Transport Layer Security
According to Wikipedia:
- Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
There are five TLS implementations available in the official repositories. OpenSSL should already be installed on your system as it is an indirect dependency of the meta package ( > > ). GnuTLS might already be installed on your system as it is required by many packages.
- OpenSSL — A robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols; also a general-purpose cryptography library.
- GnuTLS — A free software implementation of the TLS, SSL and DTLS protocols. Offers APIs for X.509, PKCS #12 and other structures.
- Network Security Services (NSS) — Implementation of cryptographic libraries supporting TLS/SSL and S/MIME. Also supports TLS acceleration and smart cards.
- mbed TLS — Portable SSL/TLS implementation, aka PolarSSL.
- LibreSSL — A version of the TLS/crypto stack forked from OpenSSL in 2014 by the OpenBSD project, with goals of modernizing the codebase and improving security.
With TLS one of a set of certificate authorities (CAs) checks and signs for the authenticity of a public key certificate from a server. A client connecting to the server via TLS may verify its certificate's authenticity by relying on a digital signature of CA. To check the digital signature a client must have a public key of CA, obtained via a separate path and stored as a self-signed certificate. On Arch Linux the default set of CA certificates is provided by the package.
Arch Linux provides a centralized system-wide interface for managing CA certificates. This interface is the library
/usr/lib/pkcs11/p11-kit-trust.so from the package, which provides PKCS #11 API for certificates, stored in
/usr/share/ca-certificates/trust-source/ (the token "Default Trust") and
/etc/ca-certificates/trust-source/ (the token "System Trust").
For using the interface from a command line, thepackage provides the utility.
For libraries, that have not been ported to PKCS #11 and use a custom logic for managing CA certificates, the package provides the script, that copies CA certificates obtained through the centralized interface to
An overview of mechanisms for loading a default set of CA certificates
|Implementation||Mechanism||Arch Linux configuration|
|OpenSSL||Provides API functions that load the certificates from a hardcoded directory or file..||A default file is |
|GnuTLS||Provides an API function that loads the certificates from a hardcoded directory, file, or filtered list of configured PKCS #11 modules, marked with
||Uses all configured PKCS #11 modules, marked with |
|Network Security Services||Loads the certificates from a dynamically configured list of PKCS #11 modules, managed with a dedicated API. Configuration can be stored in any directory, pointed by a user. , .|
|mbed TLS||A user should load the certificates. .|
|LibreSSL||Provides an API function that loads the certificates from a hardcoded directory or file..||A default file is |
For trust management the PKCS #11 modules with the
trust-policy: yes setting, sorted by the
priority: setting. See for details about configuration of modules.
List trust store items
$ trust list
Add a certificate to a trust store
$ trust anchor certificate.crt
The certificate should be in the persistence, DER or PEM format (including the OpenSSL-specific trusted certificate format). This command stores the certificate in the first writable token found by querying the list of modules.
Remove a certificate from a trust store
$ trust anchor --remove 'pkcs11:id=%00%11%22%33%44%55%66%77%88%99%AA%BB%CC%DD%EE%FF%00%11%22%33;type=cert'
Override default trust
The token representing certificates in
/usr/share/ca-certificates/trust-source/ is always write-protected, so to distrust some default certificate authority run such a command:
$ trust extract --format=pem-bundle --filter='pkcs11:id=%00%11%22%33%44%55%66%77%88%99%AA%BB%CC%DD%EE%FF%00%11%22%33;type=cert' /etc/ca-certificates/trust-source/blocklist/untrusted_authority.pem
Obtaining a certificate
The first step is to generate a private key. Before generating the key, set a restrictive file mode creation mask with umask (for example
077). This ensures that the keys written by openssl are read-protected.
/etc/ssl/privatedirectory, so a umask is needed. See FS#43059.
Elliptic curves are newer algorithms and are becoming increasingly adopted for modern systems. A 256-bit elliptic curve key is expected to provide sufficient security through the year 2030 . Curve25519 is an elliptic curve algorithm which has good security and performance properties.
RSA is an older cryptosystem and has higher compatibility, especially with clients that do not support recent versions of TLS. However, RSA relies on factorization, which is an area of cryptography which may be becoming weaker due to the development of faster factorization algorithms . A 2048-bit RSA private key is expected to provide security through most of the 2020s . A 4096-bit RSA private key is expected to provide security for longer (barring major advancements in factorization), but has a very large performance impact. The performance difference can be benchmarked with
openssl speed rsa2048 rsa4096 .
After the key is generated, a certificate can be obtained from a certificate authority with a Certificate Signing Request (CSR), or a certificate may be self-signed. While self-signed certificates can be generated easily, clients will reject them by default, meaning that every client needs to be configured to trust the self-signed certificate.
For the actual generation commands refer to the article of the used implementation:
Because there are various attacks against TLS the best practices should be considered:
- Disable SSLv3 to prevent the POODLE attack.
- weakdh.org's Guide to Deploying Diffie-Hellman for TLS
- Mozilla's Server Side TLS article
- SSL Labs' SSL and TLS Deployment Best Practices
- cipherl.ist[dead link 2021-05-17 ⓘ]
Programs to check TLS:
Websites to check TLS:
- https://dev.ssllabs.com/ssltest/ (only HTTPS)
- https://www.checktls.com/ (only email)
- https://www.immuniweb.com/ssl/ (any port)
- https://tls.imirhil.fr/tls (any port)
See also List of ACME clients.
- acme-client — Secure Let's Encrypt client, written in C.
- acme-tiny — A 200-line Python script to issue and renew TLS certs from Let's Encrypt.
- acme.sh — A pure Unix shell script ACME client.
- acmetool — An easy-to-use ACME CLI, written in Go.
- https://github.com/hlandau/acme || AUR, AUR
- Certbot — ACME client recommended by Let's Encrypt, written in Python.
- dehydrated — ACME client, written in Bash.
- getssl — ACME client, written in Bash.
- https://github.com/srvrco/getssl || AUR, AUR
- lego — Lets Encrypt client and ACME library, written in Go.
- letsencrypt-cli — Yet another Letsencrypt (ACME) client using Ruby.
- manuale — A fully manual Let's Encrypt client, written in Python.
- ruby-acme-client — A Ruby client for the letsencrypt's ACME protocol.
- simp_le — Simple Let's Encrypt client, written in Python.
With the online, interactive, https://gethttpsforfree.com client you will need about 10 copy paste from the web page to a shell command line, and back. Running the suggested command in between. You will also have to do manual renewals, possibly at that page. Or other wise take care of renewals. On the other hand, you will see at every step whether it succeeded, or not. Will not have to install software just to request for a certificate. And will be able to keep the private keys, or the server software, touched only fully consciously.
See alsoby GnuTLS and by OpenSSL.