In preparation for deploying HTTPS to this site I did some back-and-forth about compatibility and support verses security. Another aspect that comes in to this is performance , and ultimately performance loss when using the more secure cipher-suites. Although to be honest I don't think the TLS performance will be inhibited that much on my site...
So the end result (for now) is an A+ on the SSL Labs SSL Server Test. It's a decent indicator when you review the more intricate details, however I'm not convinced that the end grading is what people should be aiming for as a end-result.
In my attempt to enforce some level of security and compatibility I have decided to opt for TLSv1.1 and TLSv1.2 support, disregarding SSL entirely (for obvious reasons) along with TLSv1.0. I'm not really worried about mitigating BEAST server-side, as most clients already do some level of mitigation (and both server and client need to be vulnerable for any attack to be remotely feasible). In reality I just want to be among the people that are looking forward!
Notable support for the protocols include:
- Secure renegotiation
- Forward Secrecy
- OCSP stapling (not required, but useful)
- HTTP Strict Transport Security (HSTS)
For the SSL/TLS settings I used the following:
SSL cache set to 10MB as a shared cache:
To set the protocol support:
ssl_protocols TLSv1.1 TLSv1.2; (Alternatively use TLSv1 to support it)
Timeout for client reuse of parameters in the cache:
In the end the support for Cipher-Suites was a difficult choice. It was a clear choice of having a secure Diffie Helman key configured (I used 4096 bit, probably over-kill), with the supported suites using a mixture of DH and Elliptical Curve DH:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH 256 bits FS256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH 256 bits FS128
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 4096 bits FS256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 4096 bits FS128
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH 256 bits FS256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH 256 bits FS256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 4096 bits FS256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 4096 bits FS256
Using Nginx the config property for the above is:
To create a DH key:
openssl dhparam -out /etc/ssl/certs/dhparam2048.pem 2048
Now the whole compatibility aspect comes in to play with this section of the test - namely, I wasn't looking for backwards-compatibility. Anyone visiting this site will likely be using a modern browser or device that supports TLSv1.2, or at the very least TLSv1.1, so I accounted for that. Anyone else reading this needs to update their devices and software as soon as possible.
TLSv1.2 is supported by all modern browsers, so if you're using Internet Explorer 10 or Android 4.3 then you're out of luck. To be honest, the only person utilising the encryption for this site is me anyway.
To get the A+ rating ultimately you'll need to have HSTS (HTTP Strict Transport Security) enabled, which I do.
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";