5

I have an IdHTTPServer and I want to implement the support for handling both HTTP and HTTPS requests. This is my code:

FSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
FSSLHandler.SSLOptions.CertFile     := 'certificate.pem';
FSSLHandler.SSLOptions.KeyFile      := 'key.pem';
FSSLHandler.SSLOptions.RootCertFile := 'chain.pem';

FIdHTTPServer.Bindings.Add.Port := 443;
FIdHTTPServer.IOHandler := FSSLHandler;

FIdHTTPServer.Activate := true;

In the server directory I have ssleay32.dll and ssleay32.dll v1.0.2l (Win32) downloaded from http://indy.fulgan.com/SSL/

When I make a request from Chrome, in the security tab of the developer tool I see:

enter image description here

Also, analyzing the server with sslyze I have some other security issue (see VULNERABLE label):

> sslyze --regular local.XXXXXXXXXXXXXX.com:4343

SCAN RESULTS FOR LOCAL.XXXXXXXXXXXXXX.COM:4343 - 127.0.0.1
 --------------------------------------------------------

 * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

 * TLSV1_1 Cipher Suites:
     Preferred:
        None - Server followed client cipher suite preference.                                                            
     Accepted:
        TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                 -              128 bits                                                                  
        TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits                                                                  
        TLS_RSA_WITH_SEED_CBC_SHA                         -              128 bits                                                                  

 * SSLV3 Cipher Suites:
      Server rejected all cipher suites.

 * TLSV1 Cipher Suites:
     Preferred:
        None - Server followed client cipher suite preference.                                                            
     Accepted:
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits                                                                  
        TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits                                                                  
        TLS_RSA_WITH_SEED_CBC_SHA                         -              128 bits                                                                  
        TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                 -              128 bits                                                                  

 * Deflate Compression:
                                          OK - Compression disabled

 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported

 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * Session Renegotiation:
       Client-initiated Renegotiation:    VULNERABLE - Server honors client-initiated renegotiations
       Secure Renegotiation:              OK - Supported

 * Resumption Support:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Tickets:                  OK - Supported

 * TLSV1_2 Cipher Suites:
     Preferred:
        None - Server followed client cipher suite preference.                                                            
     Accepted:
        TLS_RSA_WITH_AES_256_GCM_SHA384                   -              256 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits                                                                  
        TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits                                                                  
        TLS_RSA_WITH_AES_256_CBC_SHA256                   -              256 bits                                                                  
        TLS_RSA_WITH_AES_128_GCM_SHA256                   -              128 bits                                                                  
        TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits                                                                  
        TLS_RSA_WITH_SEED_CBC_SHA                         -              128 bits                                                                  
        TLS_RSA_WITH_AES_128_CBC_SHA256                   -              128 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                 -              128 bits                                                                  

 * Certificate Information:
     Content
       SHA1 Fingerprint:                  47d0385fb45a82a91f9d8639ea222191adb12719
       Common Name:                       *.XXXXXXXXXXXXXX.com
       Issuer:                            XXXXXXXX RSA Domain Validation Secure Server CA
       Serial Number:                     10462331755053598199612105214047533723
       Not Before:                        2017-09-20 00:00:00
       Not After:                         2020-09-19 23:59:59
       Signature Algorithm:               sha256
       Public Key Algorithm:              RSA
       Key Size:                          2048
       Exponent:                          65537 (0x10001)
       DNS Subject Alternative Names:     ['*.XXXXXXXXXXXXXX.com', 'XXXXXXXXXXXXXX.com']

     Trust
       Hostname Validation:               OK - Certificate matches local.XXXXXXXXXXXXXX.com
       AOSP CA Store (7.0.0 r1):          OK - Certificate is trusted
       Apple CA Store (OS X 10.11.6):     OK - Certificate is trusted
       Java 7 CA Store (Update 79):       OK - Certificate is trusted
       Microsoft CA Store (09/2016):      OK - Certificate is trusted
       Mozilla CA Store (09/2016):        OK - Certificate is trusted
       Received Chain:                    *.XXXXXXXXXXXXXX.com --> XXXXXXXX RSA Domain Validation Secure Server CA --> XXXXXXXX RSA Certification Authority
       Verified Chain:                    *.XXXXXXXXXXXXXX.com --> XXXXXXXX RSA Domain Validation Secure Server CA --> XXXXXXXX RSA Certification Authority
       Received Chain Contains Anchor:    OK - Anchor certificate not sent
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain

     OCSP Stapling
                                          NOT SUPPORTED - Server did not send back an OCSP response.


 SCAN COMPLETED IN 1.34 S
 ------------------------

I have tried to fix the issues by setting the CipherList and Method as following:

  FSSLHandler.SSLOptions.Method      := sslvTLSv1_2;
  FSSLHandler.SSLOptions.Mode        := sslmUnassigned;
  FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
  FSSLHandler.SSLOptions.CipherList  := 'TLSv1:TLSv1.2:SSLv3:!RC4:!NULL-MD5:!NULL-SHA:!NULL-SHA256:!DES-CBC-SHA:!DES-CBC3-SHA:!IDEA-CBC-SHA';

but the errors persist.

How can I fix the obsolete key exchange (RSA) from Chrome and the vulnerability Client-initiated Renegotiation from sslyze?

Side note: I want try to implementing SSL on the Indy server by following the most common best practice like https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Following https://cipherli.st/ I have also tried to use:

  FSSLHandler.SSLOptions.Method      := sslvTLSv1_2;
  FSSLHandler.SSLOptions.Mode        := sslmUnassigned;
  FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1_2];
  FSSLHandler.SSLOptions.CipherList  := 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

but it raises an exception:

Error accepting connection with SSL. error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

in IdSSLOpenSSL.pas on line 3563:

// RLebeau: if this socket's IOHandler was cloned, no need to reuse the
// original IOHandler's active session ID, since this is a server socket
// that generates its own sessions...
error := SSL_accept(fSSL);
if error <= 0 then begin
  EIdOSSLAcceptError.RaiseException(fSSL, error, RSSSLAcceptError); // EXCEPTION HERE
end;
if Supports(fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then 
begin
  LParentIO := LHelper.GetIOHandlerSelf;
  if LParentIO <> nil then begin
    StatusStr := 'Cipher: name = ' + Cipher.Name + '; ' +    {Do not Localize}
               'description = ' + Cipher.Description + '; ' +    {Do not Localize}
               'bits = ' + IntToStr(Cipher.Bits) + '; ' +    {Do not Localize}
               'version = ' + Cipher.Version + '; ';    {Do not Localize}
    LParentIO.DoStatusInfo(StatusStr);
  end;
  LHelper := nil;
end;

IndyServer seems not to accept the CipherList in the same Apache way. The official documentation is vague:

TIdSSLOptions.CipherList Property

Pascal

property CipherList: String;

Description

CipherList is a Published String property. Write access for the property is implemented using fCipherList.

S.L. Barth is on codidact.com
  • 8,198
  • 71
  • 51
  • 66
ar099968
  • 6,963
  • 12
  • 64
  • 127
  • 1
    AES_128_GCM is indicated as a strong cipher, not as an obsolete, in your screenshot – mjn42 Oct 09 '17 at 14:35
  • @mjn42 sorry... i have edited the question... – ar099968 Oct 09 '17 at 14:49
  • What version of OpenSSL are you using? – David Heffernan Oct 09 '17 at 15:46
  • @DavidHeffernan i have ssleay32.dll, ssleay32.dll version 1.0.1.5 – ar099968 Oct 09 '17 at 15:47
  • 1
    As I understand it, you need to specify this in the cipher list, see https://stackoverflow.com/questions/27302773/delphi-w-indy-10-unable-to-connect-via-tls-1-2-w-ssl-best-practices-in-place and https://stackoverflow.com/questions/36353831/is-the-order-of-cipher-names-in-tidserveriohandlersslopenssl-ssloptions-cipherli – David Heffernan Oct 09 '17 at 15:53
  • 2
    On a side note, if you are not already doing this, in order to support both HTTP and HTTPS on a single `TIdHTTPServer`, you need *two* entries in the `Bindings` collection - one for port 80 and the other for port 443 - and an `OnQuerySSLPort` event handler that sets the `VUseSSL` parameter to True when the `APort` parameter is 443. – Remy Lebeau Oct 09 '17 at 17:18
  • @RemyLebeau yes, i have followed this yours answer https://stackoverflow.com/questions/34415978/creating-idhttpserver-with-ssl-encryption. Thanks, i have read a lot of yours answer on StackOverflow, very appreciated! Have you some tips for configure ssl in the right way and follow the common best practice like this https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices – ar099968 Oct 10 '17 at 07:07
  • Note: as of SVN rev 5461, an `OnQuerySSLPort` handler [is no longer needed](http://www.indyproject.org/Sockets/Blogs/ChangeLog/20180530.EN.aspx) if your only HTTPS port is 443. – Remy Lebeau May 30 '18 at 18:27
  • @RemyLebeau thanks for the update! you have any suggestion for the main question: "obsolete key exchange (RSA) and vulnerability Client-initiated renegotiation" – ar099968 May 31 '18 at 06:52

0 Answers0