On scope: default SSL/TLS settings shipped on various Linux distros for Apache 2.2.x

Reading a while ago the One-Fourth Of SSL Websites At Risk article published on darkREADING, the part with “ship with properly secure defaults” got me wanting to test one of the most popular web server, Apache(version 2.2.x) and see how various Linux distros or BSD(freeBSD, why see this) ship the default configuration of the SSL part(included mod_ssl).
Specifically basic settings were verified, nothing really advanced; the SSL/TLS protocols enabled by default(SSL 2.0 to be disabled as per RFC 6176), cipher suites enabled by default(if any weak or export ciphers suites are enabled), secure renegotiation patch support and the underlying OpenSSL version shipped with the OS.
I’m aware that other stuff might have been of interest, but due to the limited time just this was tested for now.

Were tested(listed in random order) with SSL Labs(SSL Report v1.0.80), all deployed as VMs in VMware ESXI 4.0:
- Ubuntu Server 10.10 and 11.04
- Fedora 14
- Debian 6
- Centos 5.6
- OpenSuse 11.4
- Red Hat Server 6.0
- Slackware 13.1
- FreeBSD 8.2
- Mandriva Server 5.6
- Suse Linux Enterprise Server 11 SP1
- Open Enterprise Server (OES) 2 SP3
- Apache 2.2.17 source build against OpenSSL 1.0.0d
- Apache 2.3.11 beta source build against OpenSSL 1.0.0d
- Gentoo was also on the test plan, but I’ve managed to screw the installation part and due to the time and number of commands needed just to install Gentoo(doh) I’ve put its test on hold.

Do note that the SSL Labs overall grades are not relevant as a self signed certificate was used.

The results are somehow mixed.
One might expect better results from the “paid” distros from Red Hat or Suse. However this is not the case.
Ubuntu Server 11.04 is on top, disabling by default SSL 2.0 support and weak/export cipher suite support(including for all MD5 based cipher suites), just ahead of Debian(not for long time though).
Interestingly, Ubuntu or Debian are also between the easiest servers to setup and enable a HTTPS web site.
Red Hat still enables some weak cipher suites.
Suse Linux Enterprise Server 11 SP1 fails to ship a proper SSL/TLS sample configuration in terms of SSL protocol cipher suites support(SSL 2.0 was enabled, as well as weak/export cipher suites).

Also were tested the source builds of Apache, as writing latest stable version 2.2.17 and the upcoming 2.3 version, as writing 2.3.11 beta source; both built against the latest version of OpenSSL 1.0.0d.
Why was done that ?
Because, apparently, some distros devs are “lazy” enough to just “copy and paste” the Apache SSL sample configuration file(or most of it) from the source code which will result in a poor default Apache SSL configuration for the end user.

On the source code build could be seen an improved SSL sample configuration file between 2.2.17 and 2.3.11 beta, but this is not enough; specifically the 2.3.11 beta one disables SSL 2.0 and weak/export cipher suites but if used against an OpenSSL 1.0.0 version with ECC support this will result in anonymous ECC DHE based cipher suites being enabled.
The SSLHonorCipherOrder directive is present but not enabled on the Apache SSL sample configuration file from 2.3.11 beta.
To be noted that none on the Apache versions shipped with the tested Linux distros or BSD do not have server side cipher suites preferences(enabled).
Screenshots of the SSL Labs result for 2.2.17 can be viewed here, while for 2.3.11 beta here.

SSL 3.0 and TLS 1.0 and AES based cipher suites are supported by all tested distros.
Unfortunately SSL 2.0 is still enabled by default on some distros.
One distro was found supporting the insecure renegotiation method.
DHE-RSA based cipher suites are enabled all tested distros, DHE key size is 1024-bit.

Distro SSL 2.0 Sec Reneg Insec Reneg Weak Export
Ubuntu Server n y n n n
Fedora 14 n y n n n
Debian 6 n y n n n
Centos 5.6 n y n y n
OpenSuse 11.4 y y n y y
Red Hat Server 6.0 n y n y y
Slackware 13.1 y y n y y
FreeBSD 8.2 y y n y y
Mandriva Server 5.6 n y n y y
Suse Linux Enterprise Server 11 SP1 y y n y y
Open Enterprise Server (OES) 2 SP3 y n y y y
Apache 2.2.17 source y y n y y
Apache 2.3.11 beta source y y n y y
Gentoo - - - - -

Ubuntu Server 10.10 and 11.04
Initially I tested Ubuntu Server 10.10(that’s why is included here) and later 11.04.

Just three commands were needed to have the default SSL site up and running on Ubuntu Server:
apt-get install apache2
a2enmod ssl
a2ensite default-ssl

OpenSSL 0.9.8o 01 Jun 2010 was the version on both 10.10 and 11.04.
Apache 2.2.16 was tested on 10.10 and Apache 2.2.17 on 11.04.
The difference between the two was that MD5 based cipher suites were disabled on Apache 2.2.17. Also the default certificate provided with Ubuntu 11.04 uses a 2048-bit RSA key.

Screenshots of the SSL Labs results for Ubuntu Server 10.10 can be viewed here, while for Ubuntu 11.04 here.
No weak/export cipher suites were enabled, SSL 2.0 was disabled and the secure renegotiation was supported.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit.

Debian 6.0(squeeze)
Just three commands were needed to have the default SSL site up and running on Debian:
apt-get install apache2
a2enmod ssl
a2ensite default-ssl

OpenSSL 0.9.8o 01 Jun 2010 was the version on Debian 6.
Apache 2.2.16 was tested.

Screenshots of the SSL Labs results for Debian 6 can be viewed here, the results are identical with the ones from Ubuntu Server 10.10.
No weak/export cipher suites were enabled, SSL 2.0 was disabled and the secure renegotiation was supported.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit.

Fedora 14
On Fedora is also easy to have a default SSL site up and running.

yum install httpd
yum install mod_ssl

For speed, I’ve used the system-config-httpd tool:

yum install system-config-httpd
/usr/bin/system-config-httpd

OpenSSL 1.0.0d-fips 8 Feb 2011 was the version on Fedora 14.
Apache 2.2.17 was tested.

Screenshots of the SSL Labs results for Fedora 14 can be viewed here, they are similar with the ones from CentOS 5.6 or Red Hat Server 6.0; SSL 2.0 was disabled, the secure renegotiation was supported, weak cipher suites(DES based) were enabled, export cipher suites were disabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit.

Red Hat Server 6.0
On Red Hat server is also easy to have a default SSL site up and running(the etc/httpd/conf.d/ssl.conf sample file was used).

OpenSSL 1.0.0-fips 29 Mar 2010 was the version on Red Hat Server 6.0.
Apache 2.2.15 was tested.

Screenshots of the SSL Labs results for Red Hat Server 6.0 can be viewed here, they are similar with the ones from Fedora 14 or CentOS 5.6; SSL 2.0 was disabled, the secure renegotiation was supported, weak cipher suites(DES based) were enabled, export cipher suites were disabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit.

CentOS 5.6
On CentOS server is also easy to have a default SSL site up and running(the etc/httpd/conf.d/ssl.conf sample file was used).

yum install httpd
yum install mod_ssl

OpenSSL 1.0.0d-fips 8 Feb 2011 was the version on CentOS 5.6.
Apapche 2.2.3(httpd-2.2.3-45.el5.centos.i386) was tested.

Screenshots of the SSL Labs results for CentOS 5.6 can be viewed here, they are similar with the ones from Fedora 14 or Red Hat Server 6.0; SSL 2.0 was disabled, the secure renegotiation was supported, weak cipher suites(DES based) were enabled, export cipher suites were disabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit.

OpenSuse 11.4
Did not encounter major issues either in quickly have a default SSL site up and running on OpenSuse 11.4.

yast2 -i apache2
vi /etc/sysconfig/apache2 –> add the SSL flag to: APACHE_SERVER_FLAGS="SSL"
/usr/bin/gensslcert
cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/mySSL-host.conf
vi /etc/apache2/vhosts.d/mySSL-host.conf

OpenSSL 1.0.0c 2 Dec 2010 was the version from OpenSuse 11.4.
Apache 2.2.17 was tested.

Screenshots of the SSL Labs results for OpenSuse 11.4 can be viewed here, the default configuration is pretty bad; SSL 2.0 was enabled, the secure renegotiation was supported, weak cipher suites(DES based) and export cipher suites(including RC2 based ones) were enabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit(512-bit for the export ones).

Suse Linux Enterprise Server 11 SP1
Did not encounter major issues either in quickly have a default SSL site up and running on Suse Linux Enterprise Server 11 SP1.

yast2 -i apache2
vi /etc/sysconfig/apache2 –> add the SSL flag to: APACHE_SERVER_FLAGS="SSL"
/usr/bin/gensslcert
cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/mySSL-host.conf
vi /etc/apache2/vhosts.d/mySSL-host.conf

OpenSSL 0.9.8h 28 May 2008 was the version from Suse Linux Enterprise Server 11 SP1.
apache 2.2.10(apache2-2.2.10-2.24.5.i586.rpm) was tested.

Screenshots of the SSL Labs results for Suse Linux Enterprise Server 11 SP1 can be viewed here, the default configuration is pretty bad; SSL 2.0 was enabled, the secure renegotiation was supported, weak cipher suites(DES based) and export cipher suites(including RC2 based ones) were enabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit(512-bit for the export ones).

Open Enterprise Server (OES) 2 SP3
Did not encounter major issues either in quickly have a default SSL site up and running on Open Enterprise Server (OES) 2 SP3.

yast2 -i apache2
vi /etc/sysconfig/apache2 –> add the SSL flag to: APACHE_SERVER_FLAGS="SSL"
/usr/bin/gensslcert
cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/mySSL-host.conf
vi /etc/apache2/vhosts.d/mySSL-host.conf

OpenSSL 0.9.8a 11 Oct 2005 was the version from Open Enterprise Server (OES) 2 SP3/
Apache 2.2.3 was tested.

Screenshots of the SSL Labs results for Open Enterprise Server (OES) 2 SP3 can be viewed here, the default configuration is pretty bad; SSL 2.0 was enabled, the secure renegotiation was not supported(instead the insecure client side initiated one was detected), weak cipher suites(DES based) and export cipher suites(including RC2 based ones) were enabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit(512-bit for the export ones).

Slackware 13.1
The default /etc/httpd/extra/httpd-ssl.conf file was used on Slackware 13.1.

OpenSSL 0.9.8n 24 Mar 2010 was the version from Slackware 13.1.
Apache 2.2.15 was tested.

Screenshots of the SSL Labs results for Slackware 13.1 can be viewed here, the default configuration is pretty bad; SSL 2.0 was enabled, the secure renegotiation was supported, weak cipher suites(DES based) and export cipher suites(including RC2 based ones) were enabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit(512-bit for the export ones).

FreeBSD 8.2
The default /usr/local/etc/apache/extra/httpd-ssl.conf file was used on FreeBSD 8.2.

pkg_add -r apache22

OpenSSL 0.9.8q 2 Dec 2010 was the version from FreeBSD 8.2.
Apache 2.2.17 was tested.

Screenshots of the SSL Labs results for FreeBSD 8.2 can be viewed here, the default configuration is pretty bad; SSL 2.0 was enabled, the secure renegotiation was supported, weak cipher suites(DES based) and export cipher suites(including RC2 based ones) were enabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit(512-bit for the export ones).

Mandriva Server 5.2
The default/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf file was used on Mandriva server 5.2.

urpmi apache-mod_ssl

OpenSSL 0.9.8h 28 May 2008 was the version from Mandriva Server 5.6.
Apache 2.2.15 was tested.

Screenshots of the SSL Labs results for Mandriva Server 5.2 can be viewed here, they are similar with the ones from Fedora 14 or Red Hat Server 6.0; SSL 2.0 was disabled, the secure renegotiation was supported, weak cipher suites(DES based) were enabled, export cipher suites were disabled.
DHE-RSA based cipher suites are enabled, DHE key size is 1024-bit.

Comments (1) -

  • nice!
Comments are closed