More than 5 years have passed since last update.

nginx : ssl_dhparamの有り無しでの挙動の違い

Posted at 2017-09-23

結論

ssl_dhparam (公式ドキュメント)は指定しましょう。
指定するファイルは、下記コマンドで作成できます。

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

詳細

nginxのssl関係のパラメータに、ssl_dhparam と言うものが有ります。
これは、Diffie-Helmanの鍵交換アルゴリズムで使われる素数を格納しているファイルです。
このパラメータですが、nginx-1.10系までは、指定しなくてもOKでした。
しかし、1.11.0から、CHANGELOGには

Changes with nginx 1.11.0                                        24 May 2016
*) Change: to use DHE ciphers it is now required to specify parameters
   using the "ssl_dhparam" directive.

と、パラメータが必須になったことが記載されています。

安定版ユーザの方ですと、1.10系ではこのパラメータは不要でしたが、1.12系で必須となりました。

ssl_dhparamの有り無しでの挙動差異

具体的に、本パラメータをつけている場合とそうでない場合で、cipher suiteがどう変わるのかを確認してみましょう。

sslのパラメータは、ssl_dhparam以外はとりあえず下記としています。
ssl_ciphersは、何も指定しない場合のデフォルトとしています。

    ssl_certificate "/etc/nginx/oreore/server.crt";
    ssl_certificate_key "/etc/nginx/oreore/server.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

また、nginxのOpenSSLは1.1.0fを組み込みました。

テストスクリプトは、
How do I list the SSL/TLS cipher suites a particular website offers? で有志の方が作っていたものを利用します。
以下に利用したものを記載します（ローカル環境向けに一部編集済み）

    
#!/usr/bin/env bash
# https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

# OpenSSL requires the port number.
SERVER=192.168.33.10:443
DELAY=0
ciphers=$(openssl-1.1.0f ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl-1.1.0f s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

nginx1.10.3

ssl_dhparam有り

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

ssl_dhparam無し

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

diff

差分なし。

nginx-1.12.1

ssl_dhparam有り

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing DHE-RSA-AES128-CCM...YES
Testing DHE-RSA-AES128-CCM8...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES256-CCM...YES
Testing DHE-RSA-AES256-CCM8...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing DHE-RSA-CAMELLIA128-SHA...YES
Testing DHE-RSA-CAMELLIA128-SHA256...YES
Testing DHE-RSA-CAMELLIA256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA256...YES
Testing DHE-RSA-CHACHA20-POLY1305...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

ssl_dhparam無し

Testing AES128-CCM...YES
Testing AES128-CCM8...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA...YES
Testing AES128-SHA256...YES
Testing AES256-CCM...YES
Testing AES256-CCM8...YES
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA...YES
Testing AES256-SHA256...YES
Testing CAMELLIA128-SHA...YES
Testing CAMELLIA128-SHA256...YES
Testing CAMELLIA256-SHA...YES
Testing CAMELLIA256-SHA256...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-CAMELLIA128-SHA256...YES
Testing ECDHE-RSA-CAMELLIA256-SHA384...YES
Testing ECDHE-RSA-CHACHA20-POLY1305...YES

diff

$ diff -u nginx-1.12.1-ssl_dhparam-ON nginx-1.12.1-ssl_dhparam-OFF
--- nginx-1.12.1-ssl_dhparam-ON 2017-09-23 18:33:15.578719250 +0900
+++ nginx-1.12.1-ssl_dhparam-OFF        2017-09-23 18:33:26.003370035 +0900
@@ -12,21 +12,6 @@
 Testing CAMELLIA128-SHA256...YES
 Testing CAMELLIA256-SHA...YES
 Testing CAMELLIA256-SHA256...YES
-Testing DHE-RSA-AES128-CCM...YES
-Testing DHE-RSA-AES128-CCM8...YES
-Testing DHE-RSA-AES128-GCM-SHA256...YES
-Testing DHE-RSA-AES128-SHA...YES
-Testing DHE-RSA-AES128-SHA256...YES
-Testing DHE-RSA-AES256-CCM...YES
-Testing DHE-RSA-AES256-CCM8...YES
-Testing DHE-RSA-AES256-GCM-SHA384...YES
-Testing DHE-RSA-AES256-SHA...YES
-Testing DHE-RSA-AES256-SHA256...YES
-Testing DHE-RSA-CAMELLIA128-SHA...YES
-Testing DHE-RSA-CAMELLIA128-SHA256...YES
-Testing DHE-RSA-CAMELLIA256-SHA...YES
-Testing DHE-RSA-CAMELLIA256-SHA256...YES
-Testing DHE-RSA-CHACHA20-POLY1305...YES
 Testing ECDHE-RSA-AES128-GCM-SHA256...YES
 Testing ECDHE-RSA-AES128-SHA...YES
 Testing ECDHE-RSA-AES128-SHA256...YES

まとめ

以上の結果から、nginx-1.10系では確かにssl_dhparamは有無に関わらずcipher-suiteに DHE がでてきますが、nginx-1.12系では、 ssl_dhparamがないと、DHEを利用したものがバッサリとなくなっていることがわかりました。

nginx-1.12系にあげる際にはご注意を・・・。

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up