disabled through SSL_CTX_set_options. We recommend disabling SSLv2 and enabling TLS or SSLv3 (which was standardised as TLS with a few changes).</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
<section xml:id="ch020_ssl-everywhere-idp45712">
|
||
<title>Pound - with AES-NI acceleration</title>
|
||
<screen>
|
||
## see pound(8) for details
|
||
daemon 1
|
||
######################################################################
|
||
## global options:
|
||
User "swift"
|
||
Group "swift"
|
||
#RootJail "/chroot/pound"
|
||
## Logging: (goes to syslog by default)
|
||
## 0 no logging
|
||
## 1 normal
|
||
## 2 extended
|
||
## 3 Apache-style (common log format)
|
||
LogLevel 0
|
||
## turn on dynamic scaling (off by default)
|
||
# Dyn Scale 1
|
||
## check backend every X secs:
|
||
Alive 30
|
||
## client timeout
|
||
#Client 10
|
||
## allow 10 second proxy connect time
|
||
ConnTO 10
|
||
## use hardware-acceleration card supported by openssl(1):
|
||
SSLEngine "aesni"
|
||
# poundctl control socket
|
||
Control "/var/run/pound/poundctl.socket"
|
||
######################################################################
|
||
## listen, redirect and ... to:
|
||
## redirect all swift requests on port 443 to local swift proxy
|
||
ListenHTTPS
|
||
Address 0.0.0.0
|
||
Port 443
|
||
Cert "/etc/pound/cert.pem"
|
||
## Certs to accept from clients
|
||
## CAlist "CA_file"
|
||
## Certs to use for client verification
|
||
## VerifyList "Verify_file"
|
||
## Request client cert - don't verify
|
||
## Ciphers "AES256-SHA"
|
||
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
|
||
NoHTTPS11 0
|
||
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
|
||
xHTTP 1
|
||
Service
|
||
BackEnd
|
||
Address 127.0.0.1
|
||
Port 80
|
||
End
|
||
End
|
||
End</screen>
|
||
</section>
|
||
<section xml:id="ch020_ssl-everywhere-idp50320">
|
||
<title>Stud</title>
|
||
<para>This stud example enables SSL v3 for client compatibility. The ciphers line can be tweaked based on your needs, however this is a reasonable starting place.</para>
|
||
<screen>
|
||
# SSL x509 certificate file.
|
||
pem-file = "
|
||
# SSL protocol.
|
||
ssl = on
|
||
# List of allowed SSL ciphers.
|
||
# OpenSSL's high-strength ciphers which require authentication
|
||
# NOTE: forbids clear text, use of RC4 or MD5 or LOW and MEDIUM strength ciphers
|
||
ciphers = "HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM"
|
||
# Enforce server cipher list order
|
||
prefer-server-ciphers = on
|
||
# Number of worker processes
|
||
workers = 4
|
||
# Listen backlog size
|
||
backlog = 1000
|
||
# TCP socket keepalive interval in seconds
|
||
keepalive = 3600
|
||
# Chroot directory
|
||
chroot = ""
|
||
# Set uid after binding a socket
|
||
user = "www-data"
|
||
# Set gid after binding a socket
|
||
group = "www-data"
|
||
# Quiet execution, report only error messages
|
||
quiet = off
|
||
# Use syslog for logging
|
||
syslog = on
|
||
# Syslog facility to use
|
||
syslog-facility = "daemon"
|
||
# Run as daemon
|
||
daemon = off
|
||
# Report client address using SENDPROXY protocol for haproxy
|
||
# Disabling this until we upgrade to HAProxy 1.5
|
||
write-proxy = off</screen>
|
||
</section>
|
||
</section>
|
||
<section xml:id="ch020_ssl-everywhere-idp53424">
|
||
<title>nginx</title>
|
||
<para>This nginx example requires TLS v1.1 or v1.2 for maximum security. The ssl_ciphers line can be tweaked based on your needs, however this is a reasonable starting place.</para>
|
||
<screen>
|
||
server {
|
||
listen : ssl;
|
||
ssl_certificate ;
|
||
ssl_certificate_key ;
|
||
ssl_protocols TLSv1.1 TLSv1.2;
|
||
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
||
|
||
server_name _;
|
||
keepalive_timeout 5;
|
||
|
||
location / {
|
||
|
||
}
|
||
}</screen>
|
||
<section xml:id="ch020_ssl-everywhere-idp55264">
|
||
<title>Apache</title>
|
||
<screen>
|
||
<VirtualHost <ip address>:80>
|
||
ServerName <site FQDN>
|
||
RedirectPermanent / https://<site FQDN>/
|
||
</VirtualHost>
|
||
<VirtualHost <ip address>:443>
|
||
ServerName <site FQDN>
|
||
SSLEngine On
|
||
SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2,
|
||
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
||
SSLCertificateFile /path/<site FQDN>.crt
|
||
SSLCACertificateFile /path/<site FQDN>.crt
|
||
SSLCertificateKeyFile /path/<site FQDN>.key
|
||
WSGIScriptAlias / <WSGI script location>
|
||
WSGIDaemonProcess horizon user=<user> group=<group> processes=3 threads=10
|
||
Alias /static <static files location>
|
||
<Directory <WSGI dir>>
|
||
# For http server 2.2 and earlier:
|
||
Order allow,deny
|
||
Allow from all
|
||
|
||
# Or, in Apache http server 2.4 and later:
|
||
# Require all granted
|
||
</Directory>
|
||
</VirtualHost></screen>
|
||
<para>Compute API SSL endpoint in Apache2, which needs to be paired with
|
||
a short WSGI script.</para>
|
||
<screen>
|
||
<VirtualHost <ip address>:8447>
|
||
ServerName <site FQDN>
|
||
SSLEngine On
|
||
SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2,
|
||
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
||
SSLCertificateFile /path/<site FQDN>.crt
|
||
SSLCACertificateFile /path/<site FQDN>.crt
|
||
SSLCertificateKeyFile /path/<site FQDN>.key
|
||
WSGIScriptAlias / <WSGI script location>
|
||
WSGIDaemonProcess osapi user=<user> group=<group> processes=3 threads=10
|
||
<Directory <WSGI dir>>
|
||
# For http server 2.2 and earlier:
|
||
Order allow,deny
|
||
Allow from all
|
||
|
||
# Or, in Apache http server 2.4 and later:
|
||
# Require all granted
|
||
</Directory>
|
||
</VirtualHost></screen>
|
||
</section>
|
||
</section>
|
||
<section xml:id="ch020_ssl-everywhere-idp59152">
|
||
<title>HTTP Strict Transport Security</title>
|
||
<para>We recommend that all production deployments use HSTS. This header prevents browsers from making insecure connections after they have made a single secure one. If you have deployed your HTTP services on a public or an untrusted domain, HSTS is especially important. To enable HSTS, configure your web server to send a header like this with all requests:</para>
|
||
<screen>
|
||
Strict-Transport-Security: max-age=31536000; includeSubDomains</screen>
|
||
<para>Start with a short timeout of 1 day during testing, and raise it to one year after testing has shown that you haven't introduced problems for users. Note that once this header is set to a large timeout, it is (by design) very difficult to disable.</para>
|
||
</section>
|
||
</chapter>
|