Configuring TLS is not as easy as it should be. To begin with, different programs use different options to configure certificates, and are inconsistent with how chain certificates are specified. More importantly, server programs come with a myriad collection of security settings, and most programs do not ship with the most secure defaults. While application developers could certainly do a better job picking defaults, it's a tricky problem, because defaults that are secure when a version is released might later be rendered insecure by newly-discovered attacks. No one knew that SSLv3 needed to be disabled until POODLE was discovered.
In an effort to encourage better TLS deployment, there have been a number of guides published over the last year for configuring TLS, such as Mozilla's Server Side TLS Guide. Mozilla's guide is a great resource for securely configuring TLS, and tells you exactly what cipher and protocol settings you should use. Wouldn't it be great to have it at the tip of your fingers, right after you've purchased a certificate and are setting up TLS?
You can now have just that, thanks to the new
sslmate mkconfig command.
Just tell it the type of software and name of the certificate you're configuring:
sslmate mkconfig apache www.sslmate.com
It will output not only the directives to configure your SSLMate certificate, but also the security settings recommended by Mozilla's TLS guide:
SSLCertificateKeyFile /etc/sslmate/www.sslmate.com.key SSLCertificateFile /etc/sslmate/www.sslmate.com.crt SSLCertificateChainFile /etc/sslmate/www.sslmate.com.chain.crt # Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLHonorCipherOrder on SSLCompression off # Enable this if you want HSTS (recommended) # Header add Strict-Transport-Security "max-age=15768000"
These settings can be copy-and-pasted, or redirected by your shell, straight into your server's configuration file. The paths to your SSLMate key and certificate files are even filled in for you.
We're using the Mozilla guide's "Intermediate Compatibility" security settings. These settings prefer ciphers with forward secrecy, disable broken options like SSLv3 and compression, and disable insecure ciphers like RC4, while providing the slow-but-safe 3DES for older clients. In all, these settings provide excellent security while preserving compatibility with a broad range of clients, all the way back to Firefox 1, Chrome 1, IE 7, Opera 5, and Safari 1. When used with recent server software, these settings should earn you an "A" grade from the SSL Labs Server Test.
Configuration templates are currently available for the following software:
...with more to come (they're on GitHub if you want to open a pull request).
sslmate mkconfig requires at least SSLMate 0.6.2, which was
released today. Consult
sslmate help mkconfig or
man sslmate for advanced