diff --git a/README-SUSE.txt b/README-SUSE.txt new file mode 100644 index 0000000..5eecbcb --- /dev/null +++ b/README-SUSE.txt @@ -0,0 +1,85 @@ +Fri Nov 8 00:00:00 CET 2013 - draht + +README-SUSE.txt for apache2-mod_nss +============================================================================== +Rationale: + +The apache2-mod_nss package was added to the SLES11 codebase to satisfy the +increased demand for a TLSv1.2 capable crypto solution for the apache +webserver, as an enhancement in parallel to the mod_ssl package that comes +with the apache2 package set. + +SSL/TLS support in the apache2 package is normally provided by mod_ssl, the +apache module that provides SSL/TLS using the openssl crypto suite. The +specific version in SLES11-SP2 and newer is "0.9.8j", which support TLS of +version 1.0 only. TLSv1.2 can only be provided by versions that are not +compatible with the large variety of packages contained in SLES. The +alternative is to make use of the crypto routines provided by mozilla-nss. + +The configuration of mod_nss is similar to that of mod_ssl, but some the +individual options expect different values; as a consequence, a simple +conversion of option names does not work as desired. + +------------------------------------------------------------------------------ +Converting SSL/TLS certificates: + +Because mod_nss uses a database format for the server and CA certificates +and the private key, existing mod_ssl-based certificates need to be converted +to be used by mod_nss. +The SUSE package apache2-mod_nss contains the perl script + /usr/sbin/mod_nss_migrate.pl +that can do that work for you. It may lead to satisfactory results, but in +case it doesn't, here is what it does when it converts mod_ssl to mod_nss +key/certificate storage: + +# we make a backup. Good practice... +old /etc/apache2/mod_nss.d +# initialize the database; this creates a NEW database! +certutil -N -d /etc/apache2/mod_nss.d +# convert the existing openssl key and the certificate to pkcs#12 format, uses temporary password "foo": +openssl pkcs12 -export -in your_certificate_file.crt -inkey your_keyfile.key -out server.p12 -name \"Server-Cert\" -passout pass:foo +# import the pkcs#12 file into the freshly created NSS database, again temporary password "foo": +pk12util -i server.p12 -d /etc/apache2/mod_nss.d -W foo +# the last step: -n specifies a name that the certificate can be referred to +# in an easy way from within apache config files; you may use a name of your +# choice, provided you use the same string to reference it in mod_nss. +# Often, the subject of a certificate is used for this. +# set SUBJECT=your_subject from the output of "openssl x509 -subject -in your_certificate_file.crt" +# certutil -A -n $SUBJECT -t \"CT,,\" -d /etc/apache2/mod_nss.d -i your_ca_certificate.pem + +You are basically done now. +Use the command + + certutil -d /etc/apache2/mod_nss.d -L + +to list the certificates contained in the NSS database. +More options of the certutil utility are shown with + + certutil -h # short help + certutil --help # longer help + +------------------------------------------------------------------------------ +TLS versions: + +This package has a direct dependency on mozilla-nss of version 3.15.1 or +higher, as TLSv1.2 support first came with this version. The specification of +TLS versions is done with the NSSProtocol directive in apache. Contrary to +the SSLProtocol option from mod_ssl, the NSSProtocol directive specifies a +range of versions, not a list. +The default configuration file that comes with the apache2-mod_nss package +is /etc/apache2/conf.d/mod_nss.conf and reads as follows: +NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 + +Please note that SSLv2 support is not provided by mod_nss. If you require +the deprecated SSLv2 protocol, you may need to revert to mod_ssl. + + + +Please read through the comments on top of the file +/etc/apache2/conf.d/mod_nss.conf for more information about usage and +configuration of mod_nss. + + +Thank you, +Roman Drahtmueller + diff --git a/apache2-mod_nss.changes b/apache2-mod_nss.changes index 2d8e8d4..5d1bd0f 100644 --- a/apache2-mod_nss.changes +++ b/apache2-mod_nss.changes @@ -1,3 +1,65 @@ +------------------------------------------------------------------- +Tue Feb 18 16:31:45 CET 2014 - draht@suse.de + +- mod_nss-cipherlist_update_for_tls12-doc.diff + mod_nss-cipherlist_update_for_tls12.diff + GCM mode and Camellia ciphers added to the supported ciphers list. + The additional ciphers are: + rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256 + rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + [bnc#863035] + +------------------------------------------------------------------- +Fri Nov 29 16:30:07 CET 2013 - draht@suse.de + +- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566: + If 'NSSVerifyClient none' is set in the server / vhost context + (i.e. when server is configured to not request or require client + certificate authentication on the initial connection), and client + certificate authentication is expected to be required for a + specific directory via 'NSSVerifyClient require' setting, + mod_nss fails to properly require certificate authentication. + Remote attacker can use this to access content of the restricted + directories. [bnc#853039] + +------------------------------------------------------------------- +Fri Nov 8 20:46:07 CET 2013 - draht@suse.de + +- glue documentation added to /etc/apache2/conf.d/mod_nss.conf: + * simultaneaous usage of mod_ssl and mod_nss + * SNI concurrency + * SUSE framework for apache configuration, Listen directive + * module initialization +- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in + or mod_nss.conf, respectively. This also leads to the removal of + nss.conf.in specific chunks in mod_nss-negotiate.patch and + mod_nss-tlsv1_1.patch . +- mod_nss_migrate.pl conversion script added; not patched from + source, but partially rewritten. +- README-SUSE.txt added with step-by-step instructions on how to + convert and manage certificates and keys, as well as a rationale + about why mod_nss was included in SLES. +- package ready for submission [bnc#847216] + +------------------------------------------------------------------- +Tue Nov 5 15:45:08 CET 2013 - draht@suse.de + +- generic cleanup of the package: +- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support + came with this version - this is the objective behind this + version update of apache2-mod_nss. Tracker bug [bnc#847216] +- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid + ambiguously interpreted name of directory. +- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if + /etc/apache2/alias exists. +- set explicit filemodes 640 for %post generated *.db files in + /etc/apache2/mod_nss.d + ------------------------------------------------------------------- Fri Aug 2 08:29:35 UTC 2013 - meissner@suse.com diff --git a/apache2-mod_nss.spec b/apache2-mod_nss.spec index f20fd6a..d5504a2 100644 --- a/apache2-mod_nss.spec +++ b/apache2-mod_nss.spec @@ -1,7 +1,7 @@ # # spec file for package apache2-mod_nss # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,14 +21,19 @@ Summary: SSL/TLS module for the Apache HTTP server License: Apache-2.0 Group: Productivity/Networking/Web/Servers Version: 1.0.8 -Release: 0 +Release: 0.4. Url: http://directory.fedoraproject.org/wiki/Mod_nss Source: http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz +Source1: mod_nss.conf.in +Source2: listen_nss.conf +Source3: mod_nss_migrate.pl +Source4: README-SUSE.txt Provides: mod_nss -Requires: apache2 >= 2.0.52 +Requires: apache2 >= 2.2.12 Requires: findutils -Requires(post): mozilla-nss-tools -BuildRequires: apache2-devel >= 2.0.52 +Requires: mozilla-nss >= 3.15.1 +PreReq: mozilla-nss-tools +BuildRequires: apache2-devel >= 2.2.12 BuildRequires: bison BuildRequires: findutils BuildRequires: flex @@ -36,10 +41,12 @@ BuildRequires: gcc-c++ BuildRequires: libapr-util1-devel BuildRequires: libapr1-devel BuildRequires: mozilla-nspr-devel >= 4.6.3 -BuildRequires: mozilla-nss-devel >= 3.12.6 +BuildRequires: mozilla-nss-devel >= 3.15.1 +BuildRequires: mozilla-nss-tools BuildRequires: pkgconfig # [bnc#799483] Patch to adjust mod_nss.conf to match SUSE dir layout -Patch1: mod_nss-conf.patch +# Fri Nov 8 14:10:04 CET 2013 - draht: patch disabled, nss.conf.in is now scratch. +#Patch1: mod_nss-conf.patch Patch2: mod_nss-gencert.patch Patch3: mod_nss-wouldblock.patch Patch4: mod_nss-negotiate.patch @@ -58,6 +65,9 @@ Patch14: mod_nss-no_shutdown_if_not_init_2.patch Patch15: mod_nss-PK11_ListCerts_2.patch Patch16: mod_nss-sslmultiproxy.patch Patch17: mod_nss-overlapping_memcpy.patch +Patch18: mod_nss-CVE-2013-4566-NSSVerifyClient.diff +Patch19: mod_nss-cipherlist_update_for_tls12.diff +Patch20: mod_nss-cipherlist_update_for_tls12-doc.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apxs /usr/sbin/apxs2 %define apache apache2 @@ -66,6 +76,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apache_includedir %(%{apxs} -q INCLUDEDIR) %define apache_serverroot %(%{apxs} -q PREFIX) %define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN) +%define apache_sysconf_nssdir %{apache_sysconfdir}/mod_nss.d %description The mod_nss module provides strong cryptography for the Apache Web @@ -75,22 +86,25 @@ security library. %prep %setup -q -n mod_nss-%{version} -%patch1 -p1 -b .conf -%patch2 -p1 -b .gencert -%patch3 -p1 -b .wouldblock -%patch4 -p1 -b .negotiate -%patch5 -p1 -b .reverseproxy -%patch6 -p1 -b .pcachesignal.h -%patch7 -p1 -b .reseterror -%patch8 -p1 -b .lockpcache -%patch10 -p1 -b .proxyvariables -%patch11 -p1 -b .tlsv1_1 -%patch12 -p1 -b .array_overrun -%patch13 -p1 -b .clientauth.patch -%patch14 -p1 -b .no_shutdown_if_not_init_2 -%patch15 -p1 -b .PK11_ListCerts_2 -%patch16 -p1 -b .sslmultiproxy -%patch17 -p1 -b .overlapping_memcpy +#%patch1 -p1 -b .conf.rpmpatch +%patch2 -p1 -b .gencert.rpmpatch +%patch3 -p1 -b .wouldblock.rpmpatch +%patch4 -p1 -b .negotiate.rpmpatch +%patch5 -p1 -b .reverseproxy.rpmpatch +%patch6 -p1 -b .pcachesignal.h.rpmpatch +%patch7 -p1 -b .reseterror.rpmpatch +%patch8 -p1 -b .lockpcache.rpmpatch +%patch10 -p1 -b .proxyvariables.rpmpatch +%patch11 -p1 -b .tlsv1_1.rpmpatch +%patch12 -p1 -b .array_overrun.rpmpatch +%patch13 -p1 -b .clientauth.rpmpatch +%patch14 -p1 -b .no_shutdown_if_not_init_2.rpmpatch +%patch15 -p1 -b .PK11_ListCerts_2.rpmpatch +%patch16 -p1 -b .sslmultiproxy.rpmpatch +%patch17 -p1 -b .overlapping_memcpy.rpmpatch +%patch18 -p0 -b .CVE-2013-4566.rpmpatch +%patch19 -p0 -b .ciphers.rpmpatch +%patch20 -p0 -b .ciphers.doc.rpmpatch # keep this last, otherwise we get fuzzyness from above %if 0%{?suse_version} >= 1300 @@ -111,6 +125,10 @@ NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss` # For some reason mod_nss can't find nss on SUSE unless we do the following C_INCLUDE_PATH="/usr/include/nss3:/usr/include/nspr4:/usr/include/apache2-prefork/" export C_INCLUDE_PATH +# no more patching a config file... +cp -a %{SOURCE1} ./nss.conf.in +cp -a %{SOURCE4} . +chmod 644 ./nss.conf.in #autoreconf -fvi %configure \ --with-nss-lib=$NSS_LIB_DIR \ @@ -118,6 +136,7 @@ export C_INCLUDE_PATH --with-nspr-lib=$NSPR_LIB_DIR \ --with-nspr-inc=$NSPR_INCLUDE_DIR \ --with-apxs=%{apxs} \ + --enable-ecc \ --with-apr-config make %{?_smp_mflags} all @@ -128,22 +147,24 @@ make %{?_smp_mflags} all mkdir -p $RPM_BUILD_ROOT/%{apache_libexecdir} mkdir -p $RPM_BUILD_ROOT%{apache_sysconfdir}/conf.d mkdir -p $RPM_BUILD_ROOT%{_sbindir} -mkdir -p $RPM_BUILD_ROOT%{apache_sysconfdir}/alias +mkdir -p $RPM_BUILD_ROOT%{apache_sysconf_nssdir} %if 0%{?suse_version} perl -pi -e "s|\@apache_lib\@|%{_libdir}\/apache2|g" nss.conf %endif -install -m 644 nss.conf $RPM_BUILD_ROOT%{apache_sysconfdir}/conf.d/ -install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{apache_libexecdir} +install -m 644 nss.conf $RPM_BUILD_ROOT%{apache_sysconfdir}/conf.d/mod_nss.conf +install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{apache_sysconfdir}/listen_nss.conf +install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{apache_libexecdir}/mod_nss.so install -m 755 nss_pcache $RPM_BUILD_ROOT%{_sbindir}/ install -m 755 gencert $RPM_BUILD_ROOT%{_sbindir}/ +install -m 755 %{SOURCE3} $RPM_BUILD_ROOT%{_sbindir}/ -#ln -s $RPM_BUILD_ROOT/%%{apache_libexecdir}/libnssckbi.so $RPM_BUILD_ROOT%%{apache_sysconfdir}/alias/ -touch $RPM_BUILD_ROOT%{apache_sysconfdir}/alias/secmod.db -touch $RPM_BUILD_ROOT%{apache_sysconfdir}/alias/cert8.db -touch $RPM_BUILD_ROOT%{apache_sysconfdir}/alias/key3.db -touch $RPM_BUILD_ROOT%{apache_sysconfdir}/alias/install.log +#ln -s $RPM_BUILD_ROOT/%%{apache_libexecdir}/libnssckbi.so $RPM_BUILD_ROOT%%{apache_sysconf_nssdir}/ +touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/secmod.db +touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/cert8.db +touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/key3.db +touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/install.log perl -pi -e "s:$NSS_LIB_DIR:$NSS_BIN:" $RPM_BUILD_ROOT%{_sbindir}/gencert %clean @@ -152,30 +173,63 @@ rm -rf $RPM_BUILD_ROOT %post umask 077 if [ "$1" -eq 1 ] ; then - if [ ! -e %{apache_sysconfdir}/alias/key3.db ]; then - %{_sbindir}/gencert %{apache_sysconfdir}/alias > %{apache_sysconfdir}/alias/install.log 2>&1 + # this is first time installation. + if [ ! -e %{apache_sysconf_nssdir}/key3.db ]; then + %{_sbindir}/gencert %{apache_sysconf_nssdir} > %{apache_sysconf_nssdir}/install.log 2>&1 echo "" echo "%{name} certificate database generated." echo "" fi # Make sure that the database ownership is setup properly. - find %{apache_sysconfdir}/alias -user root -name "*.db" -exec /bin/chgrp www {} \; - find %{apache_sysconfdir}/alias -user root -name "*.db" -exec /bin/chmod g+r {} \; + find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chgrp www {} \; + find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chmod 640 {} \; +fi +if [ "$1" -eq 2 ]; then + # this is the upgrade case for this %post: + if [ -d %{apache_sysconfdir}/alias ]; then + copied_files="" + for dbfile in *.db; do + if [ ! -f %{apache_sysconf_nssdir}/"$dbfile" -a -f "$dbfile" ]; then + cp -a "$dbfile" %{apache_sysconf_nssdir}/"$dbfile" + copied_files="$copied_files $dbfile" + fi + done + if [ "$copied_files" != "" ]; then + { + echo "This notice was written by the post-install script of the package" + echo "%{name}." + echo "" + echo "The files $copied_files" + echo "have been copied to the directory %{apache_sysconf_nssdir}," + echo "as this directory is not referenced by the default configuration any longer," + echo "and because these files did not exist in %{apache_sysconf_nssdir}." + echo "Existing files have not been modified." + echo "" + echo "Please check your configuration and remove or move your certificate and" + echo "key storage to your desired place, and adjust your module configuration" + echo "accordingly." + echo "" + echo "Thank you." + } > %{apache_sysconfdir}/alias/README-dbfiles.txt + fi + fi fi %files %defattr(-,root,root,-) -%doc README LICENSE docs/mod_nss.html -%config(noreplace) %{apache_sysconfdir}/conf.d/nss.conf +%doc README LICENSE docs/mod_nss.html README-SUSE.txt +%config(noreplace) %{apache_sysconfdir}/conf.d/mod_nss.conf +%config(noreplace) %{apache_sysconfdir}/listen_nss.conf %dir %{apache_libexecdir} -%{apache_libexecdir}/libmodnss.so -%dir %{apache_sysconfdir}/alias/ -%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconfdir}/alias/secmod.db -%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconfdir}/alias/cert8.db -%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconfdir}/alias/key3.db -%ghost %config(noreplace) %{apache_sysconfdir}/alias/install.log -#%%{apache_sysconfdir}/alias/libnssckbi.so +%{apache_libexecdir}/mod_nss.so +%dir %{apache_sysconf_nssdir}/ +%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/secmod.db +%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/cert8.db +%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/key3.db +%ghost %config(noreplace) %{apache_sysconf_nssdir}/install.log +#%%{apache_sysconf_nssdir}/libnssckbi.so %{_sbindir}/nss_pcache %{_sbindir}/gencert +%{_sbindir}/mod_nss_migrate.pl %changelog diff --git a/listen_nss.conf b/listen_nss.conf new file mode 100644 index 0000000..209360d --- /dev/null +++ b/listen_nss.conf @@ -0,0 +1,43 @@ +# This is /etc/apache2/listen-nss.conf +# +# This file is read from /etc/apache2/conf.d/mod_nss.conf , +# the starting point for all configuration of mod_nss. +# +# Please have a look at the top section of the file +# /etc/apache2/conf.d/mod_nss.conf for information and +# instructions about how to enable mod_nss. +# +# +# There are two conditions that have to be met for the Listen directive +# below to become active: +# a) The server define "SSL" is present; this means that the apache process +# is launched with the commandline arguments "-D SSL". +# b) The nss apache module is loaded, which happens automatically if you add +# the name of the module ("nss") to the variable APACHE_MODULES in +# /etc/sysconfig/apache2 +# +# An equivalent section for mod_ssl (openssl based support for SSL/TLS) +# is contained in the file /etc/apache2/listen.conf, with the dependency to +# the module "ssl" loaded (""). +# +# The difference between this file and listen.conf is that listen.conf is +# read (included) from apache's main configuration file /etc/apache2/httpd.conf, +# while _this_ file is included from /etc/apache2/conf.d/mod_nss.conf . + + + + # mod_ssl may be active and has triggered the Listen directive for 443. + # In this case we refrain from doing a second Listen, as the + # correspondance between the bound port and the VirtualHost does + # not happen here anyway. + + + + Listen 443 + + + + + + + diff --git a/mod_nss-CVE-2013-4566-NSSVerifyClient.diff b/mod_nss-CVE-2013-4566-NSSVerifyClient.diff new file mode 100644 index 0000000..3bf2f51 --- /dev/null +++ b/mod_nss-CVE-2013-4566-NSSVerifyClient.diff @@ -0,0 +1,319 @@ +This is CVE-2013-4566: +The flaw is in the NSSVerifyClient (which is equivalent to mod_ssl's +SSLVerifyClient) setting enforcement. If 'NSSVerifyClient none' is set +in the server / vhost context (i.e. when server is configured to not +request or require client certificate authentication on the initial +connection), and client certificate authentication is expected to be +required for a specific directory via 'NSSVerifyClient require' +setting, mod_nss fails to properly require certificate authentication. +Remote attacker can use this to access content of the restricted +directories. + +Reported by Thomas Hoger . + +diff -rNU 150 ../mod_nss-1.0.8-o/nss_engine_kernel.c ./nss_engine_kernel.c +--- ../mod_nss-1.0.8-o/nss_engine_kernel.c 2013-11-29 16:09:37.000000000 +0100 ++++ ./nss_engine_kernel.c 2013-11-29 16:12:20.000000000 +0100 +@@ -133,301 +133,301 @@ + /* + * Check to see if SSL protocol is enabled. If it's not then + * no further access control checks are relevant. The test for + * sc->enabled is probably strictly unnecessary + */ + if (!((sc->enabled == TRUE) || !ssl)) { + return DECLINED; + } + + /* + * Support for per-directory reconfigured SSL connection parameters. + * + * This is implemented by forcing an SSL renegotiation with the + * reconfigured parameter suite. But Apache's internal API processing + * makes our life very hard here, because when internal sub-requests occur + * we nevertheless should avoid multiple unnecessary SSL handshakes (they + * require extra network I/O and especially time to perform). + * + * But the optimization for filtering out the unnecessary handshakes isn't + * obvious and trivial. Especially because while Apache is in its + * sub-request processing the client could force additional handshakes, + * too. And these take place perhaps without our notice. So the only + * possibility is to explicitly _ask_ OpenSSL whether the renegotiation + * has to be performed or not. It has to performed when some parameters + * which were previously known (by us) are not those we've now + * reconfigured (as known by OpenSSL) or (in optimized way) at least when + * the reconfigured parameter suite is stronger (more restrictions) than + * the currently active one. + */ + + /* + * Override of NSSCipherSuite + * + * We provide two options here: + * + * o The paranoid and default approach where we force a renegotiation when + * the cipher suite changed in _any_ way (which is straight-forward but + * often forces renegotiations too often and is perhaps not what the + * user actually wanted). + * + * o The optimized and still secure way where we force a renegotiation + * only if the currently active cipher is no longer contained in the + * reconfigured/new cipher suite. Any other changes are not important + * because it's the servers choice to select a cipher from the ones the + * client supports. So as long as the current cipher is still in the new + * cipher suite we're happy. Because we can assume we would have + * selected it again even when other (better) ciphers exists now in the + * new cipher suite. This approach is fine because the user explicitly + * has to enable this via ``NSSOptions +OptRenegotiate''. So we do no + * implicit optimizations. + */ + if (dc->szCipherSuite) { + /* remember old state */ + for (i=0; i < ciphernum; i++) { + SSL_CipherPrefGet(ssl, ciphers_def[i].num, &ciphers_old[i]); + } + + if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) { + int on, keySize, secretKeySize; + char *issuer, *subject; + + SSL_SecurityStatus(ssl, &on, &cipher, + &keySize, &secretKeySize, &issuer, + &subject); + } + + /* configure new state */ + + ciphers = strdup(dc->szCipherSuite); + if (nss_parse_ciphers(r->server, ciphers, ciphers_new) < 0) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, + r->server, + "Unable to reconfigure (per-directory) " + "permitted SSL ciphers"); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, r->server); + free(ciphers); + + return HTTP_FORBIDDEN; + } + free(ciphers); + + /* Actually enable the selected ciphers. Also check to + see if the existing cipher is in the new list for + a possible optimization later. */ + + for (i=0; inOptions & SSL_OPT_OPTRENEGOTIATE) { + if (cipher_in_list != PR_TRUE) + renegotiate = TRUE; + } + else { + /* paranoid way */ + for (i=0; iserver, + "Reconfigured cipher suite will force renegotiation"); + } + } + + /* + * override of SSLVerifyClient + * + * We force a renegotiation if the reconfigured/new verify type is + * stronger than the currently active verify type. + * + * The order is: none << optional_no_ca << optional << require + * + * Additionally the following optimization is possible here: When the + * currently active verify type is "none" but a client certificate is + * already known/present, it's enough to manually force a client + * verification but at least skip the I/O-intensive renegotation + * handshake. + */ + if (dc->nVerifyClient != SSL_CVERIFY_UNSET) { + PRInt32 on; + + /* remember old state */ + SSL_OptionGet(ssl, SSL_REQUIRE_CERTIFICATE, &on); + if (on == PR_TRUE) { + verify_old = SSL_CVERIFY_REQUIRE; + } else { + SSL_OptionGet(ssl, SSL_REQUEST_CERTIFICATE, &on); + if (on == PR_TRUE) + verify_old = SSL_CVERIFY_OPTIONAL; + else + verify_old = SSL_CVERIFY_NONE; + } + + /* configure new state */ + verify = dc->nVerifyClient; + + if (verify == SSL_CVERIFY_REQUIRE) { + SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE); +- SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR); ++ SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS); + } else if (verify == SSL_CVERIFY_OPTIONAL) { + SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE); + SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER); + } else { + SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_FALSE); + SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER); + } + + /* determine whether we've to force a renegotiation */ + if (!renegotiate && verify != verify_old) { + if (((verify_old == SSL_CVERIFY_NONE) && + (verify != SSL_CVERIFY_NONE)) || + + (!(verify_old & SSL_CVERIFY_OPTIONAL) && + (verify & SSL_CVERIFY_OPTIONAL)) || + + (!(verify_old & SSL_CVERIFY_REQUIRE) && + (verify & SSL_CVERIFY_REQUIRE))) + { + renegotiate = TRUE; + /* optimization */ + + if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) && + (verify_old == SSL_CVERIFY_NONE) && + ((peercert = SSL_PeerCertificate(ssl)) != NULL)) + { + renegotiate_quick = TRUE; + CERT_DestroyCertificate(peercert); + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, + r->server, + "Changed client verification type will force " + "%srenegotiation", + renegotiate_quick ? "quick " : ""); + } + } + } + + /* If a renegotiation is now required for this location, and the + * request includes a message body (and the client has not + * requested a "100 Continue" response), then the client will be + * streaming the request body over the wire already. In that + * case, it is not possible to stop and perform a new SSL + * handshake immediately; once the SSL library moves to the + * "accept" state, it will reject the SSL packets which the client + * is sending for the request body. + * + * To allow authentication to complete in this auth hook, the + * solution used here is to fill a (bounded) buffer with the + * request body, and then to reinject that request body later. + */ + if (renegotiate && !renegotiate_quick + && (apr_table_get(r->headers_in, "transfer-encoding") + || (apr_table_get(r->headers_in, "content-length") + && strcmp(apr_table_get(r->headers_in, "content-length"), "0"))) + && !r->expecting_100) { + int rv; + + /* Fill the I/O buffer with the request body if possible. */ + rv = nss_io_buffer_fill(r); + + if (rv) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "could not buffer message body to allow " + "SSL renegotiation to proceed"); + return rv; + } + } + + /* + * now do the renegotiation if anything was actually reconfigured + */ + if (renegotiate) { + /* + * Now we force the SSL renegotation by sending the Hello Request + * message to the client. Here we have to do a workaround: Actually + * OpenSSL returns immediately after sending the Hello Request (the + * intent AFAIK is because the SSL/TLS protocol says it's not a must + * that the client replies to a Hello Request). But because we insist + * on a reply (anything else is an error for us) we have to go to the + * ACCEPT state manually. Using SSL_set_accept_state() doesn't work + * here because it resets too much of the connection. So we set the + * state explicitly and continue the handshake manually. + */ + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, + "Requesting connection re-negotiation"); + + if (renegotiate_quick) { + SECStatus rv; + CERTCertificate *peerCert; + void *pinArg; + + /* perform just a manual re-verification of the peer */ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "Performing quick renegotiation: " + "just re-verifying the peer"); + + peerCert = SSL_PeerCertificate(sslconn->ssl); + + pinArg = SSL_RevealPinArg(sslconn->ssl); + + rv = CERT_VerifyCertNow(CERT_GetDefaultCertDB(), + peerCert, + PR_TRUE, + certUsageSSLClient, + pinArg); + + CERT_DestroyCertificate(peerCert); + + if (rv != SECSuccess) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "Re-negotiation handshake failed: " + "Client verification failed"); + + return HTTP_FORBIDDEN; + } + + /* The cert is ok, fall through to the check SSLRequires */ + } + else { + int handshake_done = 0; + int result = 0; + + /* do a full renegotiation */ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "Performing full renegotiation: " + "complete handshake protocol"); + + /* Do NOT call SSL_ResetHandshake as this will tear down the + * existing connection. + */ + if (SSL_HandshakeCallback(ssl, HandshakeDone, (void *)&handshake_done) || SSL_ReHandshake(ssl, PR_TRUE)) { + int errCode = PR_GetError(); + if (errCode == SEC_ERROR_INVALID_ARGS) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "Re-negotation request failed: " + "trying to do client authentication on a non-SSL3 connection"); + } else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "Re-negotation request failed: " + "returned error %d", errCode); + } + r->connection->aborted = 1; + return HTTP_FORBIDDEN; + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "Awaiting re-negotiation handshake"); + diff --git a/mod_nss-cipherlist_update_for_tls12-doc.diff b/mod_nss-cipherlist_update_for_tls12-doc.diff new file mode 100644 index 0000000..eed96d7 --- /dev/null +++ b/mod_nss-cipherlist_update_for_tls12-doc.diff @@ -0,0 +1,246 @@ +diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html +--- ../mod_nss-1.0.8-o/docs/mod_nss.html 2014-02-18 16:30:19.000000000 +0100 ++++ ./docs/mod_nss.html 2014-02-18 16:48:18.000000000 +0100 +@@ -632,100 +632,121 @@ + + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + fortezza_null
+ + SSL_FORTEZZA_DMS_WITH_NULL_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + fips_des_sha
+ + SSL_RSA_FIPS_WITH_DES_CBC_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + fips_3des_sha
+ + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + rsa_des_56_sha + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + rsa_rc4_56_sha + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + rsa_aes_128_sha
+ + TLS_RSA_WITH_AES_128_CBC_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + + + rsa_aes_256_sha
+ + TLS_RSA_WITH_AES_256_CBC_SHA
+ + SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 + ++ ++ rsa_aes_128_gcm_sha
++ ++ TLS_RSA_WITH_AES_128_GCM_SHA256
++ ++ TLSv1.0/TLSv1.1/TLSv1.2 ++ ++ ++ rsa_camellia_128_sha
++ ++ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
++ ++ TLSv1.0/TLSv1.1/TLSv1.2 ++ ++ ++ rsa_camellia_256_sha
++ ++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
++ ++ TLSv1.0/TLSv1.1/TLSv1.2 ++ + + +
+ Additionally there are a number of ECC ciphers:
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +@@ -773,100 +794,120 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + +
Cipher Name
+ 		NSS Cipher + Definition
+ 		Protocol
+
ecdh_ecdsa_null_shaTLS_ECDH_ECDSA_WITH_NULL_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_ecdsa_rc4_128_shaTLS_ECDH_ECDSA_WITH_RC4_128_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_ecdsa_3des_shaTLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_ecdsa_aes_128_shaTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_ecdsa_aes_256_shaTLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdhe_ecdsa_null_shaTLS_ECDHE_ECDSA_WITH_NULL_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdhe_ecdsa_rc4_128_shaTLS_ECDHE_ECDSA_WITH_RC4_128_SHATLSv1.0/TLSv1.1/TLSv1.2
echde_rsa_nullTLS_ECDHE_RSA_WITH_NULL_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdhe_rsa_rc4_128_shaTLS_ECDHE_RSA_WITH_RC4_128_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdhe_rsa_3des_shaTLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdhe_rsa_aes_128_shaTLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdhe_rsa_aes_256_shaTLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_anon_null_shaTLS_ECDH_anon_WITH_NULL_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_anon_rc4_128shaTLS_ECDH_anon_WITH_RC4_128_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_anon_3des_shaTLS_ECDH_anon_WITH_3DES_EDE_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_anon_aes_128_shaTLS_ECDH_anon_WITH_AES_128_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_anon_aes_256_shaTLS_ECDH_anon_WITH_AES_256_CBC_SHATLSv1.0/TLSv1.1/TLSv1.2
ecdh_ecdsa_aes_128_gcm_shaTLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256TLSv1.0/TLSv1.1/TLSv1.2
ecdhe_ecdsa_aes_128_gcm_shaTLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256TLSv1.0/TLSv1.1/TLSv1.2
ecdh_rsa_aes_128_gcm_shaTLS_ECDH_RSA_WITH_AES_128_GCM_SHA256TLSv1.0/TLSv1.1/TLSv1.2
ecdhe_rsa_aes_128_gcm_shaTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLSv1.0/TLSv1.1/TLSv1.2
+
+ Example
+
+ NSSCipherSuite + +rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,
+ -rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,
+ +fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha
+
+ NSSProtocol
+
+ A comma-separated string that lists the basic protocols that the server + can use (and clients may connect with). It doesn't enable a cipher + specifically but allows ciphers for that protocol to be used at all.
+
+ Options are:
+
    +
  • SSLv3
    • +
  • TLSv1 (legacy only; replaced by TLSv1.0)
    • +
  • TLSv1.0
    • +
  • TLSv1.1
    • +
  • TLSv1.2
    • +
  • All
    • +
+ Note that this differs from mod_ssl in that you can't add or subtract + protocols.
+
+ If no NSSProtocol is specified, mod_nss will default to allowing the use of + the SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2 protocols, where SSLv3 will be set to be the + minimum protocol allowed, and TLSv1.2 will be set to be the maximum protocol + allowed. +
+ If values for NSSProtocol are specified, mod_nss will set both the minimum + and the maximum allowed protocols based upon these entries allowing for the + inclusion of every protocol in-between. For example, if only SSLv3 and TLSv1.2 + are specified, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 will all be allowed, as NSS utilizes + protocol ranges to accept all protocols inclusively + (TLS 1.2 ->TLS 1.1 -> TLS 1.0 -> SSL 3.0), and does not allow exclusion of any protocols + in the middle of a range (e. g. - TLS 1.0).
+
+ Finally, NSS will always automatically negotiate the use of the strongest + possible protocol that has been specified which is acceptable to both sides of + a given connection.
+ SSLv2 is not supported by default at this time.
+
+ Example
+
+ NSSProtocol SSLv3,TLSv1.0,TLSv1.1,TLSv1.2
+
diff --git a/mod_nss-cipherlist_update_for_tls12.diff b/mod_nss-cipherlist_update_for_tls12.diff new file mode 100644 index 0000000..fb3e1ed --- /dev/null +++ b/mod_nss-cipherlist_update_for_tls12.diff @@ -0,0 +1,243 @@ +diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h +--- ../mod_nss-1.0.8-o/mod_nss.h 2014-02-18 16:30:19.000000000 +0100 ++++ ./mod_nss.h 2014-02-18 16:30:51.000000000 +0100 +@@ -318,103 +318,103 @@ + + /* + * Define the mod_ssl per-directory configuration structure + * (i.e. the local configuration for all + * and .htaccess contexts) + */ + typedef struct { + BOOL bSSLRequired; + apr_array_header_t *aRequirement; + int nOptions; + int nOptionsAdd; + int nOptionsDel; + const char *szCipherSuite; + nss_verify_t nVerifyClient; + const char *szUserName; + } SSLDirConfigRec; + + /* + * Cipher definitions + */ + typedef struct + { + const char *name; + int num; + int fortezza_only; + PRInt32 version; /* protocol version valid for this cipher */ + } cipher_properties; + + /* Compatibility between Apache 2.0.x and 2.2.x. The numeric version of + * the version first appeared in Apache 2.0.56-dev. I picked 2.0.55 as it + * is the last version without this define. This is used for more than just + * the below defines. It also determines which API is used. + */ + #ifndef AP_SERVER_MAJORVERSION_NUMBER + #define AP_SERVER_MAJORVERSION_NUMBER 2 + #define AP_SERVER_MINORVERSION_NUMBER 0 + #define AP_SERVER_PATCHLEVEL_NUMBER 55 + #endif + + #if AP_SERVER_MINORVERSION_NUMBER < 2 + typedef struct regex_t ap_regex_t; + #define AP_REG_EXTENDED REG_EXTENDED + #define AP_REG_NOSUB REG_NOSUB + #define AP_REG_ICASE REG_ICASE + #endif + + enum sslversion { SSL2=1, SSL3=2, TLS=4}; + + /* the table itself is defined in nss_engine_init.c */ + #ifdef NSS_ENABLE_ECC +-#define ciphernum 48 ++#define ciphernum 55 + #else +-#define ciphernum 23 ++#define ciphernum 26 + #endif + + /* + * function prototypes + */ + + /* API glue structures */ + extern module AP_MODULE_DECLARE_DATA nss_module; + + /* configuration handling */ + SSLModConfigRec *nss_config_global_create(server_rec *); + void *nss_config_perdir_create(apr_pool_t *p, char *dir); + void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv); + void *nss_config_server_create(apr_pool_t *p, server_rec *s); + void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv); + const char *nss_cmd_NSSFIPS(cmd_parms *, void *, int); + const char *nss_cmd_NSSEngine(cmd_parms *, void *, int); + const char *nss_cmd_NSSOCSP(cmd_parms *, void *, int); + const char *nss_cmd_NSSOCSPDefaultResponder(cmd_parms *, void *, int); + const char *nss_cmd_NSSOCSPDefaultURL(cmd_parms *, void *dcfg, const char *arg); + const char *nss_cmd_NSSOCSPDefaultName(cmd_parms *, void *, const char *arg); + const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSDBPrefix(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg); + #ifdef SSL_ENABLE_RENEGOTIATION + const char *nss_cmd_NSSRenegotiation(cmd_parms *cmd, void *dcfg, int flag); + const char *nss_cmd_NSSRequireSafeNegotiation(cmd_parms *cmd, void *dcfg, int flag); + #endif + #ifdef NSS_ENABLE_ECC + const char *nss_cmd_NSSECCNickname(cmd_parms *cmd, void *dcfg, const char *arg); + #endif + const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int); + const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); + const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg); + const char *nss_cmd_NSSOptions(cmd_parms *, void *, const char *); + const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg); + const char *nss_cmd_NSSRequire(cmd_parms *, void *, const char *); + + const char *nss_cmd_NSSProxyEngine(cmd_parms *cmd, void *dcfg, int flag); + const char *nss_cmd_NSSProxyProtocol(cmd_parms *, void *, const char *); + const char *nss_cmd_NSSProxyCipherSuite(cmd_parms *, void *, const char *); + const char *nss_cmd_NSSProxyNickname(cmd_parms *cmd, void *dcfg, const char *arg); +diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c +--- ../mod_nss-1.0.8-o/nss_engine_init.c 2014-02-18 16:30:19.000000000 +0100 ++++ ./nss_engine_init.c 2014-02-18 16:30:51.000000000 +0100 +@@ -15,122 +15,130 @@ + + #include "mod_nss.h" + #include "apr_thread_proc.h" + #include "ap_mpm.h" + #include "secmod.h" + #include "sslerr.h" + #include "pk11func.h" + #include "ocsp.h" + #include "keyhi.h" + #include "cert.h" + + static SECStatus ownBadCertHandler(void *arg, PRFileDesc * socket); + static SECStatus ownHandshakeCallback(PRFileDesc * socket, void *arg); + static SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg); + static CERTCertificate* FindServerCertFromNickname(const char* name, const CERTCertList* clist); + SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); + + /* + * Global variables defined in this file. + */ + char* INTERNAL_TOKEN_NAME = "internal "; + + cipher_properties ciphers_def[ciphernum] = + { + /* SSL2 cipher suites */ + {"rc4", SSL_EN_RC4_128_WITH_MD5, 0, SSL2}, + {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5, 0, SSL2}, + {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5, 0, SSL2}, + {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, 0, SSL2}, + {"des", SSL_EN_DES_64_CBC_WITH_MD5, 0, SSL2}, + {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, 0, SSL2}, + /* SSL3/TLS cipher suites */ + {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5, 0, SSL3 | TLS}, + {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA, 0, SSL3 | TLS}, + {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA, 0, SSL3 | TLS}, + {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA, 0, SSL3 | TLS}, + {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, 0, SSL3 | TLS}, + {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 0, SSL3 | TLS}, + {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5, 0, SSL3 | TLS}, + {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA, 0, SSL3 | TLS}, + {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, 0, SSL3 | TLS}, + {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, 0, SSL3 | TLS}, + {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, 1, SSL3 | TLS}, + {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, 1, SSL3 | TLS}, + {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA, 1, SSL3 | TLS}, + /* TLS 1.0: Exportable 56-bit Cipher Suites. */ + {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 0, SSL3 | TLS}, + {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 0, SSL3 | TLS}, + /* AES ciphers.*/ + {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, 0, SSL3 | TLS}, ++ {"rsa_aes_128_gcm_sha", TLS_RSA_WITH_AES_128_GCM_SHA256, 0, TLS}, ++ {"rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 0, TLS}, + {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, 0, SSL3 | TLS}, ++ {"rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 0, TLS}, ++ + #ifdef NSS_ENABLE_ECC + /* ECC ciphers.*/ + {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, 0, TLS}, + {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS}, ++ {"ecdh_ecdsa_aes_128_gcm_sha", TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 0, TLS}, + {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA, 0, TLS}, + {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS}, ++ {"ecdhe_ecdsa_aes_128_gcm_sha", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0, TLS}, + {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, 0, TLS}, + {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 0, TLS}, ++ {"ecdh_rsa_aes_128_gcm_sha", TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 0, TLS}, + {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA, 0, TLS}, + {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0, TLS}, + {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0, TLS}, ++ {"ecdhe_rsa_aes_128_gcm_sha", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0, TLS}, + {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0, TLS}, + {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, 0, TLS}, + {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA, 0, TLS}, + {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 0, TLS}, + {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 0, TLS}, + {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 0, TLS}, + #endif + }; + + static char *version_components[] = { + "SSL_VERSION_PRODUCT", + "SSL_VERSION_INTERFACE", + "SSL_VERSION_LIBRARY", + NULL + }; + + static char *nss_add_version_component(apr_pool_t *p, + server_rec *s, + char *name) + { + char *val = nss_var_lookup(p, s, NULL, NULL, name); + + if (val && *val) { + ap_add_version_component(p, val); + } + + return val; + } + + static void nss_add_version_components(apr_pool_t *p, + server_rec *s) + { + char *vals[sizeof(version_components)/sizeof(char *)]; + int i; + + for (i=0; version_components[i]; i++) { + vals[i] = nss_add_version_component(p, s, + version_components[i]); + } + + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Server: %s, Interface: %s, Library: %s", + AP_SERVER_BASEVERSION, + vals[1], /* SSL_VERSION_INTERFACE */ + vals[2]); /* SSL_VERSION_LIBRARY */ + } + + /* + * Initialize SSL library + * diff --git a/mod_nss-conf.patch b/mod_nss-conf.patch deleted file mode 100644 index 41cd15f..0000000 --- a/mod_nss-conf.patch +++ /dev/null @@ -1,70 +0,0 @@ ---- mod_nss-1.0.6/nss.conf.in.orig 2006-10-20 11:08:42.000000000 -0400 -+++ mod_nss-1.0.6/nss.conf.in 2013-01-22 10:33:25.000000000 +0100 -@@ -8,14 +8,16 @@ - # consult the online docs. You have been warned. - # - -+LoadModule nss_module @apache_lib@/libmodnss.so -+ - # - # When we also provide SSL we have to listen to the - # standard HTTP port (see above) and to the HTTPS port - # - # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two --# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -+# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443" - # --Listen 443 -+Listen 8443 - - ## - ## SSL Global Context -@@ -40,7 +42,7 @@ - # Pass Phrase Helper: - # This helper program stores the token password pins between - # restarts of Apache. --NSSPassPhraseHelper @apache_bin@/nss_pcache -+NSSPassPhraseHelper /usr/sbin/nss_pcache - - # Configure the SSL Session Cache. - # NSSSessionCacheSize is the number of entries in the cache. -@@ -68,17 +70,17 @@ - ## SSL Virtual Host Context - ## - -- -+ - - # General setup for the virtual host - #DocumentRoot "@apache_prefix@/htdocs" --#ServerName www.example.com:443 -+#ServerName www.example.com:8443 - #ServerAdmin you@example.com - - # mod_nss can log to separate log files, you can choose to do that if you'd like - # LogLevel is not inherited from httpd.conf. --#ErrorLog @apache_prefix@/logs/error_log --#TransferLog @apache_prefix@/logs/access_log -+ErrorLog /var/log/apache2/error_log -+TransferLog /var/log/apache2/access_log - LogLevel warn - - # SSL Engine Switch: -@@ -113,7 +115,7 @@ - # The NSS security database directory that holds the certificates and - # keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. - # Provide the directory that these files exist. --NSSCertificateDatabase @apache_conf@ -+NSSCertificateDatabase @apache_conf@/alias - - # Database Prefix: - # In order to be able to store multiple NSS databases in one directory -@@ -189,7 +191,7 @@ - - NSSOptions +StdEnvVars - -- -+ - NSSOptions +StdEnvVars - - diff --git a/mod_nss-negotiate.patch b/mod_nss-negotiate.patch index b6f572f..8f36996 100644 --- a/mod_nss-negotiate.patch +++ b/mod_nss-negotiate.patch @@ -123,27 +123,6 @@ diff -up ./nss_engine_init.c.norego ./nss_engine_init.c static void nss_init_ctx_protocol(server_rec *s, -diff -up ./nss.conf.in.norego ./nss.conf.in ---- ./nss.conf.in.norego 20 Oct 2006 15:23:39 -0000 -+++ ./nss.conf.in 18 Mar 2010 18:34:46 -0000 -@@ -64,6 +64,17 @@ - #NSSRandomSeed startup file:/dev/random 512 - #NSSRandomSeed startup file:/dev/urandom 512 - -+# -+# TLS Negotiation configuration under RFC 5746 -+# -+# Only renegotiate if the peer's hello bears the TLS renegotiation_info -+# extension. Default off. -+NSSRenegotiation off -+ -+# Peer must send Signaling Cipher Suite Value (SCSV) or -+# Renegotiation Info (RI) extension in ALL handshakes. Default: off -+NSSRequireSafeNegotiation off -+ - ## - ## SSL Virtual Host Context - ## diff -up ./nss_engine_log.c.norego ./nss_engine_log.c --- ./nss_engine_log.c.norego 17 Oct 2006 16:45:57 -0000 diff --git a/mod_nss-tlsv1_1.patch b/mod_nss-tlsv1_1.patch index 4dee39b..2a33a4d 100644 --- a/mod_nss-tlsv1_1.patch +++ b/mod_nss-tlsv1_1.patch @@ -375,28 +375,6 @@ Index: mod_nss-1.0.8/mod_nss.c SSL_CMD_SRV(ProxyCipherSuite, TAKE1, "SSL Proxy: colon-delimited list of permitted SSL ciphers " "(`XXX:...:XXX' - see manual)") -Index: mod_nss-1.0.8/nss.conf.in -=================================================================== ---- mod_nss-1.0.8.orig/nss.conf.in -+++ mod_nss-1.0.8/nss.conf.in -@@ -111,7 +111,16 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4 - # ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography - #NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha - --NSSProtocol SSLv3,TLSv1 -+# SSL Protocol: -+# Cryptographic protocols that provide communication security. -+# NSS handles the specified protocols as "ranges", and automatically -+# negotiates the use of the strongest protocol for a connection starting -+# with the maximum specified protocol and downgrading as necessary to the -+# minimum specified protocol that can be used between two processes. -+# Since all protocol ranges are completely inclusive, and no protocol in the -+# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.2" -+# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1,TLSv1.2". -+NSSProtocol SSLv3,TLSv1.0,TLSv1.1,TLSv1.2 - - # SSL Certificate Nickname: - # The nickname of the RSA server certificate you are going to use. Index: mod_nss-1.0.8/nss_engine_init.c =================================================================== --- mod_nss-1.0.8.orig/nss_engine_init.c diff --git a/mod_nss.conf.in b/mod_nss.conf.in new file mode 100644 index 0000000..a220d52 --- /dev/null +++ b/mod_nss.conf.in @@ -0,0 +1,330 @@ +# This is /etc/apache2/conf.d/mod_nss.conf +# +# Configuration for mod_nss starts in this file. +# +# Contents: +# 1) generic information about mod_nss and its relation to mod_ssl +# 2) initialization and loading of the apache module in the SUSE framework +# 3) hints on specifics for the configuration. +#.............................................................................. +# +# 1) generic information about mod_nss and its relation to mod_ssl +# +# Concurrency of apache crypto modules: +# +# mod_nss implements SSL/TLS protocol support for the apache webserver and +# is an alternative to mod_ssl. Both modules can be initialized at the same +# time, but, obviously, the protocol handlers ("SSLEngine on" for mod_ssl +# and "NSSEngine on" for mod_nss) cannot be active simultaneously, at a +# global scope, or in the context of a VirtualHost configuration directive +# block. +# +# If for a port that apache listens on, only one VirtualHost section +# has the directive "NSSEngine" set to "on", it will have precedence over +# all other VirtualHost declarations (that may have SSLEngine set to on +# in their context). A simultaneaous operation of both modules for different +# VirtualHosts on the same IP Address and port is not possible. +# +# Reason: +# The brwoser/client connects to the web server's port 443 and initializes +# an SSL/TLS handshake. If SSLv3 protocol is used, there is no way for the +# client to specify the host that it wants to connect to, unless the crypto +# has been fully initialized already. Similarly, the server cannot present +# the correct certificate to the browser that matches the requested hostname. +# As a consequence, if endpoints are limited to SSLv3, only one web server and +# no virtual servers can be bound to one address. Each additional web server +# would need a new IP address. +# Starting with TLSv1.0, the protocol comes with the Server Name Indication +# (SNI) extension that allows the client to specify the requested hostname +# before the cryptographical part of the protocol is initialized. However, +# this type of hostname distinction is handled by the crypto library in +# combination with mod_ssl or mod_nss, not by apache's core. +# This means that in a dual mod_ssl and mod_nss configuration that is not +# selective on IP addresses, and even if you use TLSv1.0 and newer only, +# only one out of mod_ssl or mod_nss will be active. +# Consequences: +# a) If you need support for encrypted connections using _both_ mod_nss and +# mod_ssl, you should consider using more than one IP addresses, and +# configure the server's crypto engine/module bound to the IP address. +# b) If you do NOT need both mod_nss and mod_ssl simultaneaously in apache, +# it is recommended to decide for one and deactivate the other. +# +# Certificates: +# The directory /etc/apache/mod_nss.d contains everything that mod_nss +# needs: keys, certificates. The default configuration has reference +# to .db files in /etc/apache/mod_nss.d that shall illustrate how the +# configuration should/could look like. +# +# In addition to providing a central location to store keys and certificates, +# /etc/apache/mod_nss.d may also contain configuration files that are +# included directly after this documentation text. Note that only files +# named *.conf are included! +# +# +#.............................................................................. +# 2) initialization and loading of the apache module in the SUSE framework +# +# To get SSL/TLS support activated in apache, two things have to be done: +# a) configure and initialize the crypto module that provides the SSL/TLS +# protocol support in apache +# b) tell apache to listen on the port where browsers typically connect to +# if they want to talk SSL/TLS. Normally TCP port 443. +# +# about a): +# The apache module (a shared object file) is loaded by the framework if +# the config variable APACHE_MODULES set in /etc/sysconfig/apache2 +# contains the module name ("nss", without the preceding "mod_"). +# Either you edit /etc/sysconfig/apache2 manually and add the module name +# nss to the other modules in APACHE_MODULES, or you let the command +# +# a2enmod nss +# +# do this for you. "a2enmod -d nss" reverses that change and disables mod_nss +# again. +# All of the configuration directives set in the default config files are +# conditional for the loading of the module, which is evident when looking at +# the "" that shows up further below. +# +# about b) +# The Listen directive in /etc/apache2/listen_nss.conf is conditional on +# the server-define "SSL". Add the word SSL to the variable +# APACHE_SERVER_FLAGS in the file /etc/sysconfig/apache2 . +# +# Please note that /etc/apache2/listen.conf is read/included from the apache +# main configuration file /etc/apache2/httpd.conf; +# /etc/apache2/listen_nss.conf is read from this file, just below. +# +# Additional information can also be found in +# /usr/share/doc/packages/apache2-mod_nss/README-SUSE.txt +# +# Roman Drahtmueller +# + + + + + + +Include /etc/apache2/listen_nss.conf +Include /etc/apache2/mod_nss.d/*.conf + + + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +NSSPassPhraseDialog builtin + + +# Pass Phrase Helper: +# This helper program stores the token password pins between +# restarts of Apache. +NSSPassPhraseHelper @apache_bin@/nss_pcache + +# Configure the SSL Session Cache. +# NSSSessionCacheSize is the number of entries in the cache. +# NSSSessionCacheTimeout is the SSL2 session timeout (in seconds). +# NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds). +NSSSessionCacheSize 10000 +NSSSessionCacheTimeout 100 +NSSSession3CacheTimeout 86400 + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. Those platforms usually also provide a non-blocking +# device, /dev/urandom, which may be used instead. +# As a rule of thumb, /dev/urandom should only be used for short-term +# secrets (eg. keys, session keys, credentials), while longer-living +# secrets such as key pair for a certificate should receive its +# randomness from /dev/random . +# +# This does not support seeding the RNG with each connection. + +NSSRandomSeed startup builtin +#NSSRandomSeed startup file:/dev/random 512 +#NSSRandomSeed startup file:/dev/urandom 512 + + +# +# TLS Negotiation configuration under RFC 5746 +# +# Only renegotiate if the peer's hello bears the TLS renegotiation_info +# extension. Default off. +NSSRenegotiation off + +# Peer must send Signaling Cipher Suite Value (SCSV) or +# Renegotiation Info (RI) extension in ALL handshakes. Default: off +NSSRequireSafeNegotiation off + + + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host +#DocumentRoot "@apache_prefix@/htdocs" +#ServerName www.example.com:443 +#ServerAdmin you@example.com + +# mod_nss can log to separate log files, you can choose to do that if you'd like +# LogLevel is not inherited from httpd.conf. +#ErrorLog /var/log/apache2/error_log +#TransferLog /var/log/apache2/access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +NSSEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_nss documentation for a complete list. + +# SSL 3 ciphers. SSL 2 is disabled by default. +NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + +# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default. +# +# Comment out the NSSCipherSuite line above and use the one below if you have +# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography +#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha + + +# SSL Protocol: +# Cryptographic protocols that provide communication security. +# NSS handles the specified protocols as "ranges", and automatically +# negotiates the use of the strongest protocol for a connection starting +# with the maximum specified protocol and downgrading as necessary to the +# minimum specified protocol that can be used between two processes. +# Since all protocol ranges are completely inclusive, and no protocol in the +# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.2" +# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1,TLSv1.2". +# Here, we disable SSLv3, but allow TLSv1.0 through TLSv1.2 : +NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 + +# SSL Certificate Nickname: +# The nickname of the RSA server certificate you are going to use. +NSSNickname Server-Cert + +# SSL Certificate Nickname: +# The nickname of the ECC server certificate you are going to use, if you +# have an ECC-enabled version of NSS and mod_nss +#NSSECCNickname Server-Cert-ecc + +# Server Certificate Database: +# The NSS security database directory that holds the certificates and +# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. +# Provide the directory that these files exist. +NSSCertificateDatabase @apache_conf@/mod_nss.d + +# Database Prefix: +# In order to be able to store multiple NSS databases in one directory +# they need unique names. This option sets the database prefix used for +# cert8.db and key3.db. +#NSSDBPrefix my-prefix- + +# Client Authentication (Type): +# Client certificate verification type. Types are none, optional and +# require. +#NSSVerifyClient none + +# +# Online Certificate Status Protocol (OCSP). +# Verify that certificates have not been revoked before accepting them. +#NSSOCSP off + +# +# Use a default OCSP responder. If enabled this will be used regardless +# of whether one is included in a client certificate. Note that the +# server certificate is verified during startup. +# +# NSSOCSPDefaultURL defines the service URL of the OCSP responder +# NSSOCSPDefaultName is the nickname of the certificate to trust to +# sign the OCSP responses. +#NSSOCSPDefaultResponder on +#NSSOCSPDefaultURL http://example.com/ocsp/status +#NSSOCSPDefaultName ocsp-nickname + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_nss documentation +# for more details. +# +#NSSRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "NSSRequireSSL" or "NSSRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire + + NSSOptions +StdEnvVars + + + NSSOptions +StdEnvVars + + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \ +# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + + + + + + diff --git a/mod_nss_migrate.pl b/mod_nss_migrate.pl new file mode 100644 index 0000000..88457d8 --- /dev/null +++ b/mod_nss_migrate.pl @@ -0,0 +1,396 @@ +#!/usr/bin/perl +# +# Migrate configuration from OpenSSL to NSS + +use Cwd; +use Getopt::Std; + +BEGIN { +# $NSSDir = cwd(); + $NSSDir = "/etc/apache2/mod_nss.d"; + + $SSLCACertificatePath = ""; + $SSLCACertificateFile = ""; + $SSLCertificateFile = ""; + $SSLCARevocationPath = ""; + $SSLCARevocationFile = ""; + $SSLCertificateKeyFile = ""; + $passphrase = 0; +} + +%skip = ( "SSLRandomSeed" => "", + "SSLSessionCache" => "", + "SSLMutex" => "", + "SSLCertificateChainFile" => "", + "SSLVerifyDepth" => "" , + "SSLCryptoDevice" => "" , + "LoadModule" => "" , + ); + +%insert = ( "NSSSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",); + +getopts('chr:w:' , \%opt ); + +sub usage() { + print STDERR "Usage: mod_nss_migrate.pl [-c] -r -w \n"; + print STDERR "\t-c converts the certificates\n"; + print STDERR "This conversion script is not aware of apache's configuration blocks\n"; + print STDERR "and nestable conditional directives. Please check the output of the\n"; + print STDERR "conversion and adjust manually if necessary!\n"; + exit(); +} + +usage() if ( $opt{h} || !$opt{r} || !$opt{w} ) ; + + + +print STDERR "input: $opt{r} output: $opt{w}\n"; + +open (SSL, "<", $opt{r} ) or die "Unable to open $opt{r}: $!.\n"; +open (NSS, ">", $opt{w} ) or die "Unable to open $opt{w}: $!.\n"; + + +print NSS "## This is a conversion of mod_ssl specific options by /usr/sbin/mod_nss_migrate.pl\n"; +print NSS "## Most of the comments in the original .conf file have been omitted here, as\n"; +print NSS "## the comments may not be valid for mod_nss, too.\n"; +print NSS "## \n"; +print NSS "## Please read through this configuration and verify the individual options!\n\n"; + + +while () { + my $comment = 0; + + + # write through even if in comment before comments are stripped below. + if(/(ServerName|ServerAlias)/) { + print NSS $_; + next; + } + + # skip blank lines and comments + if (/^#/ || /^\s*#/ || /^\s*$/) { +# do not copy them; they may not be useful anyway. +# print NSS $_; + next; + } + + s/mod_ssl\.c/mod_nss.c/; + + # write through nestable apache configuration block directives: + if (/^ section if you do not need it.\n\n"; +print STDERR "Also, do not forget to rename the ssl based apache config file"; +print STDERR "(our example: myhost-ssl.conf) to a file that does not end in .conf\n"; +print STDERR "(our example: myhost-ssl.conf-disabled-for-nss)\n\n"; +print STDERR "Then, restart apache (rcapache2 restart) and have a look into the error logs.\n"; + +exit(0); + + +# Migrate configuration from OpenSSL to NSS +sub get_ciphers { + my $str = shift; + + %cipher_list = ( + "rc4" => ":ALL:SSLv2:RSA:MD5:MEDIUM:RC4:", + "rc4export" => ":ALL:SSLv2:RSA:EXP:EXPORT40:MD5:RC4:", + "rc2" => ":ALL:SSLv2:RSA:MD5:MEDIUM:RC2:", + "rc2export" => ":ALL:SSLv2:RSA:EXP:EXPORT40:MD5:RC2:", + "des" => ":ALL:SSLv2:RSA:EXP:EXPORT56:MD5:DES:LOW:", + "desede3" => ":ALL:SSLv2:RSA:MD5:3DES:HIGH:", + "rsa_rc4_128_md5" => ":ALL:SSLv3:TLSv1:RSA:MD5:RC4:MEDIUM:", + "rsa_rc4_128_sha" => ":ALL:SSLv3:TLSv1:RSA:SHA:RC4:MEDIUM:", + "rsa_3des_sha" => ":ALL:SSLv3:TLSv1:RSA:SHA:3DES:HIGH:", + "rsa_des_sha" => ":ALL:SSLv3:TLSv1:RSA:SHA:DES:LOW:", + "rsa_rc4_40_md5" => ":ALL:SSLv3:TLSv1:RSA:EXP:EXPORT40:RC4:", + "rsa_rc2_40_md5" => ":ALL:SSLv3:TLSv1:RSA:EXP:EXPORT40:RC2:", + "rsa_null_md5" => ":SSLv3:TLSv1:RSA:MD5:NULL:", + "rsa_null_sha" => ":SSLv3:TLSv1:RSA:SHA:NULL:", + "rsa_des_56_sha" => ":ALL:SSLv3:TLSv1:RSA:DES:SHA:EXP:EXPORT56:", + "rsa_rc4_56_sha" => ":ALL:SSLv3:TLSv1:RSA:RC4:SHA:EXP:EXPORT56:", + ); + + $NUM_CIPHERS = 16; + + for ($i = 0; $i < $NUM_CIPHERS; $i++) { + $selected[$i] = 0; + } + + # Don't need to worry about the ordering properties of "+" because + # NSS always chooses the "best" cipher anyway. You can't specify + # preferred order. + + # -1: this cipher is completely out + # 0: this cipher is currently unselected, but maybe added later + # 1: this cipher is selected + + @s = split(/:/, $str); + + for ($i = 0; $i <= $#s; $i++) { + $j = 0; + $val = 1; + + # ! means this cipher is disabled forever + if ($s[$i] =~ /^!/) { + $val = -1; + ($s[$i] =~ s/^!//); + } elsif ($s[$i] =~ /^-/) { + $val = 0; + ($s[$i] =~ s/^-//); + } elsif ($s[$i] =~ /^+/) { + ($s[$i] =~ s/^+//); + } + + for $cipher (sort keys %cipher_list) { + $match = 0; + + # For embedded + we do an AND for all options + if ($s[$i] =~ m/(\w+\+)+/) { + @sub = split(/^\+/, $s[$i]); + $match = 1; + for ($k = 0; $k <=$#sub; $k++) { + if ($cipher_list{$cipher} !=~ m/:$sub[$k]:/) { + $match = 0; + } + } + } else { # straightforward match + if ($cipher_list{$cipher} =~ m/:$s[$i]:/) { + $match = 1; + } + } + + if ($match && $selected[$j] != -1) { + $selected[$j] = $val; + } + $j++; + } + } + + # NSS doesn't honor the order of a cipher list, it uses the "strongest" + # cipher available. So we'll print out the ciphers as SSLv2, SSLv3 and + # the NSS ciphers not available in OpenSSL. + $str = "SSLv2:SSLv3"; + @s = split(/:/, $str); + + $ciphersuite = ""; + + for ($i = 0; $i <= $#s; $i++) { + $j = 0; + for $cipher (sort keys %cipher_list) { + if ($cipher_list{$cipher} =~ m/:$s[$i]:/) { + if ($selected[$j]) { + $ciphersuite .= "+"; + } else { + $ciphersuite .= "-"; + } + $ciphersuite .= $cipher . ","; + } + $j++; + } + } + + $ciphersuite .= "-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha"; + + return $ciphersuite; +} + +# Given the filename of a PEM file, use openssl to fetch the certificate +# subject +sub get_cert_subject { + my $file = shift; + my $subject = ""; + + return "" if ! -T $file; + + $subject = `openssl x509 -subject < $file | head -1`; + $subject =~ s/subject= \///; # Remove leading subject= \ + $subject =~ s/\//,/g; # Replace / with , as separator + $subject =~ s/Email=.*(,){0,1}//; # Remove Email attribute + $subject =~ s/,$//; # Remove any trailing commas + + chomp($subject); + + return $subject; +} + +# +# Wrapper around the system() command + +sub run_command { + my @args = shift; + my $status = 0; + + $status = 0xffff & system(@args); + + return if ($status == 0); + + print STDERR "Command '@args' failed: $!\n"; + + exit; +}