Linux.com

Home Learn Linux Linux Tutorials Do Your SSL Certs Meet Microsoft's New Requirements?

Do Your SSL Certs Meet Microsoft's New Requirements?

Warning from Microsoft to the entire Internet: make sure that your digital certificates are at least 1024 bits. As of Oct. 9, 2012, longer key lengths are mandatory for all digital encryption certificates that touch Windows systems.

This means that Internet Explorer will refuse to access websites that do not have RSA keys with minimum lengths of 1024 bits. You won't be able to exchange encrypted emails, run ActiveX controls or install applications on Windows. This isn't new, as Microsoft started making announcements about this well over a year ago.

If your first reaction is "There goes Redmond bossing the rest of the world around again!", think about it. 1024-bits key length is already considered obsolete, so if you're hanging on to 1024-bit keys or weaker you're asking for trouble. The National Institute of Standards and Technology bulletin 800-57 recommends RSA key lengths of 2048 or 3072 bits. NIST calculates that 2048-bit keys will be good until 2030, and then they'll be easily breakable by brute force. 3072-bit keys have predicted lifetimes of "much longer." So 4096-bit RSA keys have lifetimes of "much, much longer."

Now What?

If you're running some Windows systems, start at RSA keys under 1024 bits are blocked. This tells you how to find weak keys and how to upgrade.

The rest of us must use other means. OpenSSL has a bunch of tools for querying SSL certificates. Use this invocation to get information on your local web server, and look for the following information:

$ openssl s_client -showcerts -connect localhost:443
Server certificate
subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.munge.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=EssentialSSL CA
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit

You may test remote servers as well, substituting their URLs for "localhost." The example shows that the server's SSL certificate is verified by a commercial certificate authority, Comodo, that it supports the latest strong protocols TLSv1/SSLv3, and uses the very strong AES256 symmetric encryption algorithm.

You can query a mailserver the same way:

$ openssl s_client -showcerts -connect mailserver:995

Or an FTP server:

$ openssl s_client -showcerts -connect ftpserver:21

You'll have to know how your FTP is configured, because it varies. FTP/SSL is usually TCP port 21 or 990, and SFTP is usually TCP port 115, though sometimes it goes over TCP port 22.

Algorithm Confusion

A common point of confusion is the various encryption algorithms used by OpenSSL. In the above example the RSA key is 2048 bits, but the AES key is only 256 bits. The RSA key relies on an asymmetric algorithm. It uses a pair of encryption keys, one public and one private. The public key encrypts and the private key decrypts. You can fling any number of public keys into the world so that other people may send you encrypted messages, and you only need to keep track of a single private key to decrypt them. It's a clever way to easily to set up encrypted communications.

Symmetric algorithms require that both parties share the same key for encryption and decryption. This has obvious drawbacks, like figuring out how to securely share the keys, and like any secret when more than one person knows it, it's no longer a secret. But symmetric algorithms are efficient and don't need much computing power.

A typical SSL session is a busy little thing with all kinds of stuff happening, and it takes advantage of the different strengths of asymmetric and symmetric algorithms. The asymmetric RSA key allows anyone to establish an encrypted network session without having a pre-shared key, but at the price of significant CPU cycles. Once the session is established, new symmetric keys are generated and exchanged to encrypt the remainder of the session.

How the Internet Sees You

Qualys SSL testerI love websites that let you test your servers, and there are a lot of them. Qualys SSL Labs has an SSL server test. Test your server and you'll see a report like Figure 1.

It goes on to give detailed information like supported ciphers, RSA key strength, supported protocols, and it even says if it's vulnerable to the BEAST attack.

What the Web Browser Sees

Web browser developers are getting stricter about the SSL information they display. In the olden days there was a little padlock at the bottom, and you clicked it to see the SSL information. Now they have multiple indicators. Chromium uses little colored padlocks, a plain page icon, and other indicators. Click on them to get full details.

Figure 2: How Wikipedia's SSL is reported by Firefox (top) and Chromium. Firefox is gray, Chromium is nice green.

Firefox is simpler and sterner. A gray globe indicates a mixed http/https page, a gray padlock is an https page, and only sites that pay mondo bucks for Extended Validation certificates get a green padlock. Firefox keeps changing their SSL indicators, so this could be outdated information tomorrow. For today, Figure 2 compares the same page in Firefox (on top) and Chromium. This page uses very strong encryption, but it still doesn't rate a splash of color in Firefox, just dull gray.

Upgrading Your Digital Certificates

I'm afraid I don't have a simple solution for querying or upgrading your digital certificates. Your upgrading method depends on whether your certificates are self-generated or from a commercial vendor, and how your public key infrastructure (PKI) is set up. How strong should you make them? You ought to do some testing before deciding, because the computational power required for higher encryption levels goes up steeply. So if you're thinking you'll, go for the gusto and use 4096-bit RSA keys and future-proof yourself forever, try it first and see how it affects server performance and user experience. The NIST thinks that 3072-bit keys should be good well beyond the predicted year 2030 lifespan of 2048-bit keys.

It's also a good time to check your own server configurations, and to limit who they'll accept connections from. The Apache Software Foundation has a great guide, Apache SSL/TLS Encryption that is useful not only for configuring Apache, but for understanding SSL/TLS.

Even though this is all a big pain, look at the bright side-- if you've been unsuccessfully trying to persuade your boss that you're years overdue to block SSLv1 and 40-bit symmetric keys, Microsoft might be doing you a favor.

 

Comments

Subscribe to Comments Feed
  • Kimmo Lahtinen Said:

    It is funny that this Page gives SSL warnings. I think it is something about Site name not matched the certificate. It undermines a little the trust for the information you provide. I think you gave me quite useful information, so thank you for that.

  • Rafa Said:

    Hi, maybe you're using Windows xp and Linux.com server is using various SSL certificates for others domains hosted there. Then they're using server name indication, an SSL extension for supporting several certificates in the same server, it isn't supported by windows xp and IE browser (works right with vista and Higher) More info at Wikipedia http://en.m.wikipedia.org/wiki/Server_Name_Indication Regards PS: good article!

  • vladi Said:

    1024 bits are long ago deprecated. Major CA accepts only above 1024bit private keys (certificate request forms CER). The hole post is mostly useless

  • John Galt Said:

    16K keys is going to be the norm in due course. Why? Have you been tracking all the supercomputers being installed around the country? You know... the ones where they promote the sc as something a "small business" and entrepreneurs can use? All of them have dozens of Tesla GPUs installed, too. What do you think those are REALLY for? (HINT: Rainbow Tables) Time to go underground. The NIST is precomputing rainbow tables with multiple supercomputers around the clock -- 7 days a week. 3K bits ain't gonna cut it.

Upcoming Linux Foundation Courses

  1. LFD211 Introduction to Linux for Developers
    06 Oct » 07 Oct - Virtual
    Details
  2. LFS230 Linux Network Management
    06 Oct » 09 Oct - Virtual
    Details
  3. LFS416 Linux Security
    06 Oct » 09 Oct - Washington
    Details

View All Upcoming Courses

Become an Individual Member
Check out the Friday Funnies

Sign Up For the Linux.com Newsletter


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board