Erlang SSL Forward Secrecy

时间:2014-10-24 20:09:34

标签: ssl erlang mochiweb

我使用Erlang Mochiweb作为带SSL的Http服务器。 Mochiweb使用纯Erlang SSL库。

如何配置erlang ssl以支持Forward Secrecy? 有关SSL Forward Secrecy的更多信息:https://en.wikipedia.org/wiki/Forward_secrecy

1 个答案:

答案 0 :(得分:2)

我正在使用带有openssl 1.0.2a的Erlang / OTP 17(erlang需要openssl用于密码,但不需要握手或协议,所以理论上它应该支持所有openssl支持的密码),因此它的SSL模块支持完美的前向保密默认。 但它也支持一些不安全的协议或密码,如sslv3或des,或者像rc4这样的弱密码默认情况下。 SSLlabs ssltest将为您提供默认选项的等级C. 您可能希望禁用不安全协议和密码

并且,默认情况下,erlang ssl模块确实遵守客户端的密码套首选项。这将使一些IE使用RSA密钥交换,因为这些版本更喜欢RSA密钥交换而不是ECDHE(参见:https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8-10&platform=Win%207)。您需要{honor_cipher_order, true}才能使用服务器的首选项。您需要手动调整密码套件的首选顺序以满足您的需求。 PFS默认订单完全排名。

如果您拥有对客户端的控制权(例如您自己的应用程序而非浏览器),并且您真的只想要PFS,则可以禁用rsa密钥交换。

erlang的示例escript和选项是: 我没有重新订购密码套件。

对于mochiweb,您可以将这些选项添加到ssl_opts。

#!/usr/bin/env escript

% these ciphers will got A- on ssllabs's ssltest.
% Because as mentioned above, some version's IE prefers non-PFS key exchange.
% And got A if {honor_cipher_order, true} is set.
% No manual adjusting needed to get A, because the first ciphersuite is PFS-enabled and supported by IEs.
% So you need to adjust orders to fit whatever you needed.
secure_ciphers() -> secure_ciphers(ssl:cipher_suites()). 


% It includes insecure and weak ciphers, so it should get low rank on ssltest
pfs_ciphers() -> pfs_ciphers(ssl:cipher_suites()). 

% Rank A on ssllabs' ssltest, all modern client is using perfect forward secrecy key-exchange   
% but some client without PFS support will fail to handshake.
pfs_secure_ciphers() ->  
        sets:to_list(sets:intersection(sets:from_list(secure_ciphers()), sets:from_list(pfs_ciphers()))). 

secure_ciphers([]) -> [];
secure_ciphers([{_, rc4_128, _} | T]) -> secure_ciphers(T);
secure_ciphers([{_, des_cbc, _} | T]) -> secure_ciphers(T);
secure_ciphers([{dhe_rsa, _, _} | T]) -> secure_ciphers(T);
secure_ciphers([{_, _, md5} | T]) -> secure_ciphers(T);
secure_ciphers([H | T]) -> [H | secure_ciphers(T)].


pfs_ciphers([]) -> [];
pfs_ciphers([{dhe_dss, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([{dhe_rsa, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([{ecdhe_ecdsa, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([{ecdhe_rsa, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([_ | T]) -> pfs_ciphers(T).

accept(S) ->
        {ok, Q} = ssl:transport_accept(S),
        spawn(fun() -> accept(S) end),
        ssl:ssl_accept(Q),
        receive
                Msg ->
                        io:format("~p~n", [Msg]),
                        ssl:send(Q, <<"HTTP/1.0 200 OK\r\n\r\nHello World\r\n">>),
                        ssl:close(Q)
        end.

main(_) ->
        ssl:start(),
        {ok, P} = ssl:listen(443, [{certfile, "./aa.crt"}, {keyfile, "./aa.key"}, {ciphers, pfs_secure_ciphers()}, {versions, [tlsv1, 'tlsv1.1', 'tlsv1.2']}, {dhfile, "./dh4096.pem"}]),
        accept(P),
        receive
                stop ->
                        ok
        end.