apache: Setup Mozilla recommended configuration

- TLS configuration as recommended by Mozilla's SSL Configuration Generator with
'Intermediate' configuration. See:
https://wiki.mozilla.org/Security/Server_Side_TLS

- Disable ciphers that are weak or without forward secrecy.

- Allow client to choose ciphers as they will know best if they have support for
hardware-accelerated AES.

- TLS session tickets (RFC 5077) require restarting web server with an
appropriate frequency. See:
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslsessiontickets

- Send OCSP responses to the client and reduce their round trips.

- No need to increment apache app version number as it has already been
incremented in this release cycle for enabling HTTP/2 module.

Tests:

- FreedomBox interface is reachable with the changes.

- ssllabs.com gives an A+ rating on a server with these changes.

  - All ciphers are shown as secure.

  - Forward Secrecy rating is ROBUST.

  - OCSP stapling shows as enabled.

  - Client support seems to match the expected after dropping <= TLS1.1.

  - Session resumption with tickets shows as disabled.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

actions/apache

@@ -129,6 +129,10 @@ def subcommand_setup(arguments):
         # Enable HTTP/2 protocol
         webserver.enable('http2', kind='module')
 
+        # Enable shared object cache needed for OSCP stapling. Needed by
+        # mod_ssl.
+        webserver.enable('socache_shmcb', kind='module')
+
         # switch to mod_ssl from mod_gnutls
         webserver.disable('gnutls', kind='module')
         webserver.enable('ssl', kind='module')

data/etc/apache2/conf-available/freedombox.conf

@@ -1,3 +1,36 @@
+## SPDX-License-Identifier: AGPL-3.0-or-later
+##
+## DO NOT EDIT. If you do, FreedomBox will not automatically upgrade.
+##
+## Apache configuration managed by FreedomBox. If customization is needed,
+## create a new configuration file with higher priority and override directives.
+##
+
+##
+## TLS configuration as recommended by Mozilla's SSL Configuration Generator
+## with 'Intermediate' configuration. See:
+## https://wiki.mozilla.org/Security/Server_Side_TLS
+##
+<IfModule mod_ssl.c>
+    # Disable ciphers that are weak or without forward secrecy.
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+
+    # Allow client to choose ciphers as they will know best if they have support
+    # for hardware-accelerated AES.
+    SSLHonorCipherOrder off
+
+    # TLS session tickets (RFC 5077) require restarting web server with an
+    # appropriate frequency. See:
+    # https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslsessiontickets
+    SSLSessionTickets off
+
+    # Send OCSP responses to the client and reduce their round trips.
+    <IfModule mod_socache_shmcb.c>
+        SSLUseStapling On
+        SSLStaplingCache "shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768)"
+    </IfModule>
+</IfModule>
+
 ##
 ## Enable HSTS, even for subdomains.
 ##