Configure Options to secure SQuiD SSL connections (SQuiD 3.x)



  • Hi,

    if you test your reverse SQuiD proxy instance with https://www.ssllabs.com/ssltest/analyze.html you'll find out that it's insecure:

    Configuration
    
    Protocols
    TLS 1.2	 No
    TLS 1.1	 No
    TLS 1.0	 Yes
    SSL 3.0	Yes
    SSL 2.0   INSECURE	Yes
    
    Cipher Suites (sorted by strength; server has no preference)
    TLS_RC4_128_EXPORT40_WITH_MD5 (0x20080)   WEAK	40
    TLS_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080)   WEAK	40
    TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3)   WEAK	40
    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6)   WEAK	40
    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8)   WEAK	40
    TLS_DES_64_CBC_WITH_MD5 (0x60040)   WEAK	56
    TLS_RSA_WITH_DES_CBC_SHA (0x9)   WEAK	56
    TLS_RC4_128_WITH_MD5 (0x10080)	128
    TLS_RC2_128_CBC_WITH_MD5 (0x30080)	128
    TLS_RSA_WITH_RC4_128_MD5 (0x4)	128
    TLS_RSA_WITH_RC4_128_SHA (0x5)	128
    TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)	128
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)	128
    TLS_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)	168
    TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)	168
    TLS_RSA_WITH_AES_256_CBC_SHA (0x35)	256
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)	256
    
    Protocol Details
    Secure Renegotiation	Supported
    Secure Client-Initiated Renegotiation	Supported   DoS DANGER (more info)
    Insecure Client-Initated Renegotiation	No
    BEAST attack	Vulnerable   INSECURE (more info)
    Compression	No
    RC4	Yes   PROBLEMATIC (more info)
    Next Protocol Negotiation	No
    Session resumption	Yes
    Session tickets	Yes
    OCSP stapling	No
    Strict Transport Security	No
    Long handshake intolerance	No
    TLS extension intolerance	No
    TLS version intolerance	 0x0304: 0x301, 0x0399: 0x301, 0x0499: fail
    SSLv2 handshake compatibility	 Yes
    

    So I tried in "Proxy server: General settings", "General", Box "Custom Options" following lines as found e.g. in:
    http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-9-SSL-Reverse-PROXY-Insecure-Renegotiation-Supported-tp3043176p3043252.html :

    # SSL Options to 
    sslproxy_options NO_SSLv2
    sslproxy_cipher ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 
    

    But it won't work. Is there compile support needed or what can be done here? Should be a global problem/whish ;)

    Bests

    Reiner



  • Hi,

    seems that the sslproxy* options are only usable for CONNECT sessions.

    I tested it first with adding to my additional https_port line and then created following patch which works nice:

    --- /usr/local/pkg/squid_reverse.inc.orig       2013-06-17 22:14:28.000000000 +0200
    +++ /usr/local/pkg/squid_reverse.inc    2013-06-30 04:52:54.000000000 +0200
    @@ -82,7 +82,7 @@
                                    $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
                          //HTTPS
                          if (!empty($settings['reverse_https']))
    -                               $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
    +                               $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";
                            }
                    }
    
    @@ -94,7 +94,7 @@
                                    $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
                          //HTTPS
                          if (!empty($settings['reverse_https']))
    -                               $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
    +                               $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";
                            }
                    }
    

    Would nice if you /package mantainer can add it. Perhaps with additonal selectable options per GUI so people can deactivate it if they need it for older browswers?

    For SQuiD3 package on 2.0.3 I get now following testresult:

    Protocols
    TLS 1.2 No
    TLS 1.1 No
    TLS 1.0 Yes
    SSL 3.0 No
    SSL 2.0 No

    Cipher Suites (sorted by strength; the server has no preference)
    TLS_RSA_WITH_RC4_128_SHA (0x5) 128
    TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
    TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
    TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256

    Handshake Simulation (Experimental)
    Chrome 27 TLS 1.0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
    Firefox 21 TLS 1.0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
    Internet Explorer 9 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
    Internet Explorer 10 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
    Safari iOS 6.0.1 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
    Safari 5.1 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128

    Protocol Details
    Secure Renegotiation Supported
    Secure Client-Initiated Renegotiation Supported  DoS DANGER (more info)
    Insecure Client-Initated Renegotiation No
    BEAST attack Vulnerable  INSECURE (more info)
    Compression No
    RC4 Yes  PROBLEMATIC (more info)
    Forward Secrecy No (more info)
    Next Protocol Negotiation No
    Session resumption Yes
    Session tickets Yes
    OCSP stapling No
    Strict Transport Security No
    Long handshake intolerance No
    TLS extension intolerance No
    TLS version intolerance 0x0304: 0x301, 0x0399: 0x301, 0x0499: fail
    SSLv2 handshake compatibility Yes

    Miscellaneous
    Test date Sun Jun 30 02:55:16 UTC 2013
    Test duration 40.310 seconds
    HTTP status code 200
    HTTP server signature Apache
    Server hostname <hidden server="" name="">PCI compliant No
    FIPS-ready No

    so BEAST attack problem and PCI compliance would be still open (and optionally FIPS-ready support and OCSP stapling)…

    For PCI compliance I found this patch:
    http://www.sw-servers.net/how-to-pass-pci-tests-with-squid/

    For OCSP stapling it seems still in testing phase:
    http://wiki.squid-cache.org/Features/SslServerCertValidator

    and FIPS need OpenSSL support / seems not sooo important...

    Ah and I guess that TLS_v1.1 and TLS_v1.2 are supported in newer SQuiD versions, too?

    Bests

    Reiner</hidden>



  • A month ago I posted about a related issue regarding pfSense's webGUI, but didn't get any response:

    webGUI webserver will not protect a client from the BEAST attack

    Also see https://bugzilla.redhat.com/show_bug.cgi?id=857051



  • I'll try to update the gui this week or when time permits ;)



  • hey there,

    just added the two lines

    $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";
    

    and

    $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} cipher=RC4-SHA:HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE defaultsite={$https_defsite} vhost\n";
    

    and restarted squid, but ssllabs ssltest tells me

    This server supports SSL 2, which is obsolete and insecure. Grade set to F.

    any ideas??



  • Thanks Reiner030, that improved my rating on ssllabs too. Were you able to get TLS 1.1 and 1.2 working with a reverse proxy package?



  • Hi,

    i upgraded (better reinstalled an restored backup) to 2.2.2.
    This point still exists for package Squid3 (0.28).

    I added

    cipher=HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

    And a new Sha256 certificate, but the reverseproxy still does not support FS

    any ideas
    Thomas



  • @stegbth:

    Hi,

    i upgraded (better reinstalled an restored backup) to 2.2.2.
    This point still exists for package Squid3 (0.28).

    I added

    cipher=HIGH:!ADH options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

    And a new Sha256 certificate, but the reverseproxy still does not support FS

    any ideas
    Thomas

    Hi Thomas,

    If you want FS on pfSense 64-Bit 2.2.2 with Squid3 v0.2.8 do this:

    Login into pfsense secure shell
    type:

    
    cd /usr/pbi/squid-amd64/local/etc/squid
    openssl dhparam -out dhparams.pem 2048
    
    

    To create the DH pool

    In the Webinterface go to Services –> Reverse Proxy
    In "Reverse HTTPS default site" give:

    www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE
    

    Or if you don't need older browsers to be able to access your site:

    www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=AES128-EECDH:AES128-EDH dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE
    

    Of course replace "www.example.com" with your main domainname/certificate

    Thanks to https://www.cipherli.st

    I know Squid3 v0.2.8 cannot use EECDHE. A patch has already been posted at the Squid forum.
    http://lists.squid-cache.org/pipermail/squid-users/2015-May/003726.html



  • If you want FS on pfSense 64-Bit 2.2.2 with Squid3 v0.2.8 do this:

    Login into pfsense secure shell
    type:

    cd /usr/pbi/squid-amd64/local/etc/squid
    openssl dhparam -out dhparams.pem 2048

    To create the DH pool

    In the Webinterface go to Services –> Reverse Proxy
    In "Reverse HTTPS default site" give:
    www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

    Or if you don't need older browsers to be able to access your site:
    www.example.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=AES128-EECDH:AES128-EDH dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE

    Of course replace "www.example.com" with your main domainname/certificate

    Not working.  Qualys says: The server does not support Forward Secrecy with the reference browsers.



  • the wrong line inserted, problem solved, used this string to get Qualys grade A with https://forum.pfsense.org/index.php?topic=82914.15:

    some.domain.tld options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!AES256-GCM-SHA384:!AES128-GCM-SHA256:!AES256-SHA256:!AES128-SHA256:!AES256-SHA:!AES128-SHA:!DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE
    

    it's for squid 3 reverse proxy