on 22-Dec-2014 17:01
Encrypt everything. That's what Google Chairman Eric Schmidt recently said. His comments were in response to various surveillance efforts that he considered government overreach and censorship. His rationale...if you are going to spy on everything I send across the Internet, then I'll simply encrypt it all so you can't read it. Other companies like Facebook, Twitter, Yahoo, and many others have taken similar steps. In addition, Mark Nottingham (chairman of the group developing the new HTTP/2 protocol) said, "I believe the best way that we can meet the goal of increasing use of TLS on the Web is to encourage its use by only using HTTP/2 with https:// URIs."
With all this encryption momentum from giants in the industry, the HTTPS path has been paved and everyone who wants to stay relevant will have to get on board. So, the world is moving to "encrypt everything" and you want to follow suit. Unfortunately, there are many different options to consider when implementing SSL on your web server. Wouldn't it be nice to just have a checkbox that said "click here for SSL implementation"? It's not that simple.
Fortunately, there are many different web-based tools that allow you to score the effectiveness of your web server's SSL implementation. Many of these tools provide recommendations on how to improve your web server's security and make it stronger and more efficient. Some of these include Wormly, SSL Shopper, DigiCert, and GlobalSign to name a few. Some of these tools just give you basic certificate information while others dig a little deeper into performance and known vulnerability status. There's no magic formula or mandate that forces any of these tools to look at one thing over another, so they all test things a little bit differently.
That said, the undisputed industry thought leader in this space is Qualys SSL Labs. Qualys does a great job of conducting a comprehensive inspection of the SSL implementation on your web server. Some may question the need for having a good grade on the SSL Labs test, but imagine a customer checking, for example, their bank website and finding a bad grade for SSL implementation. If my bank had a failing grade on SSL implementation, it would certainly get my attention and it might make me think twice about moving my money and my business elsewhere. Even though an organization may not totally agree with the way Qualys approaches web server testing, it's still important to understand their testing methodology so as to align SSL implementation practices with their recommendations.
How does SSL Labs approach web server testing? They have a fairly short and easy to read SSL Server Rating Guide that outlines the exact methodology they use for testing. Their approach consists of 4 steps:
The final letter grade is based on the following overall numerical score:
Numerical Score |
Letter Grade |
>= 80 |
A |
>= 65 |
B |
>= 50 |
C |
>= 35 |
D |
>= 20 |
E |
< 20 |
F |
Who knew you could get an "E" grade?!? I'm pretty sure I've received every other letter grade on that scale at some point in my life, but never an E. By the looks of where it fits on the scale, I don't want to start now.
One other note about the grading scale...in certain situations the standard A-F grades are not quite applicable and are out of scope. To handle this, SSL Labs has introduced the "M" grade (certificate name mismatch) and the "T" grade (site certificate is not trusted). So, when you are reviewing your score and you see the "M" or the "T" you don't have to wonder what happened with the scoring results.
Anyway, let's quickly look at each of the 4 areas they test.
Three certificate types are currently in use: domain-validated, organization-validated, and extended-validation (EV) certificates. SSL Labs only requires that a certificate be correct and does not go beyond that basic requirement. They do recommend EV certificates for higher-value web sites but they have no way of knowing the purpose of each web site so they simply check to make sure the site's certificate is valid and trusted. However, they do note some certificate issues that will immediately result in a zero score:
The three criteria used for server configuration are protocol support (30% of grade), key exchange (30% of grade), and cipher strength (40% of grade).
Protocol support is graded against the following criteria:
Protocol |
Score |
SSL 2.0 |
0% |
SSL 3.0 |
80% |
TLS 1.0 |
90% |
TLS 1.1 |
95% |
TLS 1.2 |
100% |
They start with the score of the best protocol used on your web server and then add the score of the worst protocol and then divide the total by 2. This doesn't account for any protocols in between the best and worst on your site, but that's why it's important to understand how they calculate all this stuff. For example, if your site supports SSL 3.0, TLS 1.1, and TLS 1.2, your score would be (100 + 80) / 2 = 90. How would you increase that score? Well, if you continued support for TLS 1.1 and TLS 1.2 and dropped support for SSL 3.0, your score would move up to (100 + 95) / 2 = 97.5.
Key exchange is graded against the following criteria:
Key Exchange |
Score |
Weak key (Debian OpenSSL flaw) |
0% |
Anonymous key exchange (no authentication) |
0% |
Key or DH parameter strength < 512 bits |
20% |
Exportable key exchange (limited to 512 bits) |
40% |
Key or DH parameter strength < 1024 bits (e.g., 512) |
40% |
Key or DH parameter strength < 2048 bits (e.g., 1024) |
80% |
Key or DH parameter strength < 4096 bits (e.g., 2048) |
90% |
Key or DH parameter strength >= 4096 bits (e.g., 4096) |
100% |
Cipher strength is the final piece of the server configuration equation. Servers can support varying strengths of ciphers, so SSL Labs scores the cipher strength the same way they do the protocol strength...take the score of the strongest cipher, add the score of the weakest cipher, and divide by 2. The scores for each cipher are as follows:
Cipher Strength |
Score |
0 bits (no encryption) |
0% |
< 128 bits (e.g., 40, 56) |
20% |
< 256 bits (e.g., 128, 168) |
80% |
>= 256 bits (e.g., 256) |
100% |
Let's say your web server has the following configuration:
In this case, you would score a 92.5 for protocol support, a 90 for key exchange, and a 100 for cipher strength. Protocol support accounts for 30% of the overall grade, so you multiply 92.5 by 30%. Key exchange is also 30% of the overall grade, and cipher strength is 40% of the overall grade. Using these values, you would score a (92.5 * 30%) + (90 * 30%) + (100 * 40%) = 94.75. Converting this numerical score to a Letter Grade would yield an overall "A" score. Congratulations!
SSL Labs periodically changes their grading criteria and methodology based on changes in technology. Here are some changes that they have published (updated Feb 2018😞
If vulnerable to Ticketbleed (CVE-2016-9244), the grade is an automatic "F"
In addition to these updates, SSL Labs is planning to add more criteria changes in March, 2018. These include:
Hopefully you can start to see how your overall grade can change based on different options and configurations. As SSL Labs changes their grading criteria and testing methodology (i.e. will support for HTTP 2.0 be needed for an "A" grade in the future?) you should stay aware of what they are doing and how your web site is affected by their changes. It's important to check back periodically to see how your grade looks...your customers are certainly checking on you! After all, if you're gonna "encrypt everything" you might as well encrypt it correctly.
Knowing all this, you can more easily configure your web server to go from this grade...
To this grade...
Here's to great web site configurations, effective security, and A+ grades!
Here's a profile configuration that received an A+ grade recently:
ltm profile client-ssl {
app-service none
cert-key-chain { default { cert default.crt key default.key } }
ciphers !LOW:!SSLv3:!MD5:!RC4-SHA:!EXPORT:!DHE:ECDHE+AES-GCM:DHE+AES-GCM:ECDHE+AES:ECDHE-RSA-DES-CBC3-SHA:DHE+AES:AES-GCM+RSA:RSA+AES:RSA+3DES:@SPEED
defaults-from clientssl
inherit-certkeychain false
}
ltm policy {
controls { asm forwarding }
requires { http }
rules { default { actions { 0 {
http-header
response
insert
name Strict-Transport-Security
value max-age=15552000
} }
ordinal 0
} }
strategy first-match
GeneUWG - Try "DEFAULT:!3DES:!DHE"
DHE keys are 1024 on BIG-IP and that's fixed. And 3DES, while technically 168bit, is only 112bit strength due to well known attacks. Plus now there is Sweet32 which attacks 64bit block ciphers - like DES/3DES.
I also recommend against using '@SPEED'. That sorts based on performance - but weaker ciphers are faster, so guess which are preferred. Right. So don't use it - or use @STRENGTH instead for the strongest cipher first.