我使用Erlang Mochiweb作为带SSL的Http服务器。 Mochiweb使用纯Erlang SSL库。
如何配置erlang ssl以支持Forward Secrecy? 有关SSL Forward Secrecy的更多信息:https://en.wikipedia.org/wiki/Forward_secrecy
答案 0 :(得分:2)
我正在使用带有openssl 1.0.2a的Erlang / OTP 17(erlang需要openssl用于密码,但不需要握手或协议,所以理论上它应该支持所有openssl支持的密码),因此它的SSL模块支持完美的前向保密默认。 但它也支持一些不安全的协议或密码,如sslv3或des,或者像rc4这样的弱密码默认情况下。 SSLlabs ssltest将为您提供默认选项的等级C. 您可能希望禁用不安全协议和密码。
并且,默认情况下,erlang ssl模块确实遵守客户端的密码套首选项。这将使一些IE使用RSA密钥交换,因为这些版本更喜欢RSA密钥交换而不是ECDHE(参见:https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8-10&platform=Win%207)。您需要{honor_cipher_order, true}才能使用服务器的首选项。您需要手动调整密码套件的首选顺序以满足您的需求。 PFS默认订单不完全排名。
如果您拥有对客户端的控制权(例如您自己的应用程序而非浏览器),并且您真的只想要PFS,则可以禁用rsa密钥交换。
erlang的示例escript和选项是: 我没有重新订购密码套件。
对于mochiweb,您可以将这些选项添加到ssl_opts。
#!/usr/bin/env escript
% these ciphers will got A- on ssllabs's ssltest.
% Because as mentioned above, some version's IE prefers non-PFS key exchange.
% And got A if {honor_cipher_order, true} is set.
% No manual adjusting needed to get A, because the first ciphersuite is PFS-enabled and supported by IEs.
% So you need to adjust orders to fit whatever you needed.
secure_ciphers() -> secure_ciphers(ssl:cipher_suites()).
% It includes insecure and weak ciphers, so it should get low rank on ssltest
pfs_ciphers() -> pfs_ciphers(ssl:cipher_suites()).
% Rank A on ssllabs' ssltest, all modern client is using perfect forward secrecy key-exchange
% but some client without PFS support will fail to handshake.
pfs_secure_ciphers() ->
sets:to_list(sets:intersection(sets:from_list(secure_ciphers()), sets:from_list(pfs_ciphers()))).
secure_ciphers([]) -> [];
secure_ciphers([{_, rc4_128, _} | T]) -> secure_ciphers(T);
secure_ciphers([{_, des_cbc, _} | T]) -> secure_ciphers(T);
secure_ciphers([{dhe_rsa, _, _} | T]) -> secure_ciphers(T);
secure_ciphers([{_, _, md5} | T]) -> secure_ciphers(T);
secure_ciphers([H | T]) -> [H | secure_ciphers(T)].
pfs_ciphers([]) -> [];
pfs_ciphers([{dhe_dss, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([{dhe_rsa, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([{ecdhe_ecdsa, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([{ecdhe_rsa, _, _} = H | T]) -> [H | pfs_ciphers(T)];
pfs_ciphers([_ | T]) -> pfs_ciphers(T).
accept(S) ->
{ok, Q} = ssl:transport_accept(S),
spawn(fun() -> accept(S) end),
ssl:ssl_accept(Q),
receive
Msg ->
io:format("~p~n", [Msg]),
ssl:send(Q, <<"HTTP/1.0 200 OK\r\n\r\nHello World\r\n">>),
ssl:close(Q)
end.
main(_) ->
ssl:start(),
{ok, P} = ssl:listen(443, [{certfile, "./aa.crt"}, {keyfile, "./aa.key"}, {ciphers, pfs_secure_ciphers()}, {versions, [tlsv1, 'tlsv1.1', 'tlsv1.2']}, {dhfile, "./dh4096.pem"}]),
accept(P),
receive
stop ->
ok
end.