Overview
SSL (Socket Layer Security) and TLS (Transport Layer Security) are both security protocols, and their main function is to ensure secure communication between the client and the server. SSL is the older protocol and TLS is the replacement for SSL.
SSL versions 1.0, 2.0 and 3.0, TLS versions 1.0, 1.2 and 1.3. The SSL protocol and TLS1.0 are disabled due to being outdated. Currently, TLS 1.3 is the most deployed security protocol on the Internet. It is the latest version of TLS, which enhances the outdated security and adds more touch. A simple understanding can be obtained through the following points:
- Advantages of the latest TLS1.3
- what forward secrecy
- Why choose GCM encryption
TLS 1.3
Modern browsers support TLS 1.2 and TLS 1.3 protocols, but version 1.3 is much better. TLS 1.3 includes several improvements over earlier versions, most notably simplifying the TLS handshake, resulting in shorter handshake times, improved website performance, improved user experience, and more secure and simpler cipher suites supported.
cipher suite
TLS/SSL uses one or more cipher suites. A cipher suite is a combination of algorithms for authentication, encryption, and message authentication. The algorithm used by TLS version 1.2 has some weaknesses and security holes. These algorithms were removed in TLS 1.3:
- SHA-1
- RC4
- DES
- 3DES
- AES-CBC
- MD5
Another very important update is that TLS1.3 supports the perfect-forward-secrecy (PFS) algorithm.
forward secrecy
Forward Secrecy (PFS) is a feature of a specific key agreement protocol, if a long-lived session key is leaked, hackers can intercept a lot of data, we can generate a unique session key for each session, a single session Compromise of the key does not affect any data outside the session.
TLS used one of two mechanisms to exchange keys during the handshake in earlier versions: static RSA keys and Diffie-Hellman keys. In TLS 1.3, RSA and all static (non-PFS) key exchanges have been removed, leaving only DHE, ECDHE
- Temporary Diffie-Hellman (DHE)
- Temporary Elliptic Curve Diffie-Hellman (ECDHE)
Check the site's security details to see if it uses "ECDHE" or "DHE".
Why choose GCM
AES (Advanced Encryption Standard) Symmetric encryption, which is the Advanced Encryption Standard. The earlier encryption standard DES (Data Encryption Standard) has been deprecated.
It is very important to choose the appropriate encryption mode for AES, and there are two more commonly used modes: CBC and GCM.
CBC Cipher Block Chaining Mode
The plaintext is divided into blocks, the first block uses the initialization vector, and each subsequent plaintext block is XORed with the previous ciphertext block before encryption.
Problems with this mode:
- An error in one plaintext block will affect all subsequent blocks.
- Cannot be processed in parallel, limiting throughput.
- Lack of built-in authentication, it will be subject to some attacks, such as: Chosen Plaintext Attack (CPA), Chosen Ciphertext Attack (CCA), etc.
CTR count mode
The plaintext blocks are numbered sequentially and the next keystream block is generated by encrypting consecutive values of the "counter". CTR mode is ideal for running on multi-core processors, and blocks of plaintext can be encrypted in parallel.
GCM Galois/Counter Mode
GCM = CTR + Authentication. In the encryption process, the plaintext blocks are sequentially numbered, and then this block number is combined with the initial vector and encrypted using the block cipher E, and then the encrypted result is XORed with the plaintext to generate the ciphertext.
Simply put, GCM is a combination of CTR authentication, which is faster and more secure. It will accept pipelined and parallelized implementations with minimal computational latency, so it will be more widely used.
Nginx configuration
Support TLS1.2
Client minimum version
- Supports Firefox 27+
- Android 4.4.2+
- Chrome 31+
- Edge, IE 11 on Windows 7 or above
- Java 8u31
- OpenSSL 1.0.1
- Opera 20+
- Safari 9+
server {
listen 443 ssl http2;
server_name www.xxx.com xxx.biz
# Path to certs
ssl_certificate /etc/nginx/ssl/xxx.com.csr;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MySSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ssl/xxx.com.dhparam.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 严格传输安全是一种策略机制,保护网站免受协议降级攻击和cookie 劫持等中间人攻击。
add_header Strict-Transport-Security "max-age=63072000" always;
# 是检查X.509 数字证书吊销状态的标准
ssl_stapling on;
ssl_stapling_verify on;
# 使用根 CA 和中间证书验证 OCSP 响应的信任链
ssl_trusted_certificate /etc/nginx/ssl/fullchain.pem;
# DNS
resolver 8.8.8.8 valid=10s;;
}Support TLS1.3
Client minimum version
- Firefox 63+
- Android 10.0+
- Chrome 70+
- Edge 75
- Java 11
- OpenSSL1.1.1
- Opera 57
- Safari 12.1
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server www.xxx.com;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SharedNixCraftSSL:10m;
ssl_session_tickets off;
# TLS 1.3 only
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# 严格传输安全是一种策略机制,保护网站免受协议降级攻击和cookie 劫持等中间人攻击。
add_header Strict-Transport-Security "max-age=63072000" always;
# 是检查X.509 数字证书吊销状态的标准
ssl_stapling on;
ssl_stapling_verify on;
# 使用根 CA 和中间证书验证 OCSP 响应的信任链
ssl_trusted_certificate /etc/nginx/ssl/fullchain.pem;
# DNS
resolver 8.8.8.8 valid=10s;;
}It is generally recommended to be compatible with both 1.2 and 1.3
ssl_protocols TLSv1.2 TLSv1.3;test
Test for TLS 1.2 support
curl -I -v --tlsv1.2 --tls-max 1.2 https://www.xxx.com/Test for TLS 1.3 support
curl -I -v --tlsv1.3 --tls-max 1.3 https://www.xxx.com/
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。