I don't think this is a good idea. It's a bit unclear on their wiki[1] but they have an official repository maintained by nginx.org
deb http://nginx.org/packages/ubuntu/ lucid nginx
deb-src http://nginx.org/packages/ubuntu/ lucid nginx
(substitute your Ubuntu version for lucid, obviously)
and separately the PPA you're using but "this PPA is maintained by volunteers and is not distributed by nginx.org." How committed are those volunteers? Do you want to find out on your server?
The official repository carries nginx 1.4.2 (I use it with raring) which works with at least TLS 1.1 (that's what Chrome tells me about the connection).
EDIT: Qualsys gives my setup an A, with a pat on the back for supporting forward secrecy and a warning that I'm vulnerable to the BEAST attack. Apparently, I also support TLS 1.2, what do you know.
I agree that having a PPA isn't the best thing in the world, but this one is very stable(I'm using it for quite some time). Anyway, I will update the post to use the official repo, since it's really a better option. Thanks :)
* !RC4 - RC4 is in doubt[1]. The only reason to keep it around was to mitigate the BEAST attack, which is now mitigated[2] client side, so RC4 should be dropped.
* Ensure TLS deflate is off to mitigate CRIME[4] (this is the default in most, but not all combinations of nginx/OpenSSL).
* openssl ciphers -v is great for testing what ciphers match your settings.
* Comment your nginx config! You will not remember all of this when you next look at it (or someone else does). And some of it will certainly be outdated. Security is not a static game.
You don't have to disable gzip entirely. Just on any URLs where an attacker could influence the contents of the response. If you serve all your static assets out of their own location block, feel free to enable gzip there.
I followed your advice and added comments to almost all my configurations. I will add some test tools to allow easier test of the configurations, but I think it's a lot better now.
Besides that, I assume people will use nginx 1.3.7 or newer, so a few defaults are assumed as well.
I guess it is a slow news day but there are better guides out there.
If you are using centos or any redhat related product you will have to build your own openssl to get 1.0.1 with perfect-forward-secrecy (the IUS repository does NOT include EC ciphers either). RedHat decided EC ciphers have patents that are valid (they are not).
The example configuration is missing ocsp stapling.
Their configuration is also including the root certificate in the download for every connection which is unnecessary.
Using RC4 over AES for beast mitigation is no longer considered optimal, if anything RC4 is not 100% trustworthy anymore. Lean on elliptic-curve ciphers with AES over RC4 for modern browsers. As a bonus you get CPU acceleration for AES on most servers and many newer home computers.
Thanks for the heads up ck2. I've updated the config to add ocsp stapling. The certificate really has a extra(unnecessary) root certificate, I will solve this later today.
And the qualys SSL analyzer no longer penalizes for not mitigating Beast, they just warn about it in orange but there is no longer a penalty as of a couple weeks ago.
take away some of the adds/exclusions in the list and watch what they add/remove. Plug in other people's lists and see what they do.
Then learn what ECDHE vs DHE means (and why DHE is slower)
Then learn about RSA vs DSA keys, EC ciphers etc.
Then play around with this tool that shows you what ciphers different browser support (try it with IE8 vs Firefox vs Chrome, etc) https://cc.dcsec.uni-hannover.de/
Why can't get the 'best config for security' be default out of the box on nginx and apache httpd? That's the only way we're actually going to have a secure web, ain't it?
There's been a lot of recent flux in what the consensus on "best config for security" even is in the past six months. We went through a phase where RC4 was the recommended cipher, now we're mostly coming around to it being a bad idea, for instance, and that's still a thing in progress rather than totally done.
Seems like someone should invent a way to easily get automatic updates to your ssl config in apache and/or nginx.
I know I'm not the only one with half a dozen, a dozen, or dozens of web servers I am responsible for -- who realistically isn't going to keep track of what the current consensus is and go updating the ssl configuration even every six months.
The first one tells browsers it should never try to visit the http version of this site, even if the user clicks on a http link the browser will visit the https version. This helps prevent ssl stripping attacks.
The second prevents browsers from including this site in an iframe or frame, which helps prevent clickjacking attacks. If your site depends on those you can also set the option to SAMEORIGIN.
We currently are setting Strict-Transport-Security with rails, but as I said in the comments of the blog, I think that setting this header inside nginx could be a better idea.
I hope this isn't too off topic, but this has to e the very worst mobile theme I've seen for a site. Everything is blurry! And I can't zoom in, and there are weird overlays hanging around. I wish people would stop putting in effort to make their site harder to read. I couldn't even get through the first paragraph, because I kept on reaching for my glasses on the nightstand, when they are already on my face.
(I still would like to be able to zoom, but that's like asking for two ponies, and even getting one pony is far better than I could reasonably expect. Kudos!)
It is fairly straightforward to compile nginx against the latest ssl tarball, rather than the extreme option of distro upgrade (which as pointed out is no good for Centos / RHEL) for the cipher support.
Actually this is speaking to two different issues.
Nginx is indeed one of the easiest programs to compile, very light and fast to build.
Building the newest openssl from scratch for centos into an rpm is quite a workout. I had to read two guides and still had to play with it a bit to get everything just right. Oh and pro-tip from a big "duh" moment - don't try to remove old openssl on a SSH connection. It doesn't just run from memory, when it goes away, so does your connection to the server.
This might be a good place to ask; is there a good way to get fail2ban and nginx to work nicely together? I keep getting shitbirds pecking away at /wpadmin on my website.
Seriously though, any "best for security" article should be taken with a huge grain of salt as security isn't something static that's the same everywhere.
and separately the PPA you're using but "this PPA is maintained by volunteers and is not distributed by nginx.org." How committed are those volunteers? Do you want to find out on your server?
The official repository carries nginx 1.4.2 (I use it with raring) which works with at least TLS 1.1 (that's what Chrome tells me about the connection).
EDIT: Qualsys gives my setup an A, with a pat on the back for supporting forward secrecy and a warning that I'm vulnerable to the BEAST attack. Apparently, I also support TLS 1.2, what do you know.
[1] http://wiki.nginx.org/Install#Official_Debian.2FUbuntu_packa...