2 Configuring SSL and TLS Security

Oracle HTTP Server secures communication by using a Secure Sockets Layer (SSL) protocol.

SSL secures communication by providing message encryption, integrity, and authentication. The SSL standard allows the involved components such as browsers and HTTP servers to negotiate which encryption, authentication, and integrity mechanisms to use.

This chapter includes the following topics:

• Configuring Protocols and Ciphers
• Using Server Certificates
• Using Location Directive to Secure URIs
• Enabling Perfect Forward Secrecy on Oracle HTTP Server

Configuring Protocols and Ciphers

Oracle recommends that you configure Oracle HTTP Server to support only the strongest ciphers and protocols. Following are the list of preferred protocols and ciphers:

Note:

In this release, the following are the most secure list of protocols and ciphers available. For the updated list of secure ciphers, see My Oracle Support (Doc ID: 2314658.1) "SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates".

• Protocols

  TLSv1.2 is the only recommended protocol.

• Ciphers

  
  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_128_GCM_SHA256
  TLS_RSA_WITH_AES_256_GCM_SHA384
  TLS_RSA_WITH_AES_128_CBC_SHA256
  TLS_RSA_WITH_AES_256_CBC_SHA256
  SSL_RSA_WITH_AES_128_CBC_SHA
  SSL_RSA_WITH_AES_256_CBC_SHA

Using Server Certificates

Credentials such as certificates, trusted certificates, certificate requests, and private keys are stored in Oracle wallet.

Security best practices for keys and certificates include:

• Using Strong Keys
• Protecting the Keys
• Using Strong Cryptographic Hashing Algorithms
• Using a Certificate That Supports the Required Domain Name
• Using a CA Signed Certificate

Using Strong Keys

The private keys used to generate the cipher key must be strong for the anticipated lifetime of the private key and their corresponding certificates.

The best practice is to select a key size of minimum 2048 bits.

Protecting the Keys

Ensure that the wallet containing the private key is stored in a location that is protected from unauthorized access.

Using Strong Cryptographic Hashing Algorithms

Ensure that the certificates are signed using SHA-256 hashing algorithm. Certificates signed using MD5 or SHA-1 algorithms are not trusted by browsers as these algorithms are known to have cryptographic weaknesses.

Using a Certificate That Supports the Required Domain Name

Ensure that the server certificates in your Oracle HTTP server support the required domain name. The domain name or subject of the certificate must match the fully qualified name of the server that presents the certificate. Subject Alternative Name (SAN)s can be used to provide a specific listing of multiple names, in valid certificates.

For example, let us consider web applications accessible at https://abc.example.com and https://xyz.example.com. In this case, the certificate lists the subject's common name attribute as example.com, and lists two SANs - abc.example.com and xyz.example.com. These certificates are referred to as multiple domain certificates.

See Using SAN Certificates with Oracle HTTP Server in the Administering Oracle HTTP Server.

Also, ensure that the user does not see any certificate errors upon accessing the web application.

Using a CA Signed Certificate

For Internet facing applications, the certificates should be signed by one of the well-known certificate authorities (CAs) which are automatically trusted by operating systems and browsers.

Using Location Directive to Secure URIs

The mod_ossl module's SSLCipherSuite directive can be configured with <Location> blocks to allow only those clients that support strong SSL parameters to access an URI. This forces a renegotiation and allows only the clients that meet the new configuration.

Following is an example to configure a location directive to secure an URI:

# be liberal in general - 
SSLCipherSuite ALL
<Location "/strong/area">
# but https://hostname/strong/area/ and below requires strong ciphersuites
SSLCipherSuite HIGH
</Location>

Enabling Perfect Forward Secrecy on Oracle HTTP Server

Perfect Forward Secrecy (PFS) is a feature of specific key agreement protocols that gives assurance that your session keys will not be compromised even if the private key of the server is compromised.

Oracle HTTP Server out of the box configuration does not explicitly enable Perfect Forward Secrecy feature. To enable PFS, do the following configuration changes in the Oracle HTTP Server:

1. Configure TLS1.2 protocol for OHS server using SSLProtocol directive. See SSLProtocol Directive in Administering Oracle HTTP Server.
2. Enforce the ordering of server cipher suites by setting SSLHonorCipherOrder to ON. See SSLHonorCipherOrder Directive in Administering Oracle HTTP Server.
3. Use ECC certificates in Oracle HTTP Server wallet. See Adding an ECC Certificate to Oracle Wallets with orapki in Administering Oracle Fusion Middleware.
4. Configure ECDHE_ECDSA Cipher Suites in OHS. For the list of supported ECDHE_ECDSA cipher suites, see SSLCipherSuite Directive in Administering Oracle HTTP Server.