Nginx centos build only supports SSLv3 and ignores ssl_protocols

hi all,

i have several nginx sites, and as i try to deploy ssl, i am having
issues with ssl_protocols

ssl_session_cache off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;
…

this configuration can then be tested with:
https://testssl.sh/testssl.sh

SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
SPDY/NPN http/1.1 (advertised)

so SSLv3 is still offered and SSLv1.2 is not offered.

any ideas on how to get the ssl_protocols to be parsed and respected
by nginx?

thanks

m

this probably depends on the underlaying openssl-version from your os.
what does ‘openssl version’ says?

if you want nginx with newer openssl-version you can build a custom
nginx
witth
openssl statically linked

https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#workaround-for-outdated-openssl-versions

regards,

mex

Posted at Nginx Forum:

On 10/01/2014 02:33 PM, mex wrote:

regards,

mex

hi mex,

thanks for your note – i totally forgot to give specifics:

• CentOS 6.5, x64, totally up2date
• OpenSSL 1.0.1e-fips 11 Feb 2013
• nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
• openssl-1.0.1e-16.el6_5.15.x86_64
• openssl-devel-1.0.1e-16.el6_5.15.x86_64

i did rebuild your src rpm on my machine, and it sill wont support any
TLS versions …

thanks

m

thanks for your note – i totally forgot to give specifics:

• CentOS 6.5, x64, totally up2date
• OpenSSL 1.0.1e-fips 11 Feb 2013
• nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
• openssl-1.0.1e-16.el6_5.15.x86_64
• openssl-devel-1.0.1e-16.el6_5.15.x86_64

i did rebuild your src rpm on my machine, and it sill wont support any TLS
versions …

post the output of the following commands:
which nginx (use is this path instead of /path/to/nginx)
/path/to/nginx -V
ldd /path/to/nginx

and specify if this is with your src build or with the prebuild binary.

On 10/01/2014 04:54 PM, Lukas T. wrote:

which nginx (use is this path instead of /path/to/nginx)
/path/to/nginx -V
ldd /path/to/nginx

and specify if this is with your src build or with the prebuild binary.

hi lukas,

here we go:

[root ~]# /usr/sbin/nginx -V
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
–lock-path=/var/run/nginx.lock
–http-client-body-temp-path=/var/cache/nginx/client_temp
–http-proxy-temp-path=/var/cache/nginx/proxy_temp
–http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
–http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
–http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx
–group=nginx --with-http_ssl_module --with-http_realip_module
–with-http_addition_module --with-http_sub_module
–with-http_dav_module --with-http_flv_module --with-http_mp4_module
–with-http_gunzip_module --with-http_gzip_static_module
–with-http_random_index_module --with-http_secure_link_module
–with-http_stub_status_module --with-http_auth_request_module
–with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
–with-http_spdy_module
–with-cc-opt=’-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic’

[root ~]# ldd /usr/sbin/nginx
linux-vdso.so.1 => (0x00007fff1d5ff000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ca7ec3000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f5ca7c8c000)
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f5ca7a5f000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f5ca77f3000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f5ca7413000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ca720e000)
libz.so.1 => /lib64/libz.so.1 (0x00007f5ca6ff8000)
libc.so.6 => /lib64/libc.so.6 (0x00007f5ca6c64000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5ca80ea000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f5ca69ec000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
(0x00007f5ca67a8000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f5ca64c2000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f5ca62bd000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f5ca6091000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0
(0x00007f5ca5e86000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f5ca5c82000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f5ca5a68000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5ca5848000)

cheers

m

TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered

No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or the call itself can be #ifdef’ed out.

iirc, openssl 1.0.1e should be able to provide tls 1.2, so
it seems quite strange

It may be:

• the nginx centos 6 RPM is linked against openssl 0.9.8 AND
• when using a source build, you didn’t stop and start the correct
  executable AND/OR
• you have some library mismatch/mess on your system

If you don’t care about the possible mess on your system and want a fast
fix,
just build it statically, as previously suggested.

Regards,

Lukas

btw, it seems impossible to have

…
ssl_protocols TLSv1.2;
…

and a testresult of

SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered

are you sure you have tested the right machine?

i’d suggest you run the testssl.sh - script against
https://localhost:443
on the machine where you build nginx.

iirc, openssl 1.0.1e should be able to provide tls 1.2, so
it seems quite strange

Posted at Nginx Forum:

On 10/01/2014 08:45 PM, Lukas T. wrote:

TLSv1 not offered

• the nginx centos 6 RPM is linked against openssl 0.9.8 AND
• when using a source build, you didn’t stop and start the correct executable
  AND/OR
• you have some library mismatch/mess on your system

If you don’t care about the possible mess on your system and want a fast fix,
just build it statically, as previously suggested.

hi lukas, hi mex,

• there is definetely something strange – this is a vanilla install –
  for testing – i installed apache on the same machine and ran it on port
  444 for an ssl host. it works as expected. that would seem to indicate
  the ssl libraries, etc, are in good shape.

• if you point a mozilla firefox 32.0.3 to this site, you get:

Secure Connection Failed

An error occurred during a connection to domain.com. SSL peer selected a cipher
suite disallowed for the selected protocol version. (Error code:
ssl_error_cipher_disallowed_for_version)

The page you are trying to view cannot be shown because the authenticity of 

the received data could not be verified.

Please contact the website owners to inform them of this problem.

• i am going to generate some different certs – mine are insane – 4096
  key, 4096 dh, sha512 sig – perhaps the problem lies there. although,
  why would apache work and not nginx?

will report back tomorrow.

thanks!

m

On Wed, 2014-10-01 at 22:45 +0200, mayak wrote:

SSLv3 offered
It may be:

Please contact the website owners to inform them of this problem.

• i am going to generate some different certs – mine are insane – 4096 key,
  4096 dh, sha512 sig – perhaps the problem lies there. although, why would apache
  work and not nginx?

will report back tomorrow.

thanks!

m

I find that SSL Server Test (Powered by Qualys SSL Labs) provides a good breakdown
of what a site is offering. I certainly used it to fine tune my SSL
setup. I generally use CentOS 6/Amazon, but do use the nginx repo when
not building from source for pagespeed. This repo certainly offers all
the way up to TLS 1.2 if enabled.

Cheers,

Steve

Steve H. BSc(Hons) MIITP

Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

Hi. Visit https://www.ssllabs.com/ssltest/viewMyClient.html and check
out “Protocol Details → Signature algorithms”. I expect you’ll find
that your browser doesn’t offer SHA512/RSA.

Judging from a recent discussion on the IETF TLS list [1], there seems
to be some confusion over whether the TLS signature_algorithms extension
should 1) restrict the permitted certificate signature algorithms and
the non-certificate uses of digital signatures in the TLS protocol or 2)
only restrict the non-certificate uses of digital signatures in the TLS
protocol.

Those taking view 2 don’t offer SHA512/RSA because no cipher suites
require it. I’ve concluded that, sadly, certs signed with SHA512/RSA
basically don’t work for TLS.

[1] Re: [TLS] signature_algorithms extension definition

On 02/10/14 07:00, mayak wrote:

thanks!

m

–
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

On 10/02/2014 02:49 PM, Rob Stradling wrote:

Hi. Visit https://www.ssllabs.com/ssltest/viewMyClient.html and check out
“Protocol Details → Signature algorithms”. I expect you’ll find that your
browser doesn’t offer SHA512/RSA.

Judging from a recent discussion on the IETF TLS list [1], there seems to be
some confusion over whether the TLS signature_algorithms extension should 1)
restrict the permitted certificate signature algorithms and the non-certificate
uses of digital signatures in the TLS protocol or 2) only restrict the
non-certificate uses of digital signatures in the TLS protocol.

Those taking view 2 don’t offer SHA512/RSA because no cipher suites require it.
I’ve concluded that, sadly, certs signed with SHA512/RSA basically don’t work for
TLS.

[1] Re: [TLS] signature_algorithms extension definition
hi rob,

the offer was checked using openssl binary command within the
https://testssl.sh/testssl.sh script – the openssl binary is
openssl-1.0.2-beta1

i agree – nginx cannot handle an sha512 signed cert and will only offer
sslv3. apache does offer tlsv1.* with an sha512 signature. this question
goes beyond my comprehension of ssl, so i am going to live with sha256
– strong enough to quench my paranoiac thirst

cheers

m

hi all,

indeed – i generated a new set of certs and tested:

a signature of sha256 results in TLSv* begin offered
a signature of sha512 results in TLSv* not being offered
certs with 4096 bit keys work fine

i suspect that there is a variable that is not long enough to support
the signature …

thanks!

m