chubin
commented
4 years ago @zeevt Thanks a lot for this issue, and for such detailed explanation. I plan to eliminate the nginx server completely, and expose the web-service directly into the Internet. It is go server, based on the standard http/https Go implementation. I suppose that from the security perspective, a up-to-date Go binary based on the standard http/https implementation should be at least not worse than a several years old nginx. Do you have some concerns regarding this?
I added a "DH param", as recommended in 3. Could you please check if it works properly now?
zeevt
nginx by default uses an insecure (too small and common, pre-computed by NSA) DHE group. Chrome does not support DHE and many modern servers also don't support DHE, so it is safe to just disable DHE. You can make the DHE secure, or disable it, but please don't leave it as is.
Please do one of the following:
Update nginx to version 1.11.0 or newer.
Disable the
TLS_DHE_*cipher suites by settingssl_ciphersin nginx.conf to something likeEECDH+aRSA+AESGCM:EECDH+aRSA+CHACHA20:EECDH+aRSA+AES:RSA+AESGCM:RSA+AESGenerate a "DH param" and tell nginx to use it:
$ openssl dhparam 2048 | sudo tee /etc/nginx/dhparama.pemedit nginx.conf and add
ssl_dhparam /etc/nginx/dhparama.pem.The generated value is not secret, your server will send it fully in the ServerKeyExchange TLS message to any client that wants to use DHE (and not a better TLSECDHE or deprecated TLSRSA cipher suite), and you could use a hardcoded value from an RFC, but letting openssl generate a value is safe if the value is big enough (at least 2048).
See https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
Additionally, please consider adding an HSTS header with a long timeout (e.g.
add_header Strict-Transport-Security "max-age=31536000" always;) and submitting your domain to HSTS preload list (https://hstspreload.org/).You can check your work using https://www.ssllabs.com/ssltest/analyze.html?d=wttr.in