Barcamp Salzburg Oktober 2013: (Perfect) Forward Secrecy with nginx and OpenSSL
(Perfect) Forward Secrecy
with nginx and OpenSSL
by Richard Fussenegger, BSc
• Ask—if you have a question
• Ask—if you don’t understand something
• Ask—if you want to know more
• Shout—if I get something wrong
nginx why use it?
• I use it since approximately 2008
• Asynchronous event-driven
• Multiple workers (fork)
• Modular architecture
• Used by e.g. WordPress, GitHub, Golem.de
OpenSSL why use it?
• Supported by all major (*nix) software
• Can be compiled directly into nginx
• Lot’s of ciphers supported
• Almost a standard today
“…allows today information to be kept secret
even if the private key is compromised in the future.”
Vincent Bernat, PhD
TLS AES128-SHA how does it work?
• Server presents certificate
• Both agree on master secret
• Built from 48byte premaster
secret gen. and encrypted by
client w. public key of server
• Master secret derived from
premaster secret + random
values via plain text
• Authentication and encryption
w. same private key!
Vincent Bernat http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
Solution Ephemeral Diffie-Hellman
• Use different key for authentication and encryption
• Extending classic TLS handshake
Server sends a Server Key Exchange message
after regular Certificate message
How To very easy with nginx
Validate do things work?
• Localhost: openssl s_client -tls1 -cipher ECDH -connect 127.0.0.1:443
• Online: https://www.ssllabs.com/ssltest/analyze.html
• More in my master thesis
• Questions about nginx, PHP, Debian/Ubuntu?