nginx : ssl_dhparamの有り無しでの挙動の違い

More than 1 year has passed since last update.


結論

ssl_dhparam (公式ドキュメント)は指定しましょう。

指定するファイルは、下記コマンドで作成できます。

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048


詳細

nginxのssl関係のパラメータに、ssl_dhparam と言うものが有ります。

これは、Diffie-Helmanの鍵交換アルゴリズムで使われる素数を格納しているファイルです。

このパラメータですが、nginx-1.10系までは、指定しなくてもOKでした。

しかし、1.11.0から、CHANGELOGには

Changes with nginx 1.11.0                                        24 May 2016

*) Change: to use DHE ciphers it is now required to specify parameters
using the "ssl_dhparam" directive.

と、パラメータが必須になったことが記載されています。

安定版ユーザの方ですと、1.10系ではこのパラメータは不要でしたが、1.12系で必須となりました。


ssl_dhparamの有り無しでの挙動差異

具体的に、本パラメータをつけている場合とそうでない場合で、cipher suiteがどう変わるのかを確認してみましょう。

sslのパラメータは、ssl_dhparam以外はとりあえず下記としています。

ssl_ciphersは、何も指定しない場合のデフォルトとしています。

    ssl_certificate "/etc/nginx/oreore/server.crt";

ssl_certificate_key "/etc/nginx/oreore/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

また、nginxのOpenSSLは1.1.0fを組み込みました。

テストスクリプトは、

How do I list the SSL/TLS cipher suites a particular website offers? で有志の方が作っていたものを利用します。

以下に利用したものを記載します(ローカル環境向けに一部編集済み)


#!/usr/bin/env bash
# https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

# OpenSSL requires the port number.
SERVER=192.168.33.10:443
DELAY=0
ciphers=$(openssl-1.1.0f ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl-1.1.0f s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
echo NO \($error\)
else
if
[[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then
echo YES
else
echo UNKNOWN RESPONSE
echo $result
fi
fi
sleep $DELAY
done


nginx1.10.3


ssl_dhparam有り

Testing AES128-CCM...YES

Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES


ssl_dhparam無し

Testing AES128-CCM...YES

Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES


diff

差分なし。


nginx-1.12.1


ssl_dhparam有り

Testing AES128-CCM...YES

Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES


ssl_dhparam無し

Testing AES128-CCM...YES

Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES


diff

$ diff -u nginx-1.12.1-ssl_dhparam-ON nginx-1.12.1-ssl_dhparam-OFF

--- nginx-1.12.1-ssl_dhparam-ON 2017-09-23 18:33:15.578719250 +0900
+++ nginx-1.12.1-ssl_dhparam-OFF 2017-09-23 18:33:26.003370035 +0900
@@ -12,21 +12,6 @@
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
-Testing DHE-RSA-AES128-CCM...YES
-Testing DHE-RSA-AES128-CCM8...YES
-Testing DHE-RSA-AES128-GCM-SHA256...YES
-Testing DHE-RSA-AES128-SHA...YES
-Testing DHE-RSA-AES128-SHA256...YES
-Testing DHE-RSA-AES256-CCM...YES
-Testing DHE-RSA-AES256-CCM8...YES
-Testing DHE-RSA-AES256-GCM-SHA384...YES
-Testing DHE-RSA-AES256-SHA...YES
-Testing DHE-RSA-AES256-SHA256...YES
-Testing DHE-RSA-CAMELLIA128-SHA...YES
-Testing DHE-RSA-CAMELLIA128-SHA256...YES
-Testing DHE-RSA-CAMELLIA256-SHA...YES
-Testing DHE-RSA-CAMELLIA256-SHA256...YES
-Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES


まとめ

以上の結果から、nginx-1.10系では確かにssl_dhparamは有無に関わらずcipher-suiteに DHE がでてきますが、nginx-1.12系では、 ssl_dhparamがないと、DHEを利用したものがバッサリとなくなっていることがわかりました。

nginx-1.12系にあげる際にはご注意を・・・。