Danbooru web server: security and performance tweaks

SSL/TLS:

• The Danbooru web server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and can therefore be considered insecure. Fix: OpenSSL 1.0.2 users should upgrade to at least 1.0.2h and OpenSSL 1.0.1 users should upgrade to at least 1.0.1t.

• The web server server accepts the broken RC4 cipher (only with older protocol versions) in the following cipher suites: TLS_ECDHE_RSA_WITH_RC4_128_SHA & TLS_RSA_WITH_RC4_128_SHA. This is a minor issue, but in this day and age RC4 should be banned from the server configuration. An exception for this rule could be justified, if there were any important old clients accessing Danbooru over RC4. Fix: The Mozilla SSL Configuration Generator recommends this configuration for nginx 1.6.2 + OpenSSL 1.0.1t. This configuration will also guarantee Forward Secrecy with most modern clients. Warning: If the server admin wants to use HSTS, then he must be sure that he will be supporting HTTPS on whole site for a long period of time. HSTS might be overkill (also because Danbooru can still be accessed via plain HTTP ;D).

• Enable TLS Session Resumption for better performance (SSL/TLS nginx configuration overview).

ssl_session_timeout 4h;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;

• The intermediate certificate GeoTrust Global CA (SHA1 fingerprint: 7359755c6df9a0abc3060bce369564c8ec4542a3) signed by the Equifax root certificate (SHA1 fingerprint: d232­09ad­23d3­1423­2174­e40d­7f9d­6213­9786­633a) has a weak signature (SHA1withRSA). Furthermore, the Equifax root certificate was revoked by its certification authority because it uses a weak 1024 bit long RSA key. Fix: Remove the GeoTrust Global CA certificate (SHA1 fingerprint: 7359755c6df9a0abc3060bce369564c8ec4542a3) from the certificate chain. Afterwards the certificate chain should look like this. Possibly related: GitHub issue #2118

• Enable OCSP Stapling to improve user privacy (SSL/TLS nginx configuration overview). The content of the "root_CA_cert_plus_intermediates.pem" file should look like this. Safebooru's should look like this.

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates.pem;
resolver 8.8.8.8 8.8.4.4;

HTTP:

• Update NGINX to at least 1.9.5 to benefit from the HTTP/2 performance boost on modern clients (SSL/TLS nginx configuration overview).

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
...

Shouldn't you put all of this in the Github page under Issues?

tapnek said:

Shouldn't you put all of this in the Github page under Issues?

Please correct me if I am wrong, but isn't the GitHub issue tracker only meant for the Danbooru server software itself? The changes and issues listed above should be mostly web server related.

Update 1: I looked a little bit closer and found some related stuff on GitHub. Maybe I should just raise an issue over there (as you suggested).
Update 2: Now on GitHub!

I am bumping this thread because I want to ask if you would like the idea of making the subdomain danbooru.donmai.us only avaiable over HTTPS for a couple of days. The motivation behind this is a simple hardware performance test.

Benefits in case of a permanent switch:
Besides obvious privacy and security gains, HTTPS-only would also help to bypass some cookie problems as well as prevent the confusion caused by jumping between HTTPS and HTTP sessions.

Note: I am well aware that @albert has the last word here; thus, I will reconcile myself to this decision in case of performance problems, general disinterest or convincing counterarguments.

It never hurts to have a more secure web experience.
Besides, how bad could it actually be?

So what was changed with danbooru's HTTPS as of late? For a while now I haven't been able to access the site through it, gives me a "connection was reset" error. Not that I really mind, for the record. I never used HTTPS on this site, just other people's links from IRC and such have thrown me off.

It can't do any harm.

Maybe a dismissable message at the top would help explain what's going on. Wikimedia implemented universal https last year.

As far as I know --- no expert here, the only problems arise when the user's certificates are out of date, but that's down to the browser/operating system to keep the certificates up-to-date.

From the site perspective, Dreamhost earlier this year gave out free SSL certificates as standard, and the results are very good. Ultimately I ran a SQL query to make all the internal links match up, but I also cheated and used a WordPress plugin to ensure compliance --- however there have been no problems at all.

Kikimaru said:

It never hurts to have a more secure web experience.
Besides, how bad could it actually be?

@Kikimaru

It all depends on server hardware and visitor numbers (more information).

Ars said:

So what was changed with danbooru's HTTPS as of late? For a while now I haven't been able to access the site through it, gives me a "connection was reset" error. Not that I really mind, for the record. I never used HTTPS on this site, just other people's links from IRC and such have thrown me off.

@Ars

Sine 2016-06-17, HTTPS on danbooru.donmai.us and safebooru.donmai.us [1] does only work in combination with TLS 1.2 enabled clients. I have to admit that this is a pretty strict preset. In case Danbooru goes HTTPS-only, we should make the server backwards compatible to TLS 1.0.

Concerning your error message, please follow the instructions I gave to @Agent_3602.

[1] The sonohara and hijiribe subdomains offer invalid security certificates (see forum #116760).

Claverhouse said:

As far as I know --- no expert here, the only problems arise when the user's certificates are out of date, but that's down to the browser/operating system to keep the certificates up-to-date.

@Claverhouse

Yes, a good user should keep his OS up-to-date. Assuming that the manufacturer even provides updates long enough ... *evil stare at android fragmentation nightmare*

From the site perspective, Dreamhost earlier this year gave out free SSL certificates as standard, and the results are very good.

Made possible by Let's Encrypt. ^^

Like I said earlier, I agree only if it's temporary. Not all users can keep their hardware/software up to date, some users may not have access to https at all due to various reasons. Danbooru is not about money or business or confidential data, so it doesn't need mandatory https. Optional yes, those who want it will use it.

Type-kun said:

Like I said earlier, I agree only if it's temporary.

@Type-kun

The testing phase clarifies whether the server hardware is even capable of serving HTTPS-only. If it performed poorly, we should of course revert to serving HTTP and HTTPS simultaneously.

Type-kun said:

Not all users can keep their hardware/software up to date, some users may not have access to https at all due to various reasons.

If we support TLSv1, TLSv1.1 and TLSv1.2, everyone can access https://danbooru.donmai.us/ with at least Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1 and Windows XP IE8. Most of these browsers are older than 10 years.

Other reasons for preventing a user from accessing a HTTPS-only website can be the life in a totalitarian state like Saudi Arabia or the dependency on strictly limited local networks. But in most cases, these users wouldn't be able to access the whole domain in the first place. If your network is being monitored, do not try to access sites like Danbooru. Bad idea ...

We also have to remember that we are merely talking about enabling HTTPS-only for danbooru.donmai.us and safebooru.donmai.us. If there were some users out there who are browsing Danbooru with Netscape or some legacy IE, they could still enjoy this site by switching over to sonohara.donmai.us or hijiribe.donmai.us. Hell, we could even be HTTPS compatible to these users by enabling SSLv3 and 3DES. xD

Type-kun said:

Danbooru is not about money or business or confidential data, so it doesn't need mandatory https. Optional yes, those who want it will use it.

I don't really want to start a discussion about this topic because in today's world some people insist on making the whole web HTTPS-only and others say HTTPS is the devil.

Yes, Danbooru is certainly not a business or banking website, but you have to ask yourself the following. Would you print the most offensive content of this site on a shirt and wear it in public? If your answer is "NO", you must regard this content as confidential or private in some way. Therefore you should protect your privacy with reasonable effort. In most cases HTTPS-only is reasonable because today's hardware is build with encryption in mind.

reiyasona said:
.

Other reasons for preventing a user from accessing a HTTPS-only website can be the life in a totalitarian state like Saudi Arabia or the dependency on strictly limited local networks. But in most cases, these users wouldn't be able to access the whole domain in the first place. If your network is being monitored, do not try to access sites like Danbooru. Bad idea ...

Not even those brutal places alone. Considering my country has just had Mrs. May shoved over it...

reiyasona said:

If we support TLSv1, TLSv1.1 and TLSv1.2, everyone can access https://danbooru.donmai.us/ with at least Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1 and Windows XP IE8. Most of these browsers are older than 10 years.

Except, for example, Opera 12.16 on Linux, which is the latest presto version, shows critical error 40 for https://danbooru.donmai.us/ right now. Granted, I should blame Opera devs for updating only windows version to 12.18 which supports newer ciphers and resolves the error, but this doesn't cancel out that you are going to break access for some groups of users with mandatory HTTPS.

Other reasons for preventing a user from accessing a HTTPS-only website can be the life in a totalitarian state like Saudi Arabia ...

...or Russia and China, I guess, since danbooru is formally banned in both countries. Moreover, Russian ISPs are required to ban only specific pages, which our abomination of Internet regulator considers to be CP, but since they are unable to determine which page is requested over HTTPS, some ban the whole domain over HTTPS while allowing other pages over plain HTTP.

I use my own proxy to bypass it, and it doesn't perform well enough with HTTPS. Matter of configuration probably, throttling or whatever (since every image is also HTTPS), but yet another reason for me to oppose mandatory encryption.

If your network is being monitored, do not try to access sites like Danbooru. Bad idea ...

If people are willing to risk it, why deny them the opportunity? "Total control" doesn't care for shit about pressing charges against regular citizens. If they were willing to go at it, then it would be easier to wrap the whole country with a barbed wire.

I have no qualms with enabling HTTPS only from a performance perspective. But as you can see from this thread alone (which is honestly a small sample size) there is a balancing act to maintain between closing loop holes and providing accessibility.

Given the rather trivial nature of the content on this site, my inclination is to leave things open.

Don't get me wrong, I'm all for having strong encryption available. Just allow people to switch to HTTP if they need to.

Claverhouse said:

Not even those brutal places alone. Considering my country has just had Mrs. May shoved over it...

@Claverhouse

In the UK they won't forbid HTTPS. The government there is more likely to expand on mass surveillance, internet censorship and software/hardware backdooring. However, here in Germany we're not cutting a good figure either. Don't even get me started on topics like these ...

Type-kun said:

Except, for example, Opera 12.16 on Linux, which is the latest presto version, shows critical error 40 for https://danbooru.donmai.us/ right now. Granted, I should blame Opera devs for updating only windows version to 12.18 which supports newer ciphers and resolves the error, but this doesn't cancel out that you are going to break access for some groups of users with mandatory HTTPS.

@Type-kun

Opera 12.16 is supporting TLSv1.0, whereas Danbooru is accepting only TLSv1.2. I have already recommended the support of TLSv1.0.

Type-kun said:

...or Russia and China, I guess, since danbooru is formally banned in both countries. Moreover, Russian ISPs are required to ban only specific pages, which our abomination of Internet regulator considers to be CP, but since they are unable to determine which page is requested over HTTPS, some ban the whole domain over HTTPS while allowing other pages over plain HTTP.

There are a few more places on this planet where drawings are considered CP. In the UK they actually restricted "extreme" forms of real pornography ... "Evil men doing evil things to women! They should marry (bad contract with the government) and reproduce!" They might even try to ban Coffee Houses again. Just kidding ... xD

Type-kun said:

I use my own proxy to bypass it, and it doesn't perform well enough with HTTPS. Matter of configuration probably, throttling or whatever (since every image is also HTTPS), but yet another reason for me to oppose mandatory encryption.

You should try Tor.

Type-kun said:

If people are willing to risk it, why deny them the opportunity? "Total control" doesn't care for shit about pressing charges against regular citizens. If they were willing to go at it, then it would be easier to wrap the whole country with a barbed wire.

If some users want plain HTTP access, they can still use sonohara.donmai.us and hijiribe.donmai.us.

That last part gave me a good laugh. This is in a sense what was happening in Europe not too long ago. But since we have been paying our personal EU doorman (Turkey), we can lean back I guess ... (nope) :P

albert said:

But as you can see from this thread alone (which is honestly a small sample size) there is a balancing act to maintain between closing loop holes and providing accessibility.

@albert

We should put this to a test. I am convinced that we can serve HTTPS-only and make everyone happy at the same time.

To accomplish this, we would need to enable the following cipher suites and protocols:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

I forgot to mention the weak default 1024 DH parameters.

Please generate strong 2048 bit key exchange parameters by executing:

openssl dhparam 2048 -out dhparam.pem

Afterwards you can link the dhparam.pem file in your NGINX config:

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;

@reiyasona

reiyasona said:

@Claverhouse

In the UK they won't forbid HTTPS. The government there is more likely to expand on mass surveillance, internet censorship and software/hardware backdooring. However, here in Germany we're not cutting a good figure either. Don't even get me started on topics like these ...

Well, now, look at what's just turned up in the dear old Register:
UK gov says new Home Sec will have powers to ban end-to-end encryption

The new Home Secretary --- Minister of the Interior for non-Brits --- is the wholly laughable Amber Rudd. Along with the xenophobe Boris as Foreign Minister, and the Clinton/Trump Clown Carnival across the Atlantic, this is turning into Performance Art.

Heads up for users wondering what's behind the "HTTP/2 support available at https://danbooru.donmai.us" notification.

TL;DR: HTTP/2 support on Danbooru only with Firefox 35+ or Safari 9+.