The impact of Apple's ATS compliance on web servers

This article was last updated on: February 7, 2024 pm

I Preface

📓 Description:

This article was completed collaboratively after my colleague Huang Wentao and I collected data and experimented during the Taiping Insurance period.

This article was written in 2017, and as of this day the specifications, software versions or configuration items may change. If you want to apply, please do a perfect test before applying.

1.1 ATS Requirements

  1. The negotiated version of Transport Layer Security (TLS) must be TLS 1.2;

  2. The connection must use AES-128 or AES-256 symmetric ciphers, and the negotiated key exchange protocol must be one of the following:

    1. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    2. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    3. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    4. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    5. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    6. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    7. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    8. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    9. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    10. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    11. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  3. The Leaf server certificate must be signed with one of the following types of keys

    1. Rivest-Shamir-Adleman (RSA) keys with a length of at least 2048 bits
    2. Elliptic-Curve Cryptography (ECC) keys with a length of at least 256 bits
    3. In addition, the leaf server certificate hashing algorithm must be Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 (i.e., SHA-256 or greater) (sometimes called a “thumbprint”).

2. Inspection items

2.1 Apache checks

  1. OpenSSL version: Requires greater than 1.0.1 (OpenSSL supports TLS 1.2 from 1.0.1 onwards.)
  2. The key exchange protocol used by current cipher suites.
    1. View the protocols supported by the current cipher suite. Ensure that the supported protocols are required in ATS above.
  3. Whether the current key length/fingerprint algorithm satisfies:
    1. If it is an RSA key, it must be at least 2048 bits;
    2. If it is an ECC key, it must be at least 256 bits.
    3. The fingerprint secure hash algorithm is SHA-2
  4. Apache version:
    1. Apache 2.2.23 or2.4.0 All of the above versions are supported.

2.2 NGINX check items

  1. OpenSSL version: Requires greater than 1.0.1
  2. The key exchange protocol used by current cipher suites.
    1. View the protocols supported by the current cipher suite. Ensure that the supported protocols are required in ATS above.
  3. Whether the current key length/fingerprint algorithm satisfies:
    1. If it is an RSA key, it must be at least 2048 bits;
    2. If it is an ECC key, it must be at least 256 bits.
    3. The fingerprint secure hash algorithm is SHA-2
  4. NGINX version: Recommended1.1.13The above version.

2.3 WebLogic checks

  1. JDK version: Requires JDK 7 or above.

3. Modify configuration items

📓 Description:

In addition to the version that does not meet the requirements of the above check items, the algorithm of the certificate, and the length of the key need to meet the requirements, there are other configuration items to configure.

3.1 Apache configuration items

Examples: Apache version 2.2.23 (TBD), OpenSSL version 1.0.1e. (Maximum compatibility configuration)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<VirtualHost *:443>
    ...
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key

    # Uncomment the following directive when using client certificate authentication
    #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication


    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"
    ...
</VirtualHost>

# old configuration, tweak to your needs
SSLProtocol             all -SSLv2
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
SSLHonorCipherOrder     on

3.2 NGINX configuration items

Examples: Nginx version 1.11.0, OpenSSL version 1.0.1e (maximum compatibility configuration)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /path/to/dhparam.pem;

    # old configuration. tweak to your needs.
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    resolver <IP DNS resolver>;

    ....
}

3.3 WebLogic configuration items

You need to download the java 7 policyfile on Oracle’s official website
After extraction, replaceJAVA_HOME/jre/lib/securitylowerlocal_policy.jarUS_export_policy.jarFile.

IV. Attention

  1. Upgrading OpenSSL may affect sftp, ssh and other SSL-related protocols, so be cautious.
  2. Considering the vulnerability of old SSL versions and compatibility, it is recommended to disable SSL V2 and below protocols. (The latest recommendation is that SSL v3 is also disabled)
DevOps
#Nginx #Security #Openssl #ssl #https #Apple
The impact of Apple's ATS compliance on web servers
https://e-whisper.com/posts/12368/
Author
east4ming
Posted on
March 30, 2017
Licensed under