我应该如何着手升级到1.2 TLS？ [英] How should I proceed with upgrading to TLS 1.2?

问题描述

我们得到了来自Authorize.NET一些技术更新此电子邮件。我试图找出需要做什么，但我的技能缺乏在这方面，我可以利用一些帮助。他们在他们的电子邮件四个要点：

1. 在更新完成于9月21日，即通过api.authorize.net无法验证SHA-2签名的证书将无法连接到Authorize.Net的服务器连接任何网站或支付解决方案。

   我们的服务器使用SHA-1，但我们有一个GoDaddy的证书已安装使用SHA-2。




2. 在今年10月，由于系统的更新，这将是可能接收Authorize.Net标识（交易ID，批次ID等）是不按顺序。

   我不认为，这将影响到我们。




3. 正如你可能已经知道，新的PCI DSS要求规定，所有的支付系统必须在2016年6月30日，禁用TLS 1.0要确保我们符合提前那天起，我们将禁用TLS 1.0第一在沙箱环境，然后在我们的生产环境。这两个日期仍有待确定，但请确保您的解决方案是尽快ppared这种变化尽可能$ P $。

我知道我们需要将我们的服务器将OpenSSL升级。这是我们目前有...

 当前版本推荐取决于
TLS 1.0 1.2
OpenSSL的0.9.8h 1.0.1
PHP 5.2.6 5.6打开SSL 1.0.1
阿帕奇2.2.10 2.4
Linux操作系统SUSE企业版SUSE企业版
             服务器11服务器12
Drupal的6.9 7.39 mysql的5.0.15 / PHP 5.4
MySQL的5.0.67 5.6 SUSE Enterprise Server的12（x86_64的）
phpMyAdmin的3.3.3 4.4.14.1 PHP 5.3.7 / 5.5的MySQL
 

解决方案

  

我应该如何着手升级到1.2 TLS？

要符合技术要求，它足以为使用OpenSSL的1.0.1或1.0.2。两者都提供TLS 1.2，两个平凡提供SHA-256。 （还有其他隐藏的应验，像OpenSSL的1.0.0不提供EC齿轮的充分的恭维和TLS 1.2密码套件的全部恭维，但1.0.1和1.0.2一样）。

在使用OpenSSL的你C- code，所有你需要的SSL环境或会话中要做到：

/ *没用的返回值？ * /
SSL_library_init（）;常量SSL_METHOD *方法= SSLv23_method（）;
如果（NULL ==法）handleFailure（）;SSL_CTX * CTX = SSL_CTX_new（法）;
如果（CTX == NULL）handleFailure（）;/ *不能不？ * /
常量长标志= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | \\
    SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_COM preSSION;
的SSL_CTX_set_options（CTX，旗）;


对于Apache样的服务器配置，使用类似以下内容（包括矿山 +使用TLSv1 + TLSv1.1 ）

＃从我的CentOS生产服务器
SSLProtocol -all + TLSv1.2工作


---

您或许应该倾向于密码套件了。为此，在C- code：

为const char CIHPHER_LIST [] =HIGH：A零位：RC4：MD5/ *确保至少有一个密码套件增加，这表明非失败* /
INT RC = SSL_CTX_set_cipher_list（CTX，CIHPHER_LIST）;
如果（（RC＆GT;！= 1））handleFailure（）;


和以类似Apache的配置文件：

＃从我的CentOS生产服务器
HIGH的SSLCipherSuite：A零位：MD5：RC4


的如果的你想避免RSA密钥传输（TLS 1.3移除），则：

的SSLCipherSuite HIGH：A零位：MD5：RC4：kRSA


当您删除RSA密钥传输，你是pretty用临时密钥交换协议所剩无几（模密码套件像PSK和SRP）。

如果你想明确地使用临时密钥交换，那么你就需要像 kEECDH：kECDHE：KDHE：kEDH：A零位。请参见 OpenSSL的密码（1） 手册页了解更多详情。

我在字里行间，但是TLS 1.2的要求可能有事情做与认证加密，而像GCM操作模式。为此，使用 OpenSSL的密码（1）再次：

$ OpenSSL的密码-vHIGH：A零位！| grep的GCM
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2工作的Kx = ECDH金= RSA恩奇= AESGCM（256）的Mac = AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2工作的Kx = ECDH金= ECDSA恩奇= AESGCM（256）的Mac = AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2工作的Kx = DH金= DSS恩奇= AESGCM（256）的Mac = AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2工作的Kx = DH金= RSA恩奇= AESGCM（256）的Mac = AEAD
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2工作的Kx = ECDH / RSA金= ECDH恩奇= AESGCM（256）的Mac = AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2工作的Kx = ECDH / ECDSA金= ECDH恩奇= AESGCM（256）的Mac = AEAD
AES256-GCM-SHA384 TLSv1.2工作的Kx = RSA金= RSA恩奇= AESGCM（256）的Mac = AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2工作的Kx = ECDH金= RSA恩奇= AESGCM（128）的Mac = AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2工作的Kx = ECDH金= ECDSA恩奇= AESGCM（128）的Mac = AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2工作的Kx = DH金= DSS恩奇= AESGCM（128）的Mac = AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2工作的Kx = DH金= RSA恩奇= AESGCM（128）的Mac = AEAD
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2工作的Kx = ECDH / RSA金= ECDH恩奇= AESGCM（128）的Mac = AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2工作的Kx = ECDH / ECDSA金= ECDH恩奇= AESGCM（128）的Mac = AEAD
AES128-GCM-SHA256 TLSv1.2工作的Kx = RSA金= RSA恩奇= AESGCM（128）的Mac = AEAD


或者

$ OpenSSL的密码-vHIGH：A零位！| grep的GCM | grep的-v的Kx = RSA|切-d-f 1
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256


除了指定 HIGH的：A零位：MD5：RC4：kRSA ，你可以做到以下几点：

为const char CIPHER_LIST [] =
    ECDHE-RSA-AES256-GCM-SHA384
    ECDHE-ECDSA-AES256-GCM-SHA384
    DHE-DSS-AES256-GCM-SHA384
    DHE-RSA-AES256-GCM-SHA384
    ECDH-RSA-AES256-GCM-SHA384
    ECDH-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES128-GCM-SHA256
    ECDHE-ECDSA-AES128-GCM-SHA256
    DHE-DSS-AES128-GCM-SHA256
    DHE-RSA-AES128-GCM-SHA256
    ECDH-RSA-AES128-GCM-SHA256
    ECDH-ECDSA-AES128-GCM-SHA256/ *确保至少有一个密码套件增加，这表明非失败* /
INT RC = SSL_CTX_set_cipher_list（CTX，CIPHER_LIST）;
如果（（RC＆GT;！= 1））handleFailure（）;


如果你看看 AES256-GCM-SHA384 密码套件，你会看到使用密钥传输（ Kx的= RSA ），所以你可能希望避免它，即使它的TLS 1.2。 HECE它的的grep -v 的原因。

有关完整性，金= RSA 的罚款。它只是意味着服务器使用的RSA密钥只签名。而在实践中，金= DSS 很少使用，所以OpenSSL的将删除密码套件如果没有DSS键。

---

现在，困很可能得到一个发行版，提供了最新的OpenSSL 1.0.2的和的提供长期支持。我的CentOS的机器不提供，所以我不得不从源构建它，然后重新生成每个依赖于OpenSSL的，而玩那些愚蠢的 R-路径游戏库或程序

在你的情况，看起来像了Apache，PHP的Drupal，MySQL和phpAdmin（有没有人真正使用时的安全性是一个问题:)和朋友。

We got this email from Authorize.NET about some technical updates. I am trying to figure out what needs to be done, but my skills are lacking in this area and I could use some help. They had four main points in their email:

1. After the update is complete on September 21st, any website or payment solution that connects via api.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net's servers.

   Our server uses SHA-1, but we have a GoDaddy Certificate Installed that uses SHA-2.

2. In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.

   I don't think this one will affect us.

3. As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible.

I know we will need to upgrade OpenSSL on our server. This is what we currently have...

Current     Version          Recommended       Depends On
TLS         1.0              1.2    
OpenSSL     0.9.8h           1.0.1  
PHP         5.2.6            5.6               Open SSL 1.0.1
Apache      2.2.10           2.4    
Linux OS    SUSE Enterprise  SUSE Enterprise 
             Server 11        Server 12 
Drupal      6.9              7.39              Mysql 5.0.15/PHP 5.4
MySQL       5.0.67           5.6               SUSE Enterprise Server 12 (x86_64)
phpMyAdmin  3.3.3            4.4.14.1          PHP 5.3.7/MySQL 5.5

解决方案

How should I proceed with upgrading to TLS 1.2?

To meet the technical requirements, its sufficient to use either OpenSSL 1.0.1 or 1.0.2. Both provide TLS 1.2, and both trivially provide SHA-256. (There are other hidden fulfillments, like OpenSSL 1.0.0 does not provide the full compliment of EC gear and the full compliment of TLS 1.2 cipher suites, but 1.0.1 and 1.0.2 does).

In your C-Code that uses OpenSSL, all you need to do for the SSL Context or Session:

/* Useless return value ??? */
SSL_library_init();

const SSL_METHOD* method = SSLv23_method();
if(NULL == method) handleFailure();

SSL_CTX* ctx = SSL_CTX_new(method);
if(ctx == NULL) handleFailure();

/* Cannot fail ??? */
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | \
    SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);

For Apache-like server configurations, use something like the following (mine includes +TLSv1 +TLSv1.1):

# From my CentOS production server
SSLProtocol -all +TLSv1.2

---

You should probably tend to cipher suites, too. For that, in C-code:

const char CIHPHER_LIST[] = "HIGH:!aNULL:!RC4:!MD5"

/* Ensure at least one cipher suite is added, which indicates non-failure */
int rc = SSL_CTX_set_cipher_list(ctx, CIHPHER_LIST);
if(!(rc >= 1)) handleFailure();

And in an Apache-like configuration file:

# From my CentOS production server
SSLCipherSuite HIGH:!aNULL:!MD5:!RC4

If you want to avoid RSA key transport (TLS 1.3 is removing it), then:

SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!kRSA

When you remove RSA key transport, you are pretty much left with ephemeral key exchange protocols (modulo cipher suites like PSK and SRP).

If you want to explicitly use ephemeral key exchanges, then you will need something like kEECDH:kECDHE:kDHE:kEDH:!aNULL. See openssl ciphers(1) man page for more details.

I'm reading between the lines, but the TLS 1.2 requirement probably has something to do with authenticated encryption, and modes of operation like GCM. For that, use openssl ciphers(1) again:

$ openssl ciphers -v 'HIGH:!aNULL' | grep GCM
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD

Or:

$ openssl ciphers -v 'HIGH:!aNULL' | grep GCM | grep -v "Kx=RSA"  | cut -d " " -f 1
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256

Instead of specifying HIGH:!aNULL:!MD5:!RC4:!kRSA, you can do the following:

const char CIPHER_LIST[] =
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "DHE-DSS-AES256-GCM-SHA384:"
    "DHE-RSA-AES256-GCM-SHA384:"
    "ECDH-RSA-AES256-GCM-SHA384:"
    "ECDH-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    "DHE-DSS-AES128-GCM-SHA256:"
    "DHE-RSA-AES128-GCM-SHA256:"
    "ECDH-RSA-AES128-GCM-SHA256:"
    "ECDH-ECDSA-AES128-GCM-SHA256:"

/* Ensure at least one cipher suite is added, which indicates non-failure */
int rc = SSL_CTX_set_cipher_list(ctx, CIPHER_LIST);
if(!(rc >= 1)) handleFailure();

If you look at the AES256-GCM-SHA384 cipher suite, you'll see uses key transport (Kx=RSA), so you may want to avoid it even though its TLS 1.2. Hece the reason for the grep -v on it.

For completeness, Au=RSA is fine. It just means the server uses its RSA key for signing only. And in practice, Au=DSS is rarely used, so OpenSSL will remove the cipher suite if there's no DSS key.

---

Now, the hardship is probably getting a distro that provides the latest OpenSSL 1.0.2 and provides the long term support. My CentOS machines don't provide it, so I have to build it from sources, and then rebuild every library or program that depends upon OpenSSL while playing those stupid r-path games.

In your case, that looks like Apache, PHP, Drupal, MySQL, phpAdmin (does anyone really use that when security is a concern :) and friends.

这篇关于我应该如何着手升级到1.2 TLS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！