kn007的个人博客
♥ You are here: Home > 软件与网络 > VPS > 关于Nginx的SSL加密方式选择

关于Nginx的SSL加密方式选择

by | 17 Comments

提醒:本文最后更新于 1455 天前,文中所描述的信息可能已发生改变,请仔细核实。

a96c76c5ea6e327a347a04e83fbd2a
首先,博客采用了ChaCha20加密方式进行加密和验证身份。

其次,要说的是OpenSSL原生并不支持ChaCha20,作者说可能会在1.1.0版本后达成支持。

如果你想使用ChaCha20加密算法,一个就是为OpenSSL打patch(由CloudFlare提供)。另外一个选择就是使用LibreSSL或BoringSSL,LibreSSL是OpenBSD创建的OpenSSL一个分支,虽说是重构了OpenSSL代码,但使用上并没有太大不同。BoringSSL是Google从OpenSSL创建的一个分支,根据Google实际需求进行维护,目前跟OpenSSL相比已经有很多不同之处了,所以尽量不要试图去替换系统的OpenSSL。LibreSSL和BoringSSL都支持ChaCha20。

对于想类似于Google那样,电脑访问使用AES-GCM算法,手机访问使用ChaCha20算法,可以考虑使用BoringSSL来达到目的。BoringSSL支持一种名为等价加密算法组(Equal preference cipher groups)的配置,可以满足需求(而且据说BoringSSL对ChaCha20支持更优)。

其实对于大多数网站来说,OpenSSL足够稳定和兼容,而且也支持目前比较主流推荐的加密方式AES-GCM分组加密算法。因此ChaCha20-Poly1305流式加密新算法似乎是不必要的。但是,ChaCha20加密方式在ARM平台(通常在手机上)上有着先天的优势。所以怎么选择看你们自己了。

其他科普知识:

根据测试,在许多移动设备上,ChaCha20-Poly1305加密的速度是AES的3倍还多,而且还省电。这样,网站在移动设备上的体验将会更好。但AES-GCM是目前比较推荐使用的分组加密模式,虽然它的缺点是计算量大,导致性能和电量开销比较大。但是,Intel推出了一个名为AES NI(Advanced Encryption Standard new instructions)的x86指令集扩展,从硬件上提供对AES的支持,这样使得AES-GCM的计算速度比ChaCha20-Poly1305要快得许多(快上一倍)。Intel自家CPU从Westmere平台开始支持AES-NI,目前在PC端AES-NI的普及率无疑更高。对于支持AES-NI的设备来说,使用AES-GCM加密算法无疑是最优选择。所以仅针对支持AES-NI的终端使用AES-GCM算法,否则使用ChaCha20,无疑是一个非常完美的方案,这也是推荐BoringSSL的原因(拥有等价加密算法组),但就目前来说,BoringSSL并不支持OCSP Stapling(Google认为现阶段OSCP是有缺陷的),而且编译麻烦(需要安装golang和预编译才可以被Nginx所编译,而且我在CentOS预编译失败了)或许是个“遗憾”。

对于LibreSSL,可以直接下载包下来,解压后,交由Nginx直接编译,而无需替换系统的OpenSSL。简单写成Shell就是:

cd /tmp
wget -c http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.0.tar.gz
tar zxvf libressl-2.3.0.tar.gz
cd /tmp
wget -c http://nginx.org/download/nginx-1.9.5.tar.gz
tar zxvf nginx-1.9.5.tar.gz && cd nginx-1.9.5/
./configure --with-http_v2_module --with-http_ssl_module --with-openssl=../libressl-2.3.0

...

以上仅作参考。

编译BoringSSL需要先yum安装golang,接着利用cmake编译。我的编译结果是失败,另外尝试过python+gyp编译,失败,原因相同。暂未找到解决方案,晚点再尝试。

Scanning dependencies of target pkcs8
[  0%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/pkcs8.c.o
[  0%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/p8_pkey.c.o
[  1%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/p5_pbe.c.o
[  1%] Building C object crypto/pkcs8/CMakeFiles/pkcs8.dir/p5_pbev2.c.o
[  1%] Built target pkcs8
Scanning dependencies of target stack
[  1%] Building C object crypto/stack/CMakeFiles/stack.dir/stack.c.o
[  1%] Built target stack
Scanning dependencies of target lhash
[  1%] Building C object crypto/lhash/CMakeFiles/lhash.dir/lhash.c.o
[  1%] Built target lhash
[  2%] Generating err_data.c
Reason: 2612 bytes of list and 13193 bytes of string data.
Scanning dependencies of target err
[  2%] Building C object crypto/err/CMakeFiles/err.dir/err.c.o
[  2%] Building C object crypto/err/CMakeFiles/err.dir/err_data.c.o
[  2%] Built target err
Scanning dependencies of target buf
[  3%] Building C object crypto/buf/CMakeFiles/buf.dir/buf.c.o
[  3%] Built target buf
Scanning dependencies of target base64
[  3%] Building C object crypto/base64/CMakeFiles/base64.dir/base64.c.o
[  3%] Built target base64
Scanning dependencies of target bytestring
[  3%] Building C object crypto/bytestring/CMakeFiles/bytestring.dir/ber.c.o
[  3%] Building C object crypto/bytestring/CMakeFiles/bytestring.dir/cbs.c.o
[  3%] Building C object crypto/bytestring/CMakeFiles/bytestring.dir/cbb.c.o
[  3%] Built target bytestring
Scanning dependencies of target md4
[  3%] Building C object crypto/md4/CMakeFiles/md4.dir/md4.c.o
[  3%] Built target md4
[  3%] Generating sha512-x86_64.S
[  4%] Generating sha1-x86_64.S
[  4%] Generating sha256-x86_64.S
Scanning dependencies of target sha
[  4%] Building C object crypto/sha/CMakeFiles/sha.dir/sha1.c.o
[  5%] Building C object crypto/sha/CMakeFiles/sha.dir/sha256.c.o
[  5%] Building C object crypto/sha/CMakeFiles/sha.dir/sha512.c.o
[  5%] Building ASM object crypto/sha/CMakeFiles/sha.dir/sha1-x86_64.S.o
[  5%] Building ASM object crypto/sha/CMakeFiles/sha.dir/sha256-x86_64.S.o
[  6%] Building ASM object crypto/sha/CMakeFiles/sha.dir/sha512-x86_64.S.o
[  6%] Built target sha
[  7%] Generating md5-x86_64.S
Scanning dependencies of target md5
[  7%] Building C object crypto/md5/CMakeFiles/md5.dir/md5.c.o
[  7%] Building ASM object crypto/md5/CMakeFiles/md5.dir/md5-x86_64.S.o
[  7%] Built target md5
[  7%] Generating ghash-x86_64.S
[  8%] Generating aesni-gcm-x86_64.S
Scanning dependencies of target modes
[  8%] Building C object crypto/modes/CMakeFiles/modes.dir/cbc.c.o
[  8%] Building C object crypto/modes/CMakeFiles/modes.dir/ctr.c.o
[  9%] Building C object crypto/modes/CMakeFiles/modes.dir/ofb.c.o
[  9%] Building C object crypto/modes/CMakeFiles/modes.dir/cfb.c.o
[  9%] Building C object crypto/modes/CMakeFiles/modes.dir/gcm.c.o
[  9%] Building ASM object crypto/modes/CMakeFiles/modes.dir/aesni-gcm-x86_64.S.o
[ 10%] Building ASM object crypto/modes/CMakeFiles/modes.dir/ghash-x86_64.S.o
[ 10%] Built target modes
[ 10%] Generating vpaes-x86_64.S
[ 10%] Generating aes-x86_64.S
[ 10%] Generating aesni-x86_64.S
[ 11%] Generating bsaes-x86_64.S
Scanning dependencies of target aes
[ 11%] Building C object crypto/aes/CMakeFiles/aes.dir/aes.c.o
[ 11%] Building C object crypto/aes/CMakeFiles/aes.dir/mode_wrappers.c.o
[ 12%] Building ASM object crypto/aes/CMakeFiles/aes.dir/aes-x86_64.S.o
[ 12%] Building ASM object crypto/aes/CMakeFiles/aes.dir/aesni-x86_64.S.o
[ 12%] Building ASM object crypto/aes/CMakeFiles/aes.dir/bsaes-x86_64.S.o
[ 12%] Building ASM object crypto/aes/CMakeFiles/aes.dir/vpaes-x86_64.S.o
[ 12%] Built target aes
Scanning dependencies of target des
[ 13%] Building C object crypto/des/CMakeFiles/des.dir/des.c.o
[ 13%] Built target des
[ 14%] Generating rc4-md5-x86_64.S
[ 14%] Generating rc4-x86_64.S
Scanning dependencies of target rc4
[ 14%] Building C object crypto/rc4/CMakeFiles/rc4.dir/rc4.c.o
[ 14%] Building ASM object crypto/rc4/CMakeFiles/rc4.dir/rc4-x86_64.S.o
[ 14%] Building ASM object crypto/rc4/CMakeFiles/rc4.dir/rc4-md5-x86_64.S.o
[ 14%] Built target rc4
Scanning dependencies of target conf
[ 14%] Building C object crypto/conf/CMakeFiles/conf.dir/conf.c.o
[ 14%] Built target conf
Scanning dependencies of target chacha
[ 14%] Building C object crypto/chacha/CMakeFiles/chacha.dir/chacha_generic.c.o
[ 15%] Building C object crypto/chacha/CMakeFiles/chacha.dir/chacha_vec.c.o
[ 15%] Built target chacha
Scanning dependencies of target poly1305
[ 15%] Building C object crypto/poly1305/CMakeFiles/poly1305.dir/poly1305.c.o
[ 16%] Building C object crypto/poly1305/CMakeFiles/poly1305.dir/poly1305_arm.c.o
[ 16%] Building C object crypto/poly1305/CMakeFiles/poly1305.dir/poly1305_vec.c.o
~src/boringssl/crypto/poly1305/poly1305_vec.c:36: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'uint128_t'
~src/boringssl/crypto/poly1305/poly1305_vec.c:44: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'add128'
~src/boringssl/crypto/poly1305/poly1305_vec.c:46: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'add128_64'
~src/boringssl/crypto/poly1305/poly1305_vec.c:48: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'mul64x64_128'
~src/boringssl/crypto/poly1305/poly1305_vec.c:52: error: expected ')' before 'a'
~src/boringssl/crypto/poly1305/poly1305_vec.c:54: error: expected ')' before 'v'
~src/boringssl/crypto/poly1305/poly1305_vec.c: In function 'shr128_pair':
~src/boringssl/crypto/poly1305/poly1305_vec.c:59: error: 'uint128_t' undeclared (first use in this function)
~src/boringssl/crypto/poly1305/poly1305_vec.c:59: error: (Each undeclared identifier is reported only once
~src/boringssl/crypto/poly1305/poly1305_vec.c:59: error: for each function it appears in.)
~src/boringssl/crypto/poly1305/poly1305_vec.c:59: error: expected ')' before 'hi'
~src/boringssl/crypto/poly1305/poly1305_vec.c: In function 'poly1305_first_block':
~src/boringssl/crypto/poly1305/poly1305_vec.c:194: error: 'uint128_t' undeclared (first use in this function)
~src/boringssl/crypto/poly1305/poly1305_vec.c:194: error: expected ';' before 'd'
~src/boringssl/crypto/poly1305/poly1305_vec.c:217: error: 'd' undeclared (first use in this function)
cc1: warnings being treated as errors
~src/boringssl/crypto/poly1305/poly1305_vec.c:217: error: implicit declaration of function 'add128'
~src/boringssl/crypto/poly1305/poly1305_vec.c:217: error: implicit declaration of function 'mul64x64_128'
~src/boringssl/crypto/poly1305/poly1305_vec.c:221: error: implicit declaration of function 'lo128'
~src/boringssl/crypto/poly1305/poly1305_vec.c:222: error: implicit declaration of function 'shr128'
~src/boringssl/crypto/poly1305/poly1305_vec.c:223: error: implicit declaration of function 'add128_64'
~src/boringssl/crypto/poly1305/poly1305_vec.c: In function 'CRYPTO_poly1305_finish':
~src/boringssl/crypto/poly1305/poly1305_vec.c:771: error: 'uint128_t' undeclared (first use in this function)
~src/boringssl/crypto/poly1305/poly1305_vec.c:771: error: expected ';' before 'd'
~src/boringssl/crypto/poly1305/poly1305_vec.c:809: error: 'd' undeclared (first use in this function)
make[2]: *** [crypto/poly1305/CMakeFiles/poly1305.dir/poly1305_vec.c.o] Error 1
make[1]: *** [crypto/poly1305/CMakeFiles/poly1305.dir/all] Error 2
make: *** [all] Error 2

环境为CentOs 6.7 x64、Kernel 2.6.32-573.7.1.el6.x86_64、CMake 2.8.12.2、gcc 4.4.7 20120313、Perl 5.10.1、Golang 1.5.1。按照上面的错误提示,貌似是gcc的原因?

官方要求的环境:

CMake 2.8.8 or later is required.

Perl 5.6.1 or later is required. On Windows, Strawberry Perl and MSYS Perl have both been reported to work. If not found by CMake, it may be configured explicitly by setting PERL_EXECUTABLE.

On Windows you currently must use Ninja to build; on other platforms, it is not required, but recommended, because it makes builds faster.

If you need to build Ninja from source, then a recent version of Python is required (Python 2.7.5 works).

On Windows only, Yasm is required. If not found by CMake, it may be configured explicitly by setting CMAKE_ASM_NASM_COMPILER.

A C compiler is required. On Windows, MSVC 12 (Visual Studio 2013) or later with Platform SDK 8.1 or later are supported. Recent versions of GCC and Clang should work on non-Windows platforms, and maybe on Windows too.

Go is required. If not found by CMake, the go executable may be configured explicitly by setting GO_EXECUTABLE.

然而我并没有看出哪里有问题,都符合要求。。

转载请注明转自:kn007的个人博客的《关于Nginx的SSL加密方式选择

donate
有所帮助?

Comments

17 Comments立即评论
  1. 哦哦哦哦哦

    1. MOD回复

      @hannah: 嗯嗯嗯嗯嗯

    2. @kn007: 你俩这对暗号呢 :lol:

    3. MOD回复

      @World: 貌似没对上,人家都不鸟我。

  2. 掩面遁走,看不懂的说。 :???: :???:

    1. MOD回复

      @啄木游弋: 额。别跑啊。

  3. LV5回复

    :o 打完酱油,走人……

    1. MOD回复

      @老杨: 不送,欢迎下次光临 :smile:

  4. 回复

    貌似现在已经有免费的SSL提供申请了

    1. MOD回复

      @微历史: 免费SSL一直都有啊,wosign、startssl等

  5. LV2回复

    相对于手机打开快那么一点

    我更在乎如何才能让别人有兴趣在手机上打开我的博客。。。。

    1. MOD回复

      @穹庐: :o 这确实是个问题

  6. 回复

    你试过GCC 5吗?

    1. MOD回复

      @..: 我现在都在用GCC 6了。

    2. MOD回复

      @..: BoringSSL现在编译没问题,我后面已有文章说到是gcc版本问题。

    3. 回复

      @kn007: 不过openssl和boringssl 两者的master分支已经tls1.3了,有没有考虑支持呢?

    4. MOD回复

      @ham: 当草案实行前夕,会考虑的。
      在目前草案未完全实施并仍有修改情况,由于lua-nginx-module无法支持最新版openssl,我暂时不考虑支持。

icon_wink.gificon_neutral.gificon_mad.gificon_twisted.gificon_smile.gificon_eek.gificon_sad.gificon_rolleyes.gificon_razz.gificon_redface.gificon_surprised.gificon_mrgreen.gificon_lol.gificon_idea.gificon_biggrin.gificon_evil.gificon_cry.gificon_cool.gificon_arrow.gificon_confused.gificon_question.gificon_exclaim.gif