SSL/TLS guidelines

On this page:

Overview

Transport Layer Security (TLS), formerly Secure Sockets Layer (SSL), when configured correctly, ensures that communications remain private when transmitted on a network. This protocol uses strong cryptography to encrypt for network connections and authenticate one or more of the endpoints. TLS is used to secure data in transit, frequently on websites, but also in other applications. The following explains how to configure TLS correctly for web servers and includes several platform-specific examples.

Use TLS

Most server software treats TLS as an optional feature. In the past, many web servers didn't use TLS due to performance concerns or the cost of obtaining the requisite certificate. In today's world of high performance servers and readily available TLS certificates, it makes sense to enable TLS for every website you maintain. At IU, certificates are available from InCommon without fee to the service owner.

Occasionally, server administrators use self-signed certificates to save money or as a temporary measure. The University Information Security Office (UISO) recommends against this practice on production sites. Also, server maintainers should ensure every certificate is renewed before its expiration date.

Safeguard the private key

Obtaining a certificate involves creating and keeping a private key as well as the certificate you'll receive from the certifying authority. This private key should be kept in its own file, to which only system administrators should be granted access. Ideally, you should store the key encrypted, but doing so requires the web server software to prompt for the encryption key when the server is started. System owners need to balance the risk of key theft (which can allow an attacker to decrypt site traffic on the network) against server availability, as waiting for an administrator to supply the encryption key after a reboot could take time.

Use modern TLS protocols

SSL and TLS have gone through a number of protocol revisions over the years, and many of the older versions have vulnerabilities. No version of SSL is considered safe; for example, SSLv3 is vulnerable to the Padding Oracle on Downgraded Legacy Encryption (POODLE) attack. Servers should be configured to use TLSv1.2 (and TLSv1.3 where supported).

Use modern ciphers

Under the hood, TLS uses mathematical algorithms to do the cryptography. These algorithms are called ciphers, and like the TLS protocols above, they show their weaknesses over time. The UISO recommends disabling those ciphers now considered to be weak, including NULL (no encryption at all!), RC4, and any cipher that uses keys shorter than 256 bits.

Some other ciphers are considered medium-strength (such as Triple DES and IDEA), and the UISO recommends disabling those, too.

Scan your configuration

Tools are available to ensure you have configured your server correctly. The sslscan tool is a command-line configuration checker for scanning sites on a network. This tool is useful if your web server isn't public, and you need to scan it from another system on your local network.

Qualys SSL Labs is a web-based tool that you can use to scan sites that are publicly reachable on the internet.

Specific web server software configuration

Below are some examples of how to configure various web servers per the guidance above. These examples are for the most recent versions of each platform. The Center for Information Security (CIS) SecureSuite Benchmarks have examples for many different platforms and versions.

Note:
Some old web browser versions may only support weak protocols and ciphers. If your customers can't be persuaded to upgrade, you might decide to accept the risk of enabling the weak protocols and ciphers that allow these customers to operate. In these cases, it's important to document what risks you have accepted and why, and revisit the decision periodically.

Apache

To configure Apache to use modern protocols and ciphers, see SSL/TLS Strong Encryption: How-To.

IIS

To configure IIS to use modern protocols and ciphers, see Transport Layer Security (TLS) registry settings.

NGINX

To configure NGINX to use modern protocols and ciphers, see Configuring HTTPS servers.

Learn more

The CIS SecureSuite Benchmarks provide security guidance for a number of platforms, not just web servers, and not just related to TLS. They contain useful "recipes" that are freely available for securing server and endpoint systems.

See also the following resources:

This is document awqn in the Knowledge Base.
Last modified on 2023-04-24 14:25:27.