Configure Options to secure SQuiD SSL connections (SQuiD 3.x)

Reiner030

Hi,

if you test your reverse SQuiD proxy instance with https://www.ssllabs.com/ssltest/analyze.html you'll find out that it's insecure:

Configuration

Protocols
TLS 1.2	 No
TLS 1.1	 No
TLS 1.0	 Yes
SSL 3.0	Yes
SSL 2.0   INSECURE	Yes

Cipher Suites (sorted by strength; server has no preference)
TLS_RC4_128_EXPORT40_WITH_MD5 (0x20080)   WEAK	40
TLS_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080)   WEAK	40
TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3)   WEAK	40
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6)   WEAK	40
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8)   WEAK	40
TLS_DES_64_CBC_WITH_MD5 (0x60040)   WEAK	56
TLS_RSA_WITH_DES_CBC_SHA (0x9)   WEAK	56
TLS_RC4_128_WITH_MD5 (0x10080)	128
TLS_RC2_128_CBC_WITH_MD5 (0x30080)	128
TLS_RSA_WITH_RC4_128_MD5 (0x4)	128
TLS_RSA_WITH_RC4_128_SHA (0x5)	128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)	128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)	128
TLS_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)	168
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)	168
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)	256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)	256

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	Supported   DoS DANGER (more info)
Insecure Client-Initated Renegotiation	No
BEAST attack	Vulnerable   INSECURE (more info)
Compression	No
RC4	Yes   PROBLEMATIC (more info)
Next Protocol Negotiation	No
Session resumption	Yes
Session tickets	Yes
OCSP stapling	No
Strict Transport Security	No
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	 0x0304: 0x301, 0x0399: 0x301, 0x0499: fail
SSLv2 handshake compatibility	 Yes

So I tried in "Proxy server: General settings", "General", Box "Custom Options" following lines as found e.g. in:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-9-SSL-Reverse-PROXY-Insecure-Renegotiation-Supported-tp3043176p3043252.html :

# SSL Options to 
sslproxy_options NO_SSLv2
sslproxy_cipher ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 

But it won't work. Is there compile support needed or what can be done here? Should be a global problem/whish ;)

Bests

Reiner

Reiner030

Hi,

seems that the sslproxy* options are only usable for CONNECT sessions.

I tested it first with adding to my additional https_port line and then created following patch which works nice:

--- /usr/local/pkg/squid_reverse.inc.orig       2013-06-17 22:14:28.000000000 +0200
+++ /usr/local/pkg/squid_reverse.inc    2013-06-30 04:52:54.000000000 +0200
@@ -82,7 +82,7 @@
                                $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
                      //HTTPS
                      if (!empty($settings['reverse_https']))
-                               $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
+                               $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";
                        }
                }

@@ -94,7 +94,7 @@
                                $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
                      //HTTPS
                      if (!empty($settings['reverse_https']))
-                               $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
+                               $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";
                        }
                }

Would nice if you /package mantainer can add it. Perhaps with additonal selectable options per GUI so people can deactivate it if they need it for older browswers?

For SQuiD3 package on 2.0.3 I get now following testresult:

Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3.0 No
SSL 2.0 No

Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256

Handshake Simulation (Experimental)
Chrome 27 TLS 1.0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
Firefox 21 TLS 1.0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
Internet Explorer 9 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
Internet Explorer 10 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
Safari iOS 6.0.1 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
Safari 5.1 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128

Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation Supported  DoS DANGER (more info)
Insecure Client-Initated Renegotiation No
BEAST attack Vulnerable  INSECURE (more info)
Compression No
RC4 Yes  PROBLEMATIC (more info)
Forward Secrecy No (more info)
Next Protocol Negotiation No
Session resumption Yes
Session tickets Yes
OCSP stapling No
Strict Transport Security No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance 0x0304: 0x301, 0x0399: 0x301, 0x0499: fail
SSLv2 handshake compatibility Yes

Miscellaneous
Test date Sun Jun 30 02:55:16 UTC 2013
Test duration 40.310 seconds
HTTP status code 200
HTTP server signature Apache
Server hostname <hidden server="" name="">PCI compliant No
FIPS-ready No

so BEAST attack problem and PCI compliance would be still open (and optionally FIPS-ready support and OCSP stapling)…

For PCI compliance I found this patch:
http://www.sw-servers.net/how-to-pass-pci-tests-with-squid/

For OCSP stapling it seems still in testing phase:
http://wiki.squid-cache.org/Features/SslServerCertValidator

and FIPS need OpenSSL support / seems not sooo important...

Ah and I guess that TLS_v1.1 and TLS_v1.2 are supported in newer SQuiD versions, too?

Bests

Reiner</hidden>

dhatz

A month ago I posted about a related issue regarding pfSense's webGUI, but didn't get any response:

webGUI webserver will not protect a client from the BEAST attack

Also see https://bugzilla.redhat.com/show_bug.cgi?id=857051

marcelloc

I'll try to update the gui this week or when time permits ;)

stegfeld

hey there,

just added the two lines

$conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";

and

$conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";

and restarted squid, but ssllabs ssltest tells me

This server supports SSL 2, which is obsolete and insecure. Grade set to F.

any ideas??

AnthonyVDH

Thanks Reiner030, that improved my rating on ssllabs too. Were you able to get TLS 1.1 and 1.2 working with a reverse proxy package?

stegbth

Hi,

i upgraded (better reinstalled an restored backup) to 2.2.2.
This point still exists for package Squid3 (0.28).

I added

cipher=HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

And a new Sha256 certificate, but the reverseproxy still does not support FS

any ideas
Thomas

digdug3

@stegbth:

Hi,

i upgraded (better reinstalled an restored backup) to 2.2.2.
This point still exists for package Squid3 (0.28).

I added

cipher=HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

And a new Sha256 certificate, but the reverseproxy still does not support FS

any ideas
Thomas

Hi Thomas,

If you want FS on pfSense 64-Bit 2.2.2 with Squid3 v0.2.8 do this:

Login into pfsense secure shell
type:

cd /usr/pbi/squid-amd64/local/etc/squid
openssl dhparam -out dhparams.pem 2048

To create the DH pool

In the Webinterface go to Services –> Reverse Proxy
In "Reverse HTTPS default site" give:

www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

Or if you don't need older browsers to be able to access your site:

www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=AES128-EECDH:AES128-EDH dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

Of course replace "www.example.com" with your main domainname/certificate

Thanks to https://www.cipherli.st

I know Squid3 v0.2.8 cannot use EECDHE. A patch has already been posted at the Squid forum.
http://lists.squid-cache.org/pipermail/squid-users/2015-May/003726.html

default666

If you want FS on pfSense 64-Bit 2.2.2 with Squid3 v0.2.8 do this:

Login into pfsense secure shell
type:

cd /usr/pbi/squid-amd64/local/etc/squid
openssl dhparam -out dhparams.pem 2048

To create the DH pool

In the Webinterface go to Services –> Reverse Proxy
In "Reverse HTTPS default site" give:
www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

Or if you don't need older browsers to be able to access your site:
www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=AES128-EECDH:AES128-EDH dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

Of course replace "www.example.com" with your main domainname/certificate

Not working.  Qualys says: The server does not support Forward Secrecy with the reference browsers.

default666

the wrong line inserted, problem solved, used this string to get Qualys grade A with https://forum.pfsense.org/index.php?topic=82914.15:

some.domain.tld options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!AES256-GCM-SHA384:!AES128-GCM-SHA256:!AES256-SHA256:!AES128-SHA256:!AES256-SHA:!AES128-SHA:!DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

it's for squid 3 reverse proxy