SSL options
(1) By anonymous on 2025-01-07 22:26:03 [source]
I realise that the best is often the enemy of the good regarding HTTPS implementations, and that the aim here is acceptable security, and not getting an A+ rating on an SSL report.
However, one wonders if it would be reasonable to improve on the default settings of the SSL library that you are using, which is not difficult to do to some useful effect.
// Disable older TLS/SSL versions
SSL_CTX_set_min_proto_version(tlsState.ctx, TLS1_2_VERSION);
SSL_CTX_set_max_proto_version(tlsState.ctx, TLS1_3_VERSION);
// Use secure cipher suites
SSL_CTX_set_cipher_list(tlsState.ctx, "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384");
// Enable secure options
SSL_CTX_set_options(tlsState.ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
There are various other possibilities, such as including CHACHA20-POLY1305.
Clearly this runs the risk of very old clients failing to connect; however security is an illusion with very old ciphers, so this is probably of benefit overall.
This seems to work locally with all browsers and fossil clients, but wider testing obviously important.
(2) By drh on 2025-01-08 12:14:40 in reply to 1 [link] [source]
The OpenSSL library I use is compiled via the instructions for Fossil shown at https://fossil-scm.org/home/wiki?name=Release+Build+How-To. In particular, OpenSSL is configured with options "no-ssl3" and "no-weak-ssl-ciphers". How much of your enhanced security is covered by these compile-time options to OpenSSL?
(3) By Stephan Beal (stephan) on 2025-01-08 12:30:35 in reply to 2 [link] [source]
How much of your enhanced security is covered by these compile-time options to OpenSSL?
My (mis?)understanding is that the question is as much about whether to do this in althttpd as much as it is about making the same change in fossil.
(5) By anonymous on 2025-01-08 13:13:06 in reply to 3 [link] [source]
Ah indeed, I wasn't even considering fossil.
This is when using althttpsd (and obviously then applies to any servers hosted behind this HTTPS termination).
I presume, but have never checked, that there is significant sharing of networking code between the two projects.
(4) By anonymous on 2025-01-08 13:11:35 in reply to 2 [link] [source]
This is substantially helpful.
However, the sqlite.org site still allows cyphers without forward secrecy, for example.
See the link in my original post.
By adding the configuration to althttpd's import and configuration of the SSL library, this is done when the server is build on anyone's workstation, with the standard OpenSSL install.
It can be improved further in fact, this is more about the principle.
For example, perhaps no change at all is desired.
(6) By anonymous on 2025-01-08 14:50:41 in reply to 4 [link] [source]
If it is desired however, something as trivial as the below diff (against 07d1ade99f) is effective.
Index: althttpd.c
==================================================================
--- althttpd.c
+++ althttpd.c
@@ -1872,10 +1872,17 @@
&& 0==strcmp("unsafe-builtin", zCertFile);
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
tlsState.ctx = SSL_CTX_new(SSLv23_server_method());
+ // Disable older TLS/SSL versions
+ SSL_CTX_set_min_proto_version(tlsState.ctx, TLS1_2_VERSION);
+ SSL_CTX_set_max_proto_version(tlsState.ctx, TLS1_3_VERSION);
+ // Use secure cipher suites
+ SSL_CTX_set_cipher_list(tlsState.ctx, "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384");
+ // Enable secure options
+ SSL_CTX_set_options(tlsState.ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
if( tlsState.ctx==0 ){
ERR_print_errors_fp(stderr);
Malfunction(501, /* LOG: Error initializing the SSL Server */
"Error initializing the SSL server");
}
(7) By drh on 2025-01-08 18:14:54 in reply to 6 [link] [source]
Something similar to the above has been installed on the server for:
Please report any problems.
(8) By anonymous on 2025-01-08 18:44:52 in reply to 7 [link] [source]
Thank you, that's a noticeable improvement in security. No problems to report with my local test suite of old phones, old laptops etc.
(9) By drh on 2025-01-09 20:27:00 in reply to 8 [link] [source]
I got email reports of people unable to reach https://sqlite.org/ after making this change. So I've commented it out for the time being.
(10) By anonymous on 2025-01-09 22:57:24 in reply to 9 [link] [source]
Fair enough. Thank you.
(11) By anonymous on 2025-01-10 08:44:58 in reply to 9 [link] [source]
Were the failures attributable to any particular operating system / software combination?
It is likely that such failures are due to the use of exceedingly outdated software. Knowledge of the ongoing use of which could be used to facilitate the most sensible subset of cypher methods.
I would be happy to set up a testing server for checking without risking the sqlite domain being unreachable...!
(12) By drh on 2025-01-10 12:27:27 in reply to 11 [link] [source]
The complainant was running a 2018 version of Firefox.
I routinely power up and run machines that are far older than 2018 myself - machines that have been powered off in a closet for years. So it does not seem unreasonable to me to expect that older web browsers would still work. 2018 wasn't all that long ago.
The "extra security" changes are commented out, not removed. You can change the "#if 0" to "#if 1" to turn them on if you think the extra security is important to your own websites.
(13) By anonymous on 2025-01-10 13:02:21 in reply to 12 [link] [source]
Again, I don't disagree. If someone wishes to use a seven year old configuration on the open internet that is their own concern, and I agree that 2018 is not particularly old.
I certainly have taken advantage of the #if barrier and am running a tighter server for my own sites; their use case is different to your own certainly.
Thank you for the indulgence as well as for some truly excellent lightweight server software.
I hope no significant inconveniences befell any users of your websites in the meantime. Certainly my apologies if that proved otherwise.
I'll leave it at that, I think.