1

Can someone point me in using the correct OpenSSL commands to use a certain cipher suite. For example DHE-RSA-AES256-GCM-SHA384 (I am not using ECDH suite because of supposed NSA backdoor controversy/issues). As I will be using this on an internal network I would stick to TLSv1.2 (will be using Firefox 39.0 portable).

  • key exchange = Diffie-Hellman Ephemeral
  • authentication = RSA
  • encryption = AESGCM(256)
  • Message authentication code = AEAD

(what above parts come into play in the openssl commands to generate key and cert)

  • Create own Root CA key and cert:

    • openssl genpkey -algorithm DH -out rootca.key ....
    • openssl req -x509 -new -SHA512 -nodes -key rootca.key -days 1826 -out rootca.crt

  • Create CSR.

    • openssl req -new -SHA512 -key server.key -nodes -out server.csr

  • Create FQDN key and cert with own Root CA. (created a DynDNS account to have it tested by Qualys SSL test)

    • openssl x509 -req -SHA512 -days 1826 -in server.csr -CA rootca.crt -CAkey rootca.key -CAcreateserial -out server.crt

part of /etc/nginx/nginx.conf:

ssl_protocols TLSv1.2;
ssl_ciphers "DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout  5m;

using:

  • OpenSSL 1.0.1k
  • Nginx 1.6.2
  • Debian 8.1
Vilican
  • 2,703
  • 8
  • 21
  • 35
Berten
  • 11
  • 3
  • Is this a duplicate of [Force a specific SSL cipher](http://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher), or are you specifically concerned with the server end of things? – gowenfawr Jul 30 '15 at 11:59
  • I suppose the cipher is supported by Firefox. But don't know how to check this. Yes want to know the correct openssl commands to generate key and cert to use the mentioned cipher suite. I know the piece of configuration to be correct. But I need the correct commands in openssl to have my cert and key meet the DHE-RSA-AES256-GCM-SHA384 suite. I hope it is clearer now. – Berten Jul 30 '15 at 12:16
  • The short question would be: what openssl command do I enter to get a cert and key for my website to meet the DHE-RSA-AES256-GCM-SHA384 cipher suite. – Berten Jul 30 '15 at 12:24

1 Answers1

2

I'm not sure to understand very well what you ask, but I will try to give you an answer.

First, Firefox is not compatible with AES256-GCM, only with AES128-GCM and with ECDHE key exchange. You can check this by browsing this page with it: https://www.ssllabs.com/ssltest/viewMyClient.html

If you want your configuration to work with Firefox, I suggest you to change your cipher suite to ECDHE_RSA_WITH_AES_128_GCM_SHA256 (or TLS_DHE_RSA_WITH_AES_256_CBC_SHA if you really don't like Elliptic Curves, but you don't use AES-GCM anymore).

About your OpenSSL commands, the option -SHA512 has no link with the SHA256 or SHA384 used in the cipher suite.

  • The first one (with OpenSSL) is used to define the signature algorithm you want to use for the certificate authentication mechanism (for key exchange, when a client connects).
  • The second and third one (in cipher suite) is used to ensure the integrity of the messages when client and server are talking to each-other.

EDIT didn't see the comments.

If you want a certificate to use these cipher suites, generate a basic RSA certificate using these commands and it should work.

openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt -sha256

The above commands will generate your own CA key and self signed certificate.

openssl genrsa -out webserver.key 4096
openssl req -new -key webserver.key -out webserver.csr -sha256
openssl x509 -req -days 730 -in webserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out webserver.crt -sha256

And this will generate your webserver certificate signed by your CA.

The last thing will be to generate a strong dhparameter if you use DHE (and not ECDHE):

openssl dhparam -outform PEM -out dhparam.pem 4096

Be careful, this is CPU intensive and it may take some time.

Jyo de Lys
  • 679
  • 3
  • 9
  • Thanks jyo. So the DHE in the cipher suite does not force me to use for example `openssl genpkey -algorithm DH` to generate rootca.key that signs the server cert? – Berten Jul 30 '15 at 13:58
  • No, it does not force you to use this command. You can use DHE with a RSA certificate, but remember to generate a strong DH parameter. – Jyo de Lys Jul 30 '15 at 14:02
  • I would like to know what part of the cipher suite has an influence on the commands needed to generate the key and cert. I would like to know why you use genrsa instead of ecparam or gendsa for example. Does this relate in some way to the cipher suite parts. Reading all those different tutorials on the web has gotten me confused. They use a certain command but never is explained to what part in the cipher suite this is related. – Berten Jul 30 '15 at 14:08
  • I hope I won't tell you something wrong. Basically you need a certificate for the Authentication part (RSA in the cipher suites we talked about). If you have wanted to use _ECDHE_ECDSA_... instead, you would have needed an ECDSA certificate. And if you have wanted to use _DHE_DSA_... you would have needed a DSA cert. – Jyo de Lys Jul 30 '15 at 14:23
  • @Berten DHE**-RSA** in the ciphersuite requires an RSA cert (and matching key), never any other kind, for the server. The **CA** cert&key can in principle be any signing algorithm (RSA, DSA or ECDSA) but it is conventional to use an RSA CA for RSA entity certs. @Jyo `dhparam largeN` is slow partly because OpenSSL defaults to "strong" primes that were years ago wrongly thought to be necessary; as long as you don't mind a large g, you can speed it up with `-dsaparam` see http://security.stackexchange.com/questions/95178/diffie-hellman-parameters-still-calculating-after-24-hours . – dave_thompson_085 Aug 19 '15 at 08:48