mailinabox/conf/nginx-ssl.conf

# from https://gist.github.com/konklone/6532544 and https://mozilla.github.io/server-side-tls/ssl-config-generator/
###################################################################################################################

# Basically the nginx configuration I use at konklone.com. 
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
#
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
# Comments on gists don't notify the author. 
# 
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

# Path to certificate and private key.
# The .crt may omit the root CA cert, if it's a standard CA that ships with clients.
#ssl_certificate /path/to/unified.crt;
#ssl_certificate_key /path/to/my-private-decrypted.key;

# Tell browsers to require SSL (warning: difficult to change your mind)
# Handled by the management daemon because we can toggle this version or a
# preload version.
#add_header Strict-Transport-Security max-age=31536000;

# Prefer certain ciphersuites, to enforce Forward Secrecy and avoid known vulnerabilities.
# 
# Forces forward secrecy in all browsers and clients that can use TLS,
# but with a small exception (DES-CBC3-SHA) for IE8/XP users.
# 
# Reference client: https://www.ssllabs.com/ssltest/analyze.html
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

# Cut out (the old, broken) SSLv3 entirely. 
# This **excludes IE6 users** and (apparently) Yandexbot.
# Just comment out if you need to support IE6, bless your soul.
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

# Turn on session resumption, using a cache shared across nginx processes,
# as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
#keepalive_timeout   70; # in Ubuntu 14.04/nginx 1.4.6 the default is 65, so plenty good

# Buffer size of 1400 bytes fits in one MTU.
# nginx 1.5.9+ ONLY
#ssl_buffer_size 1400; 

# SPDY header compression (0 for none, 9 for slow/heavy compression). Preferred is 6. 
# 
# BUT: header compression is flawed and vulnerable in SPDY versions 1 - 3.
# Disable with 0, until using a version of nginx with SPDY 4.
spdy_headers_comp 0;

# Now let's really get fancy, and pre-generate a 2048 bit random parameter
# for DH elliptic curves. If not created and specified, default is only 1024 bits. 
#
# Generated by OpenSSL with the following command:
#   openssl dhparam -outform pem -out dhparam2048.pem 2048
# 
# Note: raising the bits to 2048 excludes Java 6 clients. Comment out if a problem.
ssl_dhparam STORAGE_ROOT/ssl/dh2048.pem;


# OCSP stapling - means nginx will poll the CA for signed OCSP responses, 
# and send them to clients so clients don't make their own OCSP calls.
# http://en.wikipedia.org/wiki/OCSP_stapling
# 
# while the ssl_certificate above may omit the root cert if the CA is trusted,
# ssl_trusted_certificate below must point to a chain of **all** certs
# in the trust path - (your cert, intermediary certs, root cert)
#
# 8.8.8.8 and 8.8.4.4 below are Google's public IPv4 DNS servers. 
# nginx will use them to talk to the CA.
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.1 valid=86400;
resolver_timeout 10;
update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months * The Mozilla recommendations must have been updated in the last few years. * The HSTS header must have >=6 months to get an A+ at ssllabs.com/ssltest. 2017-10-03 15:44:01 +00:00			`# from https://gist.github.com/konklone/6532544 and https://mozilla.github.io/server-side-tls/ssl-config-generator/`
			`###################################################################################################################`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`# Basically the nginx configuration I use at konklone.com.`
			`# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com`
			`#`
			`# To provide feedback, please tweet at @konklone or email eric@konklone.com.`
			`# Comments on gists don't notify the author.`
			`#`
			`# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.`
			`# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.`

			`# Path to certificate and private key.`
			`# The .crt may omit the root CA cert, if it's a standard CA that ships with clients.`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00			`#ssl_certificate /path/to/unified.crt;`
			`#ssl_certificate_key /path/to/my-private-decrypted.key;`

update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`# Tell browsers to require SSL (warning: difficult to change your mind)`
let the HSTS header be controlled by the management daemon so some domains can choose to enable preload 2015-09-08 21:20:13 +00:00			`# Handled by the management daemon because we can toggle this version or a`
			`# preload version.`
			`#add_header Strict-Transport-Security max-age=31536000;`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`# Prefer certain ciphersuites, to enforce Forward Secrecy and avoid known vulnerabilities.`
			`#`
			`# Forces forward secrecy in all browsers and clients that can use TLS,`
			`# but with a small exception (DES-CBC3-SHA) for IE8/XP users.`
			`#`
			`# Reference client: https://www.ssllabs.com/ssltest/analyze.html`
nginx-ssl.conf changes were partially incorrect, partial revert of 834c42bc503b3430eb8100343581ed3be396c41b My own /etc/nginx/nginx.conf was messed up, so what I thought were Ubuntu 14.04 defaults weren't, and we lost the ssl_protocols and ssl_prefer_server_ciphers settings. This puts those back. https://discourse.mailinabox.email/t/dev-master-version-reported-as-poodle-attack-vulnerable-by-ssllabs/898 2015-10-24 11:36:18 +00:00			`ssl_prefer_server_ciphers on;`
update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months * The Mozilla recommendations must have been updated in the last few years. * The HSTS header must have >=6 months to get an A+ at ssllabs.com/ssltest. 2017-10-03 15:44:01 +00:00			ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00
			`# Cut out (the old, broken) SSLv3 entirely.`
			`# This excludes IE6 users and (apparently) Yandexbot.`
			`# Just comment out if you need to support IE6, bless your soul.`
nginx-ssl.conf changes were partially incorrect, partial revert of 834c42bc503b3430eb8100343581ed3be396c41b My own /etc/nginx/nginx.conf was messed up, so what I thought were Ubuntu 14.04 defaults weren't, and we lost the ssl_protocols and ssl_prefer_server_ciphers settings. This puts those back. https://discourse.mailinabox.email/t/dev-master-version-reported-as-poodle-attack-vulnerable-by-ssllabs/898 2015-10-24 11:36:18 +00:00			`ssl_protocols TLSv1.2 TLSv1.1 TLSv1;`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00
update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months * The Mozilla recommendations must have been updated in the last few years. * The HSTS header must have >=6 months to get an A+ at ssllabs.com/ssltest. 2017-10-03 15:44:01 +00:00			`# Turn on session resumption, using a cache shared across nginx processes,`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00			`# as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html`
update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months * The Mozilla recommendations must have been updated in the last few years. * The HSTS header must have >=6 months to get an A+ at ssllabs.com/ssltest. 2017-10-03 15:44:01 +00:00			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_timeout 1d;`
move nginx-ssl to be a global configuration file rather than including it into each server block 2015-09-27 17:13:11 +00:00			`#keepalive_timeout 70; # in Ubuntu 14.04/nginx 1.4.6 the default is 65, so plenty good`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`# Buffer size of 1400 bytes fits in one MTU.`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00			`# nginx 1.5.9+ ONLY`
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`#ssl_buffer_size 1400;`

			`# SPDY header compression (0 for none, 9 for slow/heavy compression). Preferred is 6.`
			`#`
			`# BUT: header compression is flawed and vulnerable in SPDY versions 1 - 3.`
			`# Disable with 0, until using a version of nginx with SPDY 4.`
			`spdy_headers_comp 0;`

			`# Now let's really get fancy, and pre-generate a 2048 bit random parameter`
			`# for DH elliptic curves. If not created and specified, default is only 1024 bits.`
			`#`
			`# Generated by OpenSSL with the following command:`
			`# openssl dhparam -outform pem -out dhparam2048.pem 2048`
			`#`
			`# Note: raising the bits to 2048 excludes Java 6 clients. Comment out if a problem.`
add 2048 bits of DH params for nginx, postfix, dovecot nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own. ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.) see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3 2014-09-26 22:01:38 +00:00			`ssl_dhparam STORAGE_ROOT/ssl/dh2048.pem;`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00

			`# OCSP stapling - means nginx will poll the CA for signed OCSP responses,`
			`# and send them to clients so clients don't make their own OCSP calls.`
			`# http://en.wikipedia.org/wiki/OCSP_stapling`
			`#`
			`# while the ssl_certificate above may omit the root cert if the CA is trusted,`
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`# ssl_trusted_certificate below must point to a chain of all certs`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00			`# in the trust path - (your cert, intermediary certs, root cert)`
			`#`
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`# 8.8.8.8 and 8.8.4.4 below are Google's public IPv4 DNS servers.`
			`# nginx will use them to talk to the CA.`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00			`ssl_stapling on;`
set ssl_stapling_verify back to on, reverts part of 47de93961e88d3790120caeece0648ed6ab2c44c The sslmate guidance changed. See #458. 2015-06-27 11:14:16 +00:00			`ssl_stapling_verify on;`
OCSP improvements * Set ssl_stapling_verify to off per https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx ('on' has no security benefits). * Set resolver to 127.0.0.1, instead of Google Public DNS, because we might as well use our local nameserver anyway. * Remove the commented line which per the link above would never be necessary anyway. OCSP seems to work just fine after these changes. 2015-06-06 23:24:09 +00:00			`resolver 127.0.0.1 valid=86400;`
update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00			`resolver_timeout 10;`