Learn about Centmin Mod LEMP Stack today
Register Now

SSL Nginx 1.11.0 introduces dual ECDSA + RSA SSL certificate support !

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, May 25, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    Nginx 1.11.0 has been released with dual ECDSA + RSA based ssl certificate support meaning nginx can support 2 separate types of ssl certificates - a ECC 256/384 bit ssl certificate or a RSA 2048/3072/4096 bit ssl certificate and automatically serve the most appropriate ssl certificate type to a specific web browser or client connecting to the server.

    Shortcut url link to this thread = https://community.centminmod.com/dualsslcerts

    Nginx 1.11.0 dual ECDSA + RSA SSL Certificate Setup



    Update: November 12, 2016 revisited latest update with Letsencrypt RSA + ECDSA SSL certs

    The setup is basically the same as installing a single ssl certificate, just you duplicate the ssl_certificate and ssl_certificate_key lines - one set for normal RSA based SSL certificate which is commonly used and the other set for the ECDSA based ssl certificate. You can see the old discussion of ECC/ECDSA vs RSA based ssl certificates where ECDSA has better performance than RSA but isn't compatible with certain older web browsers on older OSes like WinXP and IE/8 etc.

    Code (Text):
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme-ecc.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme-ecc.key;
    


    Nginx 1.11.0 dual ECDSA + RSA SSL Certificate Tests



    Tested on latest Centmin Mod 123.09beta01 LEMP stack with Nginx 1.11.0 and using staging test Letsencrypt RSA 2048bit and ECDSA 384bit SSL certificates manually issued and install :) Centmin Mod 123.09beta01's integration work for Letsencrypt is lagging behind and doesn't support dual ECDSA + RSA ssl certificates right now, so it has to be manually issues and installed. You'd be on your own in the steps for now as what I have done is not suited to production use as on renewal of the ssl certificates it will break down unless I also script it myself for custom renewal of both Letsencrypt ECDSA + RSA ssl certificates - something I may very well do so for Centmin Mod LEMP stack's future Letsencrypt integration work :) Unfortunately, no free time to do so for now.

    Confirming the dual ECDSA + RSA support is working in Nginx 1.11.0, using curl

    on CentOS 7.x curl 7.29 supports ECDSA ssl certificates so the connection is served via ECDSA based TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    Code (Text):
    curl -Iskv https://domain.com 2>&1 | egrep -A9 'SSL connection using '
    * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=domain.com
    *       start date: May 25 07:23:00 2016 GMT
    *       expire date: Aug 23 07:23:00 2016 GMT
    *       common name: domain.com
    *       issuer: CN=Fake LE Intermediate X1
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: domain.com
    

    on CentOS 6.x, curl 7.19 does not support ECDSA so usually for single ECDSA ssl based web site you will get errors trying to connect via curl 7.19 client tool and the error would look like this
    Code (Text):
    curl -Iskv https://domain.com                                  
    * About to connect() to domain.com port 443 (#0)
    *   Trying 111.222.333.444... connected
    * Connected to domain.com (111.222.333.444) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * warning: ignoring value of ssl.verifyhost
    * NSS error -12286
    * Closing connection #0
    * SSL connect error
    

    real world example of older curl client erroring out is with early wp-cron's connection to ECDSA discussed at Wordpress - wp-cron SSL connect error with Cloudflare SSL ECDSA | Centmin Mod Community Cloudflare free ssl certificates are ECDSA based as well which caused problems with older clients not able to connect to web sites behind Cloudflare's free ECDSA based SSL certificates.

    However, with Nginx 1.11.0 dual ECDSA + RSA ssl certificate support, curl 7.19 client now connects via the RSA ssl certificate setup in Nginx and works normally via RSA based TLS_RSA_WITH_AES_128_CBC_SHA connection :D I have to work on the ssl_cipher preference set though for optimal preferences
    Code (Text):
    curl -Iskv https://domain.com 2>&1 | egrep -A9 'SSL connection using '
    * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
    * Server certificate:
    *       subject: CN=domain.com
    *       start date: May 25 12:04:00 2016 GMT
    *       expire date: Aug 23 12:04:00 2016 GMT
    *       common name: domain.com
    *       issuer: CN=Fake LE Intermediate X1
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: domain.com
    


    SSLLABS Tests



    Using https://dev.ssllabs.com/ssltest/index.html to test browser and clients to see which ssl certificate configuration they connect to depending on what they support :)

    As you can see both ECDSA and RSA based connections are detected and supported in the Nginx 1.11.0 based configuration :D

    dev-ssllabs-250516-00.png

    dev-ssllabs-250516-01.png
     
    Last edited: Nov 12, 2016
    • Like Like x 1
    • Winner Winner x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    Did some cipherscan and testssl tests where these tools are compiled against OpenSSL 1.0.2i with chacha20_poly1305 patches so they support both ECDSA and chacha20 and hence why both tests see ECDSA priority first as the clients support it via OpenSSL 1.0.2i

    cipherscan run



    Code (Text):
    cipherscan https://domain.com           
    ..........................................................................................................................................
    Target: domain.com:443
    
    prio  ciphersuite                    protocols              pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  pfs                 curves                                                                                                                                                curves_ordering
    1     ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2                384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    2     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    3     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    4     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    5     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    6     ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    7     ECDHE-RSA-AES128-SHA256        TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    8     ECDHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    9     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    10    AES128-GCM-SHA256              TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        None                None                                                                                                                                                  server
    11    AES128-SHA256                  TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        None                None                                                                                                                                                  server
    12    AES128-SHA                     TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  False    3600         False        None                None                                                                                                                                                  server
    13    ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    14    ECDHE-RSA-AES256-SHA384        TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    15    ECDHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    16    ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  384          sha256WithRSAEncryption  False    3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1                                                                                        server
    17    AES256-GCM-SHA384              TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        None                None                                                                                                                                                  server
    18    AES256-SHA256                  TLSv1.2                2048         sha256WithRSAEncryption  False    3600         False        None                None                                                                                                                                                  server
    19    AES256-SHA                     TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  False    3600         False        None                None                                                                                                                                                  server
    
    OCSP stapling: not supported
    Cipher ordering: server
    Curves ordering: server - fallback: no
    Server supports secure renegotiation
    Server supported compression methods: NONE
    TLS Tolerance: yes


    testssl run



    Code (Text):
    ###########################################################
        testssl       2.7dev from https://testssl.sh/dev/
        (1.481 2016/04/21 16:44:56)
    
          This program is free software. Distribution and
                 modification under GPLv2 permitted.
          USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
    
           Please file bugs @ https://testssl.sh/bugs/
    
    ###########################################################
    
    Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
    on 39b087a3fc3c:/usr/local/http2-15/bin/openssl
    (built: "reproducible build, date unspecified", platform: "linux-x86_64")
    
    
    Start 2016-05-25 18:42:59    -->> 111.222.333.444:443 (domain.com) <<--
    
    rDNS (111.222.333.444): domain.com.
    Service detected:       HTTP
    
    
    Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)
    
    SSLv2      not offered (OK)
    SSLv3      not offered (OK)
    TLS 1      offered
    TLS 1.1    offered
    TLS 1.2    offered (OK)
    SPDY/NPN   h2, http/1.1 (advertised)
    HTTP2/ALPN h2, http/1.1 (offered)
    
    Testing ~standard cipher lists
    
    Null Ciphers                 not offered (OK)
    Anonymous NULL Ciphers       not offered (OK)
    Anonymous DH Ciphers         not offered (OK)
    40 Bit encryption            not offered (OK)
    56 Bit encryption            not offered (OK)
    Export Ciphers (general)     not offered (OK)
    Low (<=64 Bit)               not offered (OK)
    DES Ciphers                  not offered (OK)
    Medium grade encryption      not offered (OK)
    Triple DES Ciphers           not offered (OK)
    High grade encryption        offered (OK)
    
    
    Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here
    
    PFS is offered (OK)  ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
    
    
    Testing server preferences
    
    Has server cipher order?     yes (OK)
    Negotiated protocol          TLSv1.2
    Negotiated cipher            ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH
    Cipher order
         TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA AES256-SHA
         TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA AES256-SHA
         TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA
         h2:        ECDHE-ECDSA-CHACHA20-POLY1305 AES128-GCM-SHA256 AES128-SHA256 AES128-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA
         http/1.1:  ECDHE-ECDSA-CHACHA20-POLY1305 AES128-GCM-SHA256 AES128-SHA256 AES128-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA
    
    
    Testing server defaults (Server Hello)
    
    TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172"
    Session Tickets RFC 5077     3600 seconds (PFS requires session ticket keys to be rotated <= daily)
    SSL Session ID support       yes
    TLS clock skew               random values, no fingerprinting possible
    
      Server Certificate #1
       Signature Algorithm          SHA256 with RSA
       Server key size              2048 bits
       Fingerprint / Serial         SHA1 BA7B59F1B2A34AE6807E542CD378855B33507589 / FA5088EC79B17582FCF656D6736D8032EB9B
                                    SHA256 300936D1BE03E4FF5EA2DE7267C6A0FBEF9F52BAD47A50EDBA1724ECE857E90F
       Common Name (CN)             "domain.com" (works w/o SNI)
       subjectAltName (SAN)         "domain.com"
       Issuer                       "Fake LE Intermediate X1" ("")
       EV cert (experimental)       no
       Certificate Expiration       89 >= 60 days (2016-05-25 12:04 --> 2016-08-23 12:04 +0000)
       # of certificates provided   2
       Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
       Certificate Revocation List  --
       OCSP URI                     http://ocsp.stg-int-x1.letsencrypt.org/
       OCSP stapling                --
    
      Server Certificate #2
       Signature Algorithm          SHA256 with RSA
       Server key size              384 bits
       Fingerprint / Serial         SHA1 4B3B88028E326B18F3DC43107D6A2F1BB9FB880C / FA3B16C798FD2B69AB155906F1548786B1CA
                                    SHA256 A26DFC601BF6308512D199411FB857EAAE9E70DAFF61F1DC17BD234D031A9917
       Common Name (CN)             "domain.com" (works w/o SNI)
       subjectAltName (SAN)         "domain.com"
       Issuer                       "Fake LE Intermediate X1" ("")
       EV cert (experimental)       no
       Certificate Expiration       89 >= 60 days (2016-05-25 12:04 --> 2016-08-23 12:04 +0000)
       # of certificates provided   2
       Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
       Certificate Revocation List  --
       OCSP URI                     http://ocsp.stg-int-x1.letsencrypt.org/
       OCSP stapling                --
    
    
    Testing HTTP header response @ "/"
    
    HTTP Status Code             200 OK
    HTTP clock skew              0 sec from localtime
    Strict Transport Security    --
    Public Key Pinning           --
    Server banner                nginx centminmod
    Application banner           X-Powered-By: centminmod
    Cookie(s)                    (none issued at "/")
    Security headers             --
    Reverse Proxy banner         --
    
    
    Testing vulnerabilities
    
    Heartbleed (CVE-2014-0160)                not vulnerable (OK)
    CCS (CVE-2014-0224)                       not vulnerable (OK)
    Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
    Secure Client-Initiated Renegotiation     not vulnerable (OK)
    CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
    BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
    POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
    TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
    FREAK (CVE-2015-0204)                     not vulnerable (OK)
    DROWN (2016-0800, CVE-2016-0703), exper.  not vulnerable on this port (OK)
                                               make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                               https://censys.io/ipv4?q=A26DFC601BF6308512D199411FB857EAAE9E70DAFF61F1DC17BD234D031A9917 SHA256 300936D1BE03E4FF5EA2DE7267C6A0FBEF9F52BAD47A50EDBA1724ECE857E90F could help you to find out
    LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
    BEAST (CVE-2011-3389)                     TLS1: AES128-SHA AES256-SHA
                                                     ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA
                                                     ECDHE-RSA-AES256-SHA
                                               VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
    RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
    
    
    Testing all 183 locally available ciphers against the server, ordered by encryption strength
    
    Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
    -------------------------------------------------------------------------
    xcc14   ECDHE-ECDSA-CHACHA20-POLY1305  ECDH 256   ChaCha20   256       
    xcc13   ECDHE-RSA-CHACHA20-POLY1305    ECDH 256   ChaCha20   256       
    xc030   ECDHE-RSA-AES256-GCM-SHA384    ECDH 256   AESGCM     256       
    xc02c   ECDHE-ECDSA-AES256-GCM-SHA384  ECDH 256   AESGCM     256       
    xc028   ECDHE-RSA-AES256-SHA384        ECDH 256   AES        256       
    xc024   ECDHE-ECDSA-AES256-SHA384      ECDH 256   AES        256       
    xc014   ECDHE-RSA-AES256-SHA           ECDH 256   AES        256       
    xc00a   ECDHE-ECDSA-AES256-SHA         ECDH 256   AES        256       
    x9d     AES256-GCM-SHA384              RSA        AESGCM     256       
    x3d     AES256-SHA256                  RSA        AES        256       
    x35     AES256-SHA                     RSA        AES        256       
    xc02f   ECDHE-RSA-AES128-GCM-SHA256    ECDH 256   AESGCM     128       
    xc02b   ECDHE-ECDSA-AES128-GCM-SHA256  ECDH 256   AESGCM     128       
    xc027   ECDHE-RSA-AES128-SHA256        ECDH 256   AES        128       
    xc023   ECDHE-ECDSA-AES128-SHA256      ECDH 256   AES        128       
    xc013   ECDHE-RSA-AES128-SHA           ECDH 256   AES        128       
    xc009   ECDHE-ECDSA-AES128-SHA         ECDH 256   AES        128       
    x9c     AES128-GCM-SHA256              RSA        AESGCM     128       
    x3c     AES128-SHA256                  RSA        AES        128       
    x2f     AES128-SHA                     RSA        AES        128       
    


    Of interest is the browser and client simulated connections showing both RSA and ECDSA usage :D
    Code (Text):
    Running browser simulations (experimental)
    
    Android 2.3.7                 TLSv1 AES128-SHA
    Android 4.0.4                 TLSv1 ECDHE-RSA-AES128-SHA
    Android 4.1.1                 TLSv1 ECDHE-RSA-AES128-SHA
    Android 4.2.2                 TLSv1 ECDHE-RSA-AES128-SHA
    Android 4.3                   TLSv1.0 ECDHE-RSA-AES128-SHA
    Android 4.4.2                 TLSv1.1 ECDHE-RSA-AES128-SHA
    Android 5.0.0                 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
    Baidu Jan 2015                TLSv1 ECDHE-RSA-AES128-SHA
    BingPreview Jan 2015          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Chrome 47 / OSX               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    Firefox 42 / OSX              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    GoogleBot Feb 2015            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    IE6 / XP                      No connection
    IE7 / Vista                   TLSv1.0 ECDHE-RSA-AES128-SHA
    IE8 / XP                      No connection
    IE8-10 / Win7                 TLSv1.0 ECDHE-RSA-AES128-SHA
    IE11 / Win7                   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE11 / Win8.1                 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE10 / Win Phone 8.0          TLSv1.0 ECDHE-RSA-AES128-SHA
    IE11 / Win Phone 8.1          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE11 / Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE11 / Win10                  TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Edge 13 / Win10               TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Edge 12 / Win Phone 10        TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Java 6u45                     TLSv1 AES128-SHA
    Java 7u25                     TLSv1 ECDHE-RSA-AES128-SHA
    Java 8u31                     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    OpenSSL 0.9.8y                TLSv1 AES128-SHA
    OpenSSL 1.0.1l                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    OpenSSL 1.0.2e                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Safari 5.1.9/ OSX 10.6.8      TLSv1 ECDHE-RSA-AES128-SHA
    Safari 6 / iOS 6.0.1          TLSv1.2 ECDHE-ECDSA-AES256-SHA384
    Safari 6.0.4/ OS X 10.8.4     TLSv1 ECDHE-RSA-AES128-SHA
    Safari 7 / iOS 7.1            TLSv1.2 ECDHE-ECDSA-AES256-SHA384
    Safari 7 / OS X 10.9          TLSv1.2 ECDHE-ECDSA-AES256-SHA384
    Safari 8 / iOS 8.4            TLSv1.2 ECDHE-ECDSA-AES256-SHA384
    Safari 8 / OS X 10.10         TLSv1.2 ECDHE-ECDSA-AES256-SHA384
    Safari 9 / iOS 9              TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Safari 9 / OS X 10.11         TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     
    Last edited: May 26, 2016
    • Informative Informative x 1
  3. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    Confirmed that only OpenSSL 1.0.2+ support dual ECDSA + RSA certificates as LibreSSL doesn't support it Re: Multi certificate support returns Letsencrypt Intermediate Certificate twice
    So if you want to use dual SSL certs with Centmin Mod Nginx 1.11 branch, you need to switch back from LibreSSL to OpenSSL 1.0.2 branch via setting /etc/centminmod/custom_config.inc with variable
    Code (Text):
    LIBRESSL_SWITCH='n'
    

    then run centmin.sh menu option 4 to recompile Nginx :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    Setup dual ECDSA + RSA SSL certificate support for official centminmod.com site over HTTP/2 SSL for testing. Thought I'd just use a StartSSL 1yr DV SANs certs for ECDSA for now :)

    setting /etc/centminmod/custom_config.inc with variable and running centmin.sh menu option 4 to recompile nginx 1.11.1 with OpenSSL 1.0.2h
    Code (Text):
    LIBRESSL_SWITCH='n'
    

    cipherscan output
    Code (Text):
    cipherscan https://centminmod.com     
    ....................................................................................
    Target: centminmod.com:443
    
    prio  ciphersuite                    protocols              pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  pfs                 curves                                                                                                                                                curves_ordering
    1     ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2                256          sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1                                                                                                                                            server
    2     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                256          sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1                                                                                                                                            server
    3     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                256          sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1                                                                                                                                            server
    4     ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2                2048         sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    5     ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2                2048         sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    6     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                256          sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1                                                                                                                                            server
    7     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                256          sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1                                                                                                                                            server
    8     ECDHE-RSA-AES256-SHA384        TLSv1.2                2048         sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    9     ECDHE-RSA-AES128-SHA256        TLSv1.2                2048         sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    10    ECDHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1  server
    11    ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  256          sha256WithRSAEncryption  True     3600         False        ECDH,P-256,256bits  prime256v1                                                                                                                                            server
    
    OCSP stapling: not supported
    Cipher ordering: server
    Curves ordering: server - fallback: no
    Server supports secure renegotiation
    Server supported compression methods: NONE
    TLS Tolerance: yes
    
    

    ssllabs

    ssllabs-centminmod-dualcerts-00-revised.png

    ssllabs-centminmod-dualcerts-01-revised.png

    Chrome

    chrome-canary-00.png

    testssl run

    Code (Text):
    testlssl https://centminmod.com
    
     Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2) 
    
     SSLv2      not offered (OK)
     SSLv3      not offered (OK)
     TLS 1      offered
     TLS 1.1    offered
     TLS 1.2    offered (OK)
     SPDY/NPN   h2, http/1.1 (advertised)
     HTTP2/ALPN h2, http/1.1 (offered)
    
     Testing ~standard cipher lists 
    
     Null Ciphers                 not offered (OK)
     Anonymous NULL Ciphers       not offered (OK)
     Anonymous DH Ciphers         not offered (OK)
     40 Bit encryption            not offered (OK)
     56 Bit encryption            not offered (OK)
     Export Ciphers (general)     not offered (OK)
     Low (<=64 Bit)               not offered (OK)
     DES Ciphers                  not offered (OK)
     Medium grade encryption      not offered (OK)
     Triple DES Ciphers           not offered (OK)
     High grade encryption        offered (OK)
    
    
     Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here 
    
     PFS is offered (OK)  ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA 
    
    
     Testing server preferences 
    
     Has server cipher order?     yes (OK)
     Negotiated protocol          TLSv1.2
     Negotiated cipher            ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH
     Cipher order
        TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        h2:        ECDHE-ECDSA-CHACHA20-POLY1305 
        http/1.1:  ECDHE-ECDSA-CHACHA20-POLY1305 
    
    
     Testing server defaults (Server Hello) 
    
     TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172"
     Session Tickets RFC 5077     3600 seconds (PFS requires session ticket keys to be rotated <= daily)
     SSL Session ID support       yes
     TLS clock skew               random values, no fingerprinting possible 
    
      Server Certificate #1
       Signature Algorithm          SHA256 with RSA
       Server key size              RSA 2048 bits
       Fingerprint / Serial         SHA1 8CCB5CAA6066F2321A6FE8ED37920B7687CFBE39 / 623CBC1C62FD9C08BD83C9F033B009C8
                                    SHA256 F9B041F7F6ACB1503FB68592B7F0B972D47683402DA2A5D30BAFCF9B70405E88
       Common Name (CN)             "*.centminmod.com" (wildcard certificate match) (works w/o SNI)
       subjectAltName (SAN)         "*.centminmod.com" "centminmod.com" 
       Issuer                       "COMODO RSA Domain Validation Secure Server CA" ("COMODO CA Limited" from "GB")
       EV cert (experimental)       no 
       Certificate Expiration       424 >= 60 days (2014-08-14 00:00 --> 2017-08-13 23:59 +0000)
       # of certificates provided   3
       Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
       Certificate Revocation List  http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
       OCSP URI                     http://ocsp.comodoca.com
       OCSP stapling                --
    
      Server Certificate #2
       Signature Algorithm          SHA256 with RSA
       Server key size              ECDSA 256 bits
       Fingerprint / Serial         SHA1 87AAA994F0DF040F2C4C37BBC8D595B4028B5A52 / 621E1C4A30678DA14EE76A441846173E
                                    SHA256 37409279195B99CFD4DFBB06337D8AB228D3075D8FD0DBEAEAB446ED2BE44055
       Common Name (CN)             "centminmod.com" (works w/o SNI)
       subjectAltName (SAN)         "centminmod.com" "www.centminmod.com" "centminmod.net" "centmin.sh" "centmin.com" 
       Issuer                       "StartCom Class 1 DV Server CA" ("StartCom Ltd." from "IL")
       EV cert (experimental)       no 
       Certificate Expiration       364 >= 60 days (2016-06-15 10:10 --> 2017-06-15 10:10 +0000)
       # of certificates provided   2
       Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
       Certificate Revocation List  http://crl.startssl.com/sca-server1.crl
       OCSP URI                     http://ocsp.startssl.com
       OCSP stapling                --
    
    
     Testing HTTP header response @ "/" 
    
     HTTP Status Code             200 OK
     HTTP clock skew              0 sec from localtime
     Strict Transport Security    --
     Public Key Pinning           --
     Server banner                nginx centminmod
     Application banner           X-Powered-By: centminmod
     Cookie(s)                    (none issued at "/")
     Security headers             X-Frame-Options: SAMEORIGIN
                                  X-Xss-Protection: 1; mode=block
                                  X-Content-Type-Options: nosniff
     Reverse Proxy banner         --
    
    
     Testing vulnerabilities 
    
     Heartbleed (CVE-2014-0160)                not vulnerable (OK)
     CCS (CVE-2014-0224)                       not vulnerable (OK)
     Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
     Secure Client-Initiated Renegotiation     not vulnerable (OK)
     CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
     BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
                                               Can be ignored for static pages or if no secrets in the page
     POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
     TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
     FREAK (CVE-2015-0204)                     not vulnerable (OK)
     DROWN (2016-0800, CVE-2016-0703), exper.  not vulnerable on this port (OK)
                                               make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                               https://censys.io/ipv4?q=37409279195B99CFD4DFBB06337D8AB228D3075D8FD0DBEAEAB446ED2BE44055 SHA256 F9B041F7F6ACB1503FB68592B7F0B972D47683402DA2A5D30BAFCF9B70405E88 could help you to find out
     LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
     BEAST (CVE-2011-3389)                     TLS1: ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA
                                               VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
     RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
    
    
     Testing all 183 locally available ciphers against the server, ordered by encryption strength 
    
    Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
    -------------------------------------------------------------------------
     xcc14   ECDHE-ECDSA-CHACHA20-POLY1305  ECDH 256   ChaCha20   256          
     xcc13   ECDHE-RSA-CHACHA20-POLY1305    ECDH 256   ChaCha20   256          
     xc030   ECDHE-RSA-AES256-GCM-SHA384    ECDH 256   AESGCM     256          
     xc02c   ECDHE-ECDSA-AES256-GCM-SHA384  ECDH 256   AESGCM     256          
     xc028   ECDHE-RSA-AES256-SHA384        ECDH 256   AES        256          
     xc024   ECDHE-ECDSA-AES256-SHA384      ECDH 256   AES        256          
     xc02f   ECDHE-RSA-AES128-GCM-SHA256    ECDH 256   AESGCM     128          
     xc02b   ECDHE-ECDSA-AES128-GCM-SHA256  ECDH 256   AESGCM     128          
     xc027   ECDHE-RSA-AES128-SHA256        ECDH 256   AES        128          
     xc023   ECDHE-ECDSA-AES128-SHA256      ECDH 256   AES        128          
     xc013   ECDHE-RSA-AES128-SHA           ECDH 256   AES        128          
     xc009   ECDHE-ECDSA-AES128-SHA         ECDH 256   AES        128          
    
    
     Running browser simulations (experimental) 
    
     Android 2.3.7                 No connection
     Android 4.0.4                 TLSv1 ECDHE-RSA-AES128-SHA
     Android 4.1.1                 TLSv1 ECDHE-RSA-AES128-SHA
     Android 4.2.2                 TLSv1 ECDHE-RSA-AES128-SHA
     Android 4.3                   TLSv1.0 ECDHE-RSA-AES128-SHA
     Android 4.4.2                 TLSv1.1 ECDHE-RSA-AES128-SHA
     Android 5.0.0                 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
     Baidu Jan 2015                TLSv1 ECDHE-RSA-AES128-SHA
     BingPreview Jan 2015          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Chrome 47 / OSX               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     Firefox 42 / OSX              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     GoogleBot Feb 2015            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     IE6 / XP                      No connection
     IE7 / Vista                   TLSv1.0 ECDHE-RSA-AES128-SHA
     IE8 / XP                      No connection
     IE8-10 / Win7                 TLSv1.0 ECDHE-RSA-AES128-SHA
     IE11 / Win7                   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE11 / Win8.1                 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE10 / Win Phone 8.0          TLSv1.0 ECDHE-RSA-AES128-SHA
     IE11 / Win Phone 8.1          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE11 / Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE11 / Win10                  TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Edge 13 / Win10               TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Edge 12 / Win Phone 10        TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Java 6u45                     No connection
     Java 7u25                     TLSv1 ECDHE-RSA-AES128-SHA
     Java 8u31                     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     OpenSSL 0.9.8y                No connection
     OpenSSL 1.0.1l                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     OpenSSL 1.0.2e                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Safari 5.1.9/ OSX 10.6.8      TLSv1 ECDHE-RSA-AES128-SHA
     Safari 6 / iOS 6.0.1          TLSv1.2 ECDHE-ECDSA-AES256-SHA384
     Safari 6.0.4/ OS X 10.8.4     TLSv1 ECDHE-RSA-AES128-SHA
     Safari 7 / iOS 7.1            TLSv1.2 ECDHE-ECDSA-AES256-SHA384
     Safari 7 / OS X 10.9          TLSv1.2 ECDHE-ECDSA-AES256-SHA384
     Safari 8 / iOS 8.4            TLSv1.2 ECDHE-ECDSA-AES256-SHA384
     Safari 8 / OS X 10.10         TLSv1.2 ECDHE-ECDSA-AES256-SHA384
     Safari 9 / iOS 9              TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Safari 9 / OS X 10.11         TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    
     
    Last edited: Jun 16, 2016
  5. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    Sweet bug fix coming for dual certs Re: Multi Certificate Support with OCSP not working right

     
  6. bassie

    bassie Active Member

    572
    124
    43
    Apr 29, 2016
    Ratings:
    +376
    Local Time:
    1:18 AM
  7. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    It's a patch posted on forum/mailing list not in git :)
     
  8. bassie

    bassie Active Member

    572
    124
    43
    Apr 29, 2016
    Ratings:
    +376
    Local Time:
    1:18 AM
    Can you confirm that this patch fixes the problem below;
    ?
     
  9. bassie

    bassie Active Member

    572
    124
    43
    Apr 29, 2016
    Ratings:
    +376
    Local Time:
    1:18 AM
    Bump this topic :) to come to the attention
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    haven't tried it yet though user in that post linked reports it works. Nginx 1.11.4 is due in less than 4 days so waiting for that first :)
     
  11. bassie

    bassie Active Member

    572
    124
    43
    Apr 29, 2016
    Ratings:
    +376
    Local Time:
    1:18 AM
    What do you think of Nginx 1.11/1.12 in general?
    Useless release if you ask me.

    Dual Certificate (RSA and ECC) support is the only interesting thing,
    an extremely small feature and already ready for a long time.
    It is clear to me that the Nginx team is stretching time. all the focus goes to plus.

    Features as HTTP/2 push, which seem difficult to implement,
    Nginx have not yet been started with, as they already should have started a long ago with this.
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    not useless if the fixes and features added to 1.11 mainline are useful to you - just look at all the stream related improvements for HTTP/2 and TCP based load balancing nginx: log - i like :)

    Ah reminds me need to start looking at adding all these new stream nginx modules ports from 1.11.4 into Centmin Mod 123.09beta01 :)

     
  13. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
  14. bassie

    bassie Active Member

    572
    124
    43
    Apr 29, 2016
    Ratings:
    +376
    Local Time:
    1:18 AM
    Patch is merged into Nginx source.
    Edit. double post :)
     
    • Like Like x 1
  15. eva2000

    eva2000 Administrator Staff Member

    30,968
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    10:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    Revisiting dual RSA+ECDSA SSL certificate support in Nginx 1.11 branch.

    Fresh test subdomain.domain.com. Ensure subdomain.domain.com DNS A record has updated to point to server IP address and that you have recompiled or compiled Nginx with OpenSSL instead of LibreSSL, via LIBRESSL_SWITCH='n' set in /etc/centminmod/custom_config.inc and centmin.sh menu option 4 to recompile Nginx 1.11.5 or higher.

    step 1. enable letsencrypt addons/acmetool.sh integration support in centmin mod 123.09beta01 via persistent config file variable LETSENCRYPT_DETECT='y' set in /etc/centminmod/custom_config.inc

    step 2. Use centmin mod 123.09beta01 centmin.sh menu option 2 to set up Letsencrypt RSA 2048bit SSL certificate with either option 3 or 4

    Code (Text):
    Do you want to continue [y/n]: y
    
    ------------------------------------------------
    You have 4 options:
    ------------------------------------------------
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 3
    


    step 3. Next is to manually obtain the 2nd Letsencrypt ECC 256bit ECDSA SSL certificate via addons/acmetool.sh manual mode which is 100% manual step instruction guide to use underlying acme.sh 3rd party Letsencrypt client installed by addons/acmetool.sh.

    Code (Text):
    /usr/local/src/centminmod/addons/acmetool.sh acmeupdate
    /usr/local/src/centminmod/addons/acmetool.sh manual
    


    The manual mode will give you instructions using subdomain.domain.com as example domain which you need to change all instances to yoursubdomain.domain.com. If using subdomain remove all instances of -d www.domain.com mentioned in manual instructions.

    To get Letsencrypt ECC 256bit ECDSA SSL certificate via acme.sh commands

    Code (Text):
    /root/.acme.sh/acme.sh --force --issue -d subdomain.domain.com -w /home/nginx/domains/subdomain.domain.com/public -k ec-256 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-121116-123310.log --log-level 2
    

    At end of run you should get SSL cert output like
    Code (Text):
    [Sat Nov 12 12:35:00 UTC 2016] Your cert is in  /root/.acme.sh/subdomain.domain.com_ecc/subdomain.domain.com.cer
    [Sat Nov 12 12:35:00 UTC 2016] Your cert key is in  /root/.acme.sh/subdomain.domain.com_ecc/subdomain.domain.com.key
    [Sat Nov 12 12:35:01 UTC 2016] The intermediate CA cert is in  /root/.acme.sh/subdomain.domain.com_ecc/ca.cer
    [Sat Nov 12 12:35:01 UTC 2016] And the full chain certs is there:  /root/.acme.sh/subdomain.domain.com_ecc/fullchain.cer
    

    To install the SSL cert to /usr/local/nginx/conf/ssl/subdomain.domain.com/
    Code (Text):
    /root/.acme.sh/acme.sh --installcert -d subdomain.domain.com --certpath /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer --keypath /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.key --capath /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-fullchain-acme-ecc.key --ecc
    

    So you'll end up with ssl cert files for ECC like
    Code (Text):
    ssl_certificate      /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer;
    ssl_certificate_key  /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.key;
    ssl_trusted_certificate /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer;
    


    step 4. Create a new concatenated file called /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-dualcert-rsa-ecc.cer which concatenates both the existing ssl_trusted_certificate created via centmin.sh menu option 2 and the one created manually for ECC 256 bit ECDSA certs
    Code (Text):
    cat /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme.cer /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer > /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-dualcert-rsa-ecc.cer
    


    step 5. edit include file called /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com.crt.key.conf which is contained in Nginx ssl vhost at /usr/local/nginx/conf/conf.d/subdomain.domain.com.ssl.conf

    edit /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com.crt.key.conf to look like below, where first set of 4 files are created by centmin.sh menu option 2 and the last 4 files are manually created ones for ECC 256bit ECDSA SSL certificate
    Code (Text):
      ssl_dhparam /usr/local/nginx/conf/ssl/subdomain.domain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme.key;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme.cer;
    
      ssl_certificate      /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.key;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-acme-ecc.cer;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/subdomain.domain.com/subdomain.domain.com-dualcert-rsa-ecc.cer;
    


    testssl check shows working correctly as browser simulations show some responding with ECDHE-RSA* or ECDHE-ECDSA* ssl ciphers for corresponding RSA 2048bit or ECC 256bit ECDSA ssl certificates or use ssllabs online test at SSL Server Test (Powered by Qualys SSL Labs)
    Code (Text):
    testssl subdomain.domain.com
    
    No mapping file found
    
    ###########################################################
        testssl       2.8rc2 from https://testssl.sh/dev/
        (1.559 2016/10/15 20:55:22)
    
          This program is free software. Distribution and
                 modification under GPLv2 permitted.
          USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
    
           Please file bugs @ https://testssl.sh/bugs/
    
    ###########################################################
    
     Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)
    
     SSLv2               not offered (OK)
     SSLv3               not offered (OK)
     TLS 1               offered
     TLS 1.1             offered
     TLS 1.2             offered (OK)
     Version tolerance   downgraded to TLSv1.2 (OK)
     SPDY/NPN            h2, http/1.1 (advertised)
     HTTP2/ALPN          h2, http/1.1 (offered)
    
     Testing ~standard cipher lists
    
     Null Ciphers                 not offered (OK)
     Anonymous NULL Ciphers       not offered (OK)
     Anonymous DH Ciphers         not offered (OK)
     40 Bit encryption            not offered (OK)
     56 Bit encryption            not offered (OK)
     Export Ciphers (general)     not offered (OK)
     Low (<=64 Bit)               not offered (OK)
     DES Ciphers                  not offered (OK)
     "Medium" grade encryption    not offered (OK)
     Triple DES Ciphers           not offered (OK)
     High grade encryption        offered (OK)
    
    
     Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here
    
     PFS is offered (OK)          ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384
     Elliptic curves offered:     sect571r1 sect571k1 sect409k1 sect409r1 sect283k1 sect283r1 prime256v1 secp521r1 brainpoolP512r1 brainpoolP384r1 secp384r1 brainpoolP256r1 secp256k1
    

    Code (Text):
     Testing server preferences
    
     Has server cipher order?     yes (OK)
     Negotiated protocol          TLSv1.2
     Negotiated cipher            ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH
     Cipher order
        TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        TLSv1.2:   ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        h2:        ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
        http/1.1:  ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA
    

    Code (Text):
     Testing server defaults (Server Hello)
    
     TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "application layer protocol negotiation/#16" "status request/#5" "next protocol/#13172"
     Session Tickets RFC 5077     3600 seconds (PFS requires session ticket keys to be rotated <= daily)
     SSL Session ID support       yes
     TLS clock skew               random values, no fingerprinting possible
    
      Server Certificate #1
       Signature Algorithm          SHA256 with RSA
       Server key size              RSA 2048 bits
       Fingerprint / Serial         SHA1 FFAAAEE9777D29D2CE2A77DDE279C8150B2780C / 038BB21AAAAA19F05EE130B27279F37
                                    SHA256 8B72AAA01DD20F2D4A4CEA119E8C0BE5DA525FED13BE16D6E0606E693E8C3
       Common Name (CN)             "subdomain.domain.com" (CN in response to request w/o SNI: "subdomain.domain.com")
       subjectAltName (SAN)         "subdomain.domain.com"
       Issuer                       "Let's Encrypt Authority X3" ("Let's Encrypt" from "US")
       Trust (hostname)             Ok via SAN and CN (SNI mandatory)
       Chain of trust               "/usr/bin/etc/*.pem" cannot be found / not readable
       EV cert (experimental)       no
       Certificate Expiration       89 >= 30 days (2016-11-12 11:31 --> 2017-02-10 11:31 +0000)
       # of certificates provided   2
       Certificate Revocation List  --
       OCSP URI                     http://ocsp.int-x3.letsencrypt.org/
       OCSP stapling                offered
    
      Server Certificate #2
       Signature Algorithm          SHA256 with RSA
       Server key size              ECDSA 256 bits
       Fingerprint / Serial         SHA1 D71BF249D558EAAAA32AB72DB94299C32F221 / 03B2315AAAAA5C760F8CD2A706
                                    SHA256 6F9A2E84A3AAAAAC9A681337FDB3329224C3865124CFAE3449
       Common Name (CN)             "subdomain.domain.com" (CN in response to request w/o SNI: "subdomain.domain.com")
       subjectAltName (SAN)         "subdomain.domain.com"
       Issuer                       "Let's Encrypt Authority X3" ("Let's Encrypt" from "US")
       Trust (hostname)             Ok via SAN and CN (SNI mandatory)
       Chain of trust               "/usr/bin/etc/*.pem" cannot be found / not readable
       EV cert (experimental)       no
       Certificate Expiration       89 >= 30 days (2016-11-12 11:35 --> 2017-02-10 11:35 +0000)
       # of certificates provided   2
       Certificate Revocation List  --
       OCSP URI                     http://ocsp.int-x3.letsencrypt.org/
       OCSP stapling                offered
    

    Code (Text):
     Testing HTTP header response @ "/"
    
     HTTP Status Code             200 OK
     HTTP clock skew              0 sec from localtime
     Strict Transport Security    --
     Public Key Pinning           --
     Server banner                nginx centminmod
     Application banner           X-Powered-By: centminmod
     Cookie(s)                    (none issued at "/")
     Security headers             --
     Reverse Proxy banner         --
    

    Code (Text):
     Testing vulnerabilities
    
     Heartbleed (CVE-2014-0160)                not vulnerable (OK)
     CCS (CVE-2014-0224)                       not vulnerable (OK)
     Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
     Secure Client-Initiated Renegotiation     not vulnerable (OK)
     CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
     BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
                                               Can be ignored for static pages or if no secrets in the page
     POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
     TLS_FALLBACK_SCSV (RFC 7507),             Downgrade attack prevention supported (OK)
     FREAK (CVE-2015-0204)                     not vulnerable (OK)
     DROWN (2016-0800, CVE-2016-0703)          not vulnerable on this port (OK)
                                               make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                               https://censys.io/ipv4?q=6F9A2EAAA80F1C2C9A681337FDB3329224C3865124CFAE3449 SHA256 8B7209ECFB01AAAAABE5DA525FED13BE16D6E0606E693E8C3 could help you to find out
     LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
     BEAST (CVE-2011-3389)                     TLS1: ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA
                                               VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
     RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
    

    Code (Text):
     Testing all 183 locally available ciphers against the server, ordered by encryption strength
    
    Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits
    ------------------------------------------------------------------------
     xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM    256
     xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM    256
     xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES       256
     xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 256   AES       256
     xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM    128
     xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM    128
     xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES       128
     xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES       128
     xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES       128
     xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES       128
    

    Code (Text):
     Running browser simulations via sockets (experimental)
    
     Android 2.3.7                 TLSv1.0 DHE-RSA-AES128-SHA
     Android 4.0.4                 TLSv1.0 ECDHE-RSA-AES128-SHA
     Android 4.1.1                 TLSv1.0 ECDHE-RSA-AES128-SHA
     Android 4.2.2                 TLSv1.0 ECDHE-RSA-AES128-SHA
     Android 4.3                   TLSv1.0 ECDHE-RSA-AES128-SHA
     Android 4.4.2                 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Android 5.0.0                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     Baidu Jan 2015                TLSv1.0 ECDHE-RSA-AES128-SHA
     BingPreview Jan 2015          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Chrome 47 / OSX               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     Firefox 42 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     GoogleBot Feb 2015            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     IE 6 XP                       No connection
     IE 7 Vista                    TLSv1.0 ECDHE-RSA-AES128-SHA
     IE 8 XP                       No connection
     IE 8-10 Win 7                 TLSv1.0 ECDHE-RSA-AES128-SHA
     IE 11 Win 7                   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE 11 Win 8.1                 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE 10 Win Phone 8.0           TLSv1.0 ECDHE-RSA-AES128-SHA
     IE 11 Win Phone 8.1           TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE 11 Win Phone 8.1 Update    TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     IE 11 Win 10                  TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Edge 13 Win 10                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Edge 13 Win Phone 10          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Java 6u45                     TLSv1.0 DHE-RSA-AES128-SHA
     Java 7u25                     TLSv1.0 ECDHE-RSA-AES128-SHA
     Java 8u31                     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
     OpenSSL 0.9.8y                No connection
     OpenSSL 1.0.1l                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     OpenSSL 1.0.2e                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Safari 5.1.9 OS X 10.6.8      TLSv1.0 ECDHE-RSA-AES128-SHA
     Safari 6 iOS 6.0.1            TLSv1.2 ECDHE-ECDSA-AES128-SHA256
     Safari 6.0.4 OS X 10.8.4      TLSv1.0 ECDHE-RSA-AES128-SHA
     Safari 7 iOS 7.1              TLSv1.2 ECDHE-ECDSA-AES128-SHA256
     Safari 7 OS X 10.9            TLSv1.2 ECDHE-ECDSA-AES128-SHA256
     Safari 8 iOS 8.4              TLSv1.2 ECDHE-ECDSA-AES128-SHA256
     Safari 8 OS X 10.10           TLSv1.2 ECDHE-ECDSA-AES128-SHA256
     Safari 9 iOS 9                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
     Safari 9 OS X 10.11           TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    
     Done 2016-11-12 13:05:28    -->> ipaddress:443 (subdomain.domain.com) <<--
    


    SSL Labs output

    upload_2016-11-12_23-21-51.png

    upload_2016-11-12_23-22-37.png
     
    Last edited: Nov 13, 2016