From: Jacob Champion <jchampion@apache.org>
Date: Mon, 22 Aug 2016 21:27:19 +0000 (+0000)
Subject: docs: rebuild
X-Git-Tag: 2.5.0-alpha~1216
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1e464ca8b6b3d189f99b9e37b9d7f3918daff88;p=thirdparty%2Fapache%2Fhttpd.git

docs: rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757281 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en
index 1c8ff75f3dc..a0c9ce32ce5 100644
--- a/docs/manual/ssl/ssl_howto.html.en
+++ b/docs/manual/ssl/ssl_howto.html.en
@@ -34,7 +34,7 @@ documentation, and arrive at a deeper understanding of the material,
 before progressing to the advanced techniques.</p>
 </div>
 <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#configexample">Basic Configuration Example</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher Suites and Enforcing Strong Security</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ciphersuites">Cipher Suites and Enforcing Strong Encryption</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ocspstapling">OCSP Stapling</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#accesscontrol">Client Authentication and Access Control</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
@@ -58,33 +58,91 @@ following directives.</p>
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
-<h2><a name="ciphersuites" id="ciphersuites">Cipher Suites and Enforcing Strong Security</a></h2>
+<h2><a name="ciphersuites" id="ciphersuites">Cipher Suites and Enforcing Strong Encryption</a></h2>
+
+
+<div class="warning">
+<p>"Strong encryption" is, and has always been, a moving target. Furthermore,
+the definition of "strong" depends on your desired use cases, your threat
+models, and your acceptable levels of risk. The Apache HTTP Server team cannot
+determine these things for you.</p>
+<p>For the purposes of this document, which was last updated in mid-2016,
+"strong encryption" refers to a TLS implementation which provides all of the
+following, in addition to the basic confidentiality, integrity, and authenticity
+protection that most users already expect:</p>
+<ul>
+<li>Perfect Forward Secrecy, which ensures that a compromise to a server's
+private key in the present does not compromise the confidentiality of past TLS
+communication.</li>
+<li>Protection from known attacks on older SSL and TLS implementations, such
+as <a href="https://en.wikipedia.org/wiki/POODLE">POODLE</a> and
+<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack">BEAST</a>.</li>
+<li>Support for the strongest ciphers available to modern (and up-to-date) web
+browsers and other HTTP clients.</li>
+<li><strong>Rejection</strong> of clients that cannot meet these requirements.
+In other words, "strong encryption" requires that out-of-date clients be
+completely unable to connect to the server, to prevent them from endangering
+their users. Whether or not this is appropriate for your situation is a decision
+that only you can make.</li>
+</ul>
+<p>Please note that strong <em>encryption</em> does not, by itself, ensure
+strong <em>security</em>. (As an example, HTTP compression oracle attacks such
+as <a href="https://en.wikipedia.org/wiki/BREACH_(security_exploit)">BREACH</a>
+may require further steps to mitigate.)</p>
+</div>
 
 <ul>
 <li><a href="#onlystrong">How can I create an SSL server which accepts strong encryption only?</a></li>
-<li><a href="#strongurl">How can I create an SSL server which accepts all types of ciphers in general, but
+<li><a href="#strongurl">How can I create an SSL server which accepts many types of ciphers in general, but
 requires a strong cipher for access to a particular URL?</a></li>
 </ul>
 
 <h3><a name="onlystrong" id="onlystrong">How can I create an SSL server which accepts strong encryption
 only?</a></h3>
 
-    <p>The following enables only the strongest ciphers:</p>
-    <pre class="prettyprint lang-config">SSLCipherSuite HIGH:!aNULL:!MD5</pre>
-
-
-    <p>While with the following configuration you specify a preference
-    for specific speed-optimized ciphers (which will be selected by
-    mod_ssl, provided that they are supported by the client):</p>
-
-    <pre class="prettyprint lang-config">SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
-SSLHonorCipherOrder on</pre>
-
-
-
-<h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts all types of ciphers
-in general, but requires a strong ciphers for access to a particular
-URL?</a></h3>
+    <p>The following configuration enables "strong encryption", as defined
+    above, and is derived from the Mozilla Foundation's
+    <a href="https://wiki.mozilla.org/Security/Server_Side_TLS">Server Side
+    TLS</a> requirements:</p>
+
+    <pre class="prettyprint lang-config"># "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration
+# Generator as of August 2016. This tool is available at
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
+# Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some
+# require OpenSSL 1.1.0, which as of this writing was in pre-release.
+SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder on
+SSLCompression      off
+SSLSessionTickets   off</pre>
+
+
+    <ul>
+    <li>SSL 3.0 and TLS 1.0 are susceptible to known attacks on the protocol;
+    they are disabled entirely.</li>
+    <li>Disabling TLS 1.1 is (as of August 2016) mostly optional; TLS 1.2
+    provides stronger encryption options, but 1.1 is not yet known to be broken.
+    Disabling 1.1 may mitigate attacks against some broken TLS
+    implementations.</li>
+    <li>Enabling <code class="directive"><a href="../mod/mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></code>
+    ensures that the server's cipher preferences are followed instead of the
+    client's.</li>
+    <li>Disabling <code class="directive"><a href="../mod/mod_ssl.html#sslcompression">SSLCompression</a></code>
+    prevents TLS compression oracle attacks (e.g.
+    <a href="https://en.wikipedia.org/wiki/CRIME">CRIME</a>).</li>
+    <li>Disabling <code class="directive"><a href="../mod/mod_ssl.html#sslsessiontickets">SSLSessionTickets</a></code>
+    ensures Perfect Forward Secrecy is not compromised if the server is not
+    restarted regularly.</li>
+    </ul>
+
+    <p>The exact ciphersuites supported in the
+    <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> line are determined
+    by your OpenSSL installation, not the server. You may need to upgrade to a
+    modern version of OpenSSL in order to use them.</p>
+
+
+<h3><a name="strongurl" id="strongurl">How can I create an SSL server which accepts many types of ciphers
+in general, but requires a strong cipher for access to a particular URL?</a></h3>
 
     <p>Obviously, a server-wide <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> which restricts
     ciphers to the strong variants, isn't the answer here. However,
@@ -92,13 +150,13 @@ URL?</a></h3>
     blocks, to give a per-directory solution, and can automatically force
     a renegotiation of the SSL parameters to meet the new configuration.
     This can be done as follows:</p>
-    <pre class="prettyprint lang-config"># be liberal in general
-SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
+    <pre class="prettyprint lang-config"># be liberal in general -- use Mozilla's "Intermediate" ciphersuites (weaker
+# ciphersuites may also be used, but will not be documented here)
+SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 
 &lt;Location "/strong/area"&gt;
-# but https://hostname/strong/area/ and below
-# requires strong ciphers
-SSLCipherSuite HIGH:!aNULL:!MD5
+# but https://hostname/strong/area/ and below requires strong ciphersuites
+SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
 &lt;/Location&gt;</pre>