Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationEventAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
19
Help us understand the problem. What is going on with this article?

More than 3 years have passed since last update.

@r-ytakada

nginx : ssl_dhparamの有り無しでの挙動の違い

結論

ssl_dhparam (公式ドキュメント)は指定しましょう。
指定するファイルは、下記コマンドで作成できます。

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

詳細

nginxのssl関係のパラメータに、ssl_dhparam と言うものが有ります。
これは、Diffie-Helmanの鍵交換アルゴリズムで使われる素数を格納しているファイルです。
このパラメータですが、nginx-1.10系までは、指定しなくてもOKでした。
しかし、1.11.0から、CHANGELOGには

Changes with nginx 1.11.0                                        24 May 2016
*) Change: to use DHE ciphers it is now required to specify parameters
   using the "ssl_dhparam" directive.

と、パラメータが必須になったことが記載されています。

安定版ユーザの方ですと、1.10系ではこのパラメータは不要でしたが、1.12系で必須となりました。

ssl_dhparamの有り無しでの挙動差異

具体的に、本パラメータをつけている場合とそうでない場合で、cipher suiteがどう変わるのかを確認してみましょう。

sslのパラメータは、ssl_dhparam以外はとりあえず下記としています。
ssl_ciphersは、何も指定しない場合のデフォルトとしています。

    ssl_certificate "/etc/nginx/oreore/server.crt";
    ssl_certificate_key "/etc/nginx/oreore/server.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

また、nginxのOpenSSLは1.1.0fを組み込みました。

テストスクリプトは、
How do I list the SSL/TLS cipher suites a particular website offers? で有志の方が作っていたものを利用します。
以下に利用したものを記載します(ローカル環境向けに一部編集済み)


#!/usr/bin/env bash
# https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

# OpenSSL requires the port number.
SERVER=192.168.33.10:443
DELAY=0
ciphers=$(openssl-1.1.0f ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl-1.1.0f s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

nginx1.10.3

ssl_dhparam有り

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

ssl_dhparam無し

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

diff

差分なし。

nginx-1.12.1

ssl_dhparam有り

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

ssl_dhparam無し

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

diff

$ diff -u nginx-1.12.1-ssl_dhparam-ON nginx-1.12.1-ssl_dhparam-OFF
--- nginx-1.12.1-ssl_dhparam-ON 2017-09-23 18:33:15.578719250 +0900
+++ nginx-1.12.1-ssl_dhparam-OFF        2017-09-23 18:33:26.003370035 +0900
@@ -12,21 +12,6 @@
 Testing CAMELLIA128-SHA256...YES
 Testing CAMELLIA256-SHA...YES
 Testing CAMELLIA256-SHA256...YES
-Testing DHE-RSA-AES128-CCM...YES
-Testing DHE-RSA-AES128-CCM8...YES
-Testing DHE-RSA-AES128-GCM-SHA256...YES
-Testing DHE-RSA-AES128-SHA...YES
-Testing DHE-RSA-AES128-SHA256...YES
-Testing DHE-RSA-AES256-CCM...YES
-Testing DHE-RSA-AES256-CCM8...YES
-Testing DHE-RSA-AES256-GCM-SHA384...YES
-Testing DHE-RSA-AES256-SHA...YES
-Testing DHE-RSA-AES256-SHA256...YES
-Testing DHE-RSA-CAMELLIA128-SHA...YES
-Testing DHE-RSA-CAMELLIA128-SHA256...YES
-Testing DHE-RSA-CAMELLIA256-SHA...YES
-Testing DHE-RSA-CAMELLIA256-SHA256...YES
-Testing DHE-RSA-CHACHA20-POLY1305...YES
 Testing ECDHE-RSA-AES128-GCM-SHA256...YES
 Testing ECDHE-RSA-AES128-SHA...YES
 Testing ECDHE-RSA-AES128-SHA256...YES

まとめ

以上の結果から、nginx-1.10系では確かにssl_dhparamは有無に関わらずcipher-suiteに DHE がでてきますが、nginx-1.12系では、 ssl_dhparamがないと、DHEを利用したものがバッサリとなくなっていることがわかりました。

nginx-1.12系にあげる際にはご注意を・・・。

19
Help us understand the problem. What is going on with this article?
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
19
Help us understand the problem. What is going on with this article?