SSL
***

DNS CAA
-------

DNS Certification Authority Authorization (CAA) [CAA]_ is an Internet security policy mechanism for domain name registrants to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. Registrants publish a "CAA" Domain Name System (DNS) resource record which compliant certificate authorities check for before issuing digital certificates. 

.. [CAA] https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization

Create a policy. A good starting point is using Certificate Transparency to see which CAs you're currently using.
To do so, use https://sslmate.com/caa/ : CAA Record Helper, Use "Auto-Generate Policy".

Publish the CAA DNS record and check it:

.. code-block:: console

  $ dig +short cgsecurity.org caa
  0 issue "letsencrypt.org"
  0 iodef "mailto:grenier@cgsecurity.org"

Apache
------

SSLCipherSuite
==============

You can use the `SSL Configuration Generator <https://ssl-config.mozilla.org/>`_

 * `AlmaLinux 8 <https://ssl-config.mozilla.org/#server=apache&version=2.4.37&config=modern&openssl=1.1.1k&guideline=5.7>`_
 * `AlmaLinux 9 <https://ssl-config.mozilla.org/#server=apache&version=2.4.62&config=modern&openssl=3.2.2&guideline=5.7>`_

Here are some configurations I am using.

.. code-block:: apacheconf

   SSLEngine on
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA
   SSLHonorCipherOrder     on




.. code-block:: apacheconf

  SSLEngine On
  SSLProtocol -all +TLSv1.2 +TLSv1.3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
  SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
  SSLHonorCipherOrder     off
  SSLCompression          off


HSTS
====

`HTTP Strict Transport Security (HSTS) <https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>`_ is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone.

.. code-block:: apacheconf

   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

.. warning::
  Do not use it with a self-signed certificate.


Apache: OCSP stapling
=====================

The `Online Certificate Status Protocol (OCSP) <https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol>`_ is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.[2] It was created as an alternative to certificate revocation lists (CRL).

LetsEncrypt is not using OCSP stapling anymore, so you have to disable it.

.. code-block:: apacheconf

  SSLUseStapling Off

OCSP stapling must be enabled domain by domain. Your Apache configuration may be similar to

.. code-block:: apacheconf

  SSLUseStapling          on
  SSLStaplingResponderTimeout 5
  SSLStaplingReturnResponderErrors off

Audit
-----

* `SSL Server Test <https://www.ssllabs.com/ssltest/analyze.html>`_ You should get an A+
* `sslscan <https://github.com/rbsec/sslscan/>`_, a Security assessment tool for SSL/TLS. Packaged with most Linux distribution.