Making the Key Exchange stronger


#1

Hello, I got my let’s encrypt certificate working perfectly, however, I tried running an SSL Test and it said that I should try getting a new certificate with 4096-bit RSA key and use 4096-bit Diffie-Hellman parameters and 384-bit elliptic curve (secp384r1).

Is this possible?
If yes, how do I get it?

Thanks,
Tiferrei


#2

Ad Diffie Hellman parameters: https://weakdh.org/sysadmin.html (Or disable all non-elliptic curve DH cipher suits altogether. You should decide for yourself ofcourse, but from the top of my head I don’t know any client with DH support which doesn’t support ECDH. And DH has quite the performance penalty compared to its elliptic curve brothers…)

Ad elliptic curves: I’ve got the following in a “default” SSL configuration file for Apache 2.4:

SSLOpenSSLConfCmd ECDHParameters Automatic
SSLOpenSSLConfCmd Curves secp521r1:secp384r1:prime256v1

I don’t know for sure if the second part is really necessary, but this two lines make sure the right elliptic curve is chosen from the curves the client can handle: i.e., Chrome and IE don’t do secp521r1, but by including the other two (prime256v1 for legacy browsers) and setting ECDHParameters to Automatic, the highest possible curve is selected.

Ad RSA key size: you can just generate a new certificate with the --rsa-key-size 4096 switch (or set it in cli.ini) if you haven’t run into any rate limit issues recently.


#3

So for the elliptical curves I just have to add those lines in my virtual host config file?


#4

Yes, assuming your OpenSSL supports those curves… (Probably it does, but doesn’t hurt to check by running openssl ecparam -list_curves)

You can read more about the command in the Apache documentation: SSLOpenSSLConfCmd Directive

The set of available SSLOpenSSLConfCmd commands depends on the OpenSSL version being used for mod_ssl (at least version 1.0.2 is required). For a list of supported command names, see the section Supported configuration file commands in the SSL_CONF_cmd(3) manual page for OpenSSL.


#5

This is the output:

secp112r1 : SECG/WTLS curve over a 112 bit prime field
  secp112r2 : SECG curve over a 112 bit prime field
  secp128r1 : SECG curve over a 128 bit prime field
  secp128r2 : SECG curve over a 128 bit prime field
  secp160k1 : SECG curve over a 160 bit prime field
  secp160r1 : SECG curve over a 160 bit prime field
  secp160r2 : SECG/WTLS curve over a 160 bit prime field
  secp192k1 : SECG curve over a 192 bit prime field
  secp224k1 : SECG curve over a 224 bit prime field
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
  prime192v2: X9.62 curve over a 192 bit prime field
  prime192v3: X9.62 curve over a 192 bit prime field
  prime239v1: X9.62 curve over a 239 bit prime field
  prime239v2: X9.62 curve over a 239 bit prime field
  prime239v3: X9.62 curve over a 239 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field
  sect113r1 : SECG curve over a 113 bit binary field
  sect113r2 : SECG curve over a 113 bit binary field
  sect131r1 : SECG/WTLS curve over a 131 bit binary field
  sect131r2 : SECG curve over a 131 bit binary field
  sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
  sect163r1 : SECG curve over a 163 bit binary field
  sect163r2 : NIST/SECG curve over a 163 bit binary field
  sect193r1 : SECG curve over a 193 bit binary field
  sect193r2 : SECG curve over a 193 bit binary field
  sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect239k1 : SECG curve over a 239 bit binary field
  sect283k1 : NIST/SECG curve over a 283 bit binary field
  sect283r1 : NIST/SECG curve over a 283 bit binary field
  sect409k1 : NIST/SECG curve over a 409 bit binary field
  sect409r1 : NIST/SECG curve over a 409 bit binary field
  sect571k1 : NIST/SECG curve over a 571 bit binary field
  sect571r1 : NIST/SECG curve over a 571 bit binary field
  c2pnb163v1: X9.62 curve over a 163 bit binary field
  c2pnb163v2: X9.62 curve over a 163 bit binary field
  c2pnb163v3: X9.62 curve over a 163 bit binary field
  c2pnb176v1: X9.62 curve over a 176 bit binary field
  c2tnb191v1: X9.62 curve over a 191 bit binary field
  c2tnb191v2: X9.62 curve over a 191 bit binary field
  c2tnb191v3: X9.62 curve over a 191 bit binary field
  c2pnb208w1: X9.62 curve over a 208 bit binary field
  c2tnb239v1: X9.62 curve over a 239 bit binary field
  c2tnb239v2: X9.62 curve over a 239 bit binary field
  c2tnb239v3: X9.62 curve over a 239 bit binary field
  c2pnb272w1: X9.62 curve over a 272 bit binary field
  c2pnb304w1: X9.62 curve over a 304 bit binary field
  c2tnb359v1: X9.62 curve over a 359 bit binary field
  c2pnb368w1: X9.62 curve over a 368 bit binary field
  c2tnb431r1: X9.62 curve over a 431 bit binary field
  wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls12: WTLS curvs over a 224 bit prime field
  Oakley-EC2N-3: 
	IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
	Not suitable for ECDSA.
	Questionable extension field!
  Oakley-EC2N-4: 
	IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
	Not suitable for ECDSA.
	Questionable extension field!

#6

What a very nice output.


#7

Are you being ironic or will it work? :smiley:


#8

Sarcastic even :wink:

I assume you’re able to determine yourself if it will work or not?

I’m more than happy to help anyone, but a little effort of one self is much appreciated.

As a wise man some time a go once said: if you give a man a fish, he can eat for a day. If you teach him to fish, he can eat for the rest of his life.

If someone gives you an example, advise or something like the sorts, in my opinion you shouldn’t right away ask again for help, but you should analyse/dissect the example/advise: read every manual and documentation of the commands you don’t already know. What the heck does the ecparam command of OpenSSL actually do. Don’t immediately run back to the forum you got the advice from: you’ll never learn/grow from that. Learn to be autodidactic.


#9

Sure! Sorry, I actually understand you, (IT retail support).
I just couldn’t understand because it said “Questionable extension field”, not incompatible or compatible, just questionable, also, not suitably doesn’t always means that it won’t work, it depends on what it isn’t suitable for…

So I’m a bit confused! xD


#10

“Questionable extension field” is only applicable for the two bottom curves from your output.


#11

Ah yes, sorry, then most of them are compatible just not the Oakley-EC2N-3 and Oakley-EC2N-4 ones, right?

Do you happen to know any manual or guide for beginners on this area? That would be really helpful as you can see… :slightly_smiling:


#12

From the OpenSSL ‘man’ page for ecparam:

-list_curves
If this options is specified ecparam will print out a list of all currently implemented EC parameters names and exit.

But in practive you’ll only need the three specified earlier, as that are the only three curves supported in the major browsers, where the 521 bit variant isn’t even supported in Chrome/IE. See the SSLLabs list of client information for curve support in all kinds of clients. Theoretically, you could add a big list of curves, for example, the list for the “Android 4.2.2” “Internet” browser (note: not Chrome app): “sect571r1, sect571k1, secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1, secp256k1, secp256r1, sect239k1, sect233k1, sect233r1, secp224k1, secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1, sect163r1, sect163r2, secp160k1, secp160r1, secp160r2” (note: the “secp256r1” listed here is “prime256v1” in OpenSSL), but one can argue if that’s very usefull.

As for a guide: I don’t know any. I came across those above commands with some Google searches and it happens to work on my setup :stuck_out_tongue:


#13

Ah ok, well I think I got it now. Thank you for your time and patience!


#14

I think there is a problem, I did everything as said, but when I try restarting the server it gives me this:

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

Is it possible that I have some module missing?


#15

What are your versions of Apache & OpenSSL?


#16

Apache:

Server version: Apache/2.4.7 (Ubuntu)
Server built:   Oct 14 2015 14:25:36

OpenSSL

OpenSSL 1.0.1f 6 Jan 2014


#17

Then both the software versions are too old to support SSLOpenSSLConfCmd.


#18

But I can update them, right?
What is the right version I should use? on OpenSSL download’s page I have these:


#19

That’s up to you and your server.

You should use your distributions package manager.


#20

Yes, I tried sudo apt-get update openssl but it says it’s already on the latest version…
So I’m compiling from source.

But my Apache version is OK isn’t it?