DevOps / Sys Admin Q & A #26 : NGINX SSL/TLS, Caching, and Session

To know how to get CA SSL Certificate, visit DevOps / Sys admin Q & A #11 : SSH & SSL.

Here is the nginx configuration file (/etc/nginx/nginx.conf):

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    index   index.html index.htm;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen 443 ssl;
        server_name  1lnx.com;
        root         /usr/share/nginx/html;

        ssl_certificate     /etc/nginx/ssl/1_1lnx.com_bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/1lnx.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        #charset koi8-r;

        #access_log  /var/log/nginx/host.access.log  main;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        # redirect server error pages to the static page /40x.html
        #
        error_page  404              /404.html;
        location = /40x.html {
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        }
    }

Certificates don't get signed directly by the certificate authority; there's this kind of chain of trust that gets built up. So, if we have a certificate, it's usually signed by an intermediate certificate authority, and that intermediate certificate authority is signed by the real certificate authority.

Not all browsers necessarily know what the next one in the chain is, and browsers are really only bundled with the top (the real offline root certificates). So when we get a certificate, we also need to have the whole chain of trust along with it.

$ openssl s_client -connect 1lnx.com:443
CONNECTED(00000003)
depth=2 C = ES, O = StartCom CA, CN = StartCom Certification Authority G3
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=US/CN=1lnx.com
   i:/C=ES/O=StartCom CA/OU=StartCom Certification Authority/CN=StartCom BR SSL ICA
 1 s:/C=ES/O=StartCom CA/OU=StartCom Certification Authority/CN=StartCom BR SSL ICA
   i:/C=ES/O=StartCom CA/CN=StartCom Certification Authority G3
 2 s:/C=ES/O=StartCom CA/CN=StartCom Certification Authority G3
   i:/C=ES/O=StartCom CA/CN=StartCom Certification Authority G3
 3 s:/C=ES/O=StartCom CA/CN=StartCom Certification Authority G3
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGMzCCBBugAwIBAgIIIIylw6m7hccwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UE
...
+KjdmBxhwQ==
-----END CERTIFICATE-----
subject=/C=US/CN=1lnx.com
issuer=/C=ES/O=StartCom CA/OU=StartCom Certification Authority/CN=StartCom BR SSL ICA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6981 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: B9C61D8FC06...EC611B797B0E646
    Session-ID-ctx: 
    Master-Key: 963E90F84F3...4C5F70963
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    ...
    Start Time: 1493275496
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

The server certificate is a public entity. It is sent to every client that connects to the server. The private key is a secure entity and should be stored in a file with restricted access, however, it must be readable by nginx's master process.

The directives ssl_protocols and ssl_ciphers can be used to limit connections to include only the strong versions and ciphers of SSL/TLS. By default nginx uses "ssl_protocols TLSv1 TLSv1.1 TLSv1.2" and "ssl_ciphers HIGH:!aNULL:!MD5", so configuring them explicitly is generally not needed.

(Note) At the time of this writing, this Nginx instance is also running Apache which is using only http (:80) for other domains. So, on linux we have 1lnx.com site with https only (:443).

We'll use https://1lnx.com listening only the port 443:

SSL operations consume extra CPU resources. On multi-processor systems several worker processes should be run, no less than the number of available CPU cores. The most CPU-intensive operation is the SSL handshake.

There are two ways to minimize the number of these operations per client (see the example below):

1. Enable keepalive connections to send several requests via one connection.
   We just need a timeout to say how long we want to keep sessions on our side, and then how big a cache for these sessions we can have. In this case, the default is a 50 MB session; that should last us for a long time. A shared cache is preferred because then we can share them between all our NGINX workers.
   For example, if one of our workers was the one that originally made the connection and a second connection gets made to a different NGINX worker, we can still resume the connection. There's also another option called session tickets. It's only used in Chrome and Firefox, but essentially does the same thing. We have to generate a random 48-byte file, but sticking just with session caching for now is recommended.
2. Reuse SSL session parameters to avoid SSL handshakes for parallel and subsequent connections. The sessions are stored in an SSL session cache shared between workers and configured by the ssl_session_cache directive. One megabyte of the cache contains about 4000 sessions. The default cache timeout is 5 minutes. It can be increased by using the ssl_session_timeout directive.
   These are extra options having to do with session resumption. When we first establish a TLS connection, there are an extra two round trips because we have to do an entire handshake and exchange certificates. If we previously connected with a client and they've cached the key that is used for the session transport, we can just resume that session. This is a feature called session resumption.

...
worker_processes  auto;

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    ...

    ssl_session_cache   shared:SSL:50m;
    ssl_session_timeout 5m;

    server {
        listen 443 ssl;
        server_name  1lnx.com;
        root         /usr/share/nginx/html;

        keepalive_timeout  65;

        ssl_certificate     /etc/nginx/ssl/1_1lnx.com_bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/1lnx.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

1. Configuring HTTPS servers

DevOps

DevOps / Sys Admin Q & A