preface

Share a zhuo Jian cloud more customers encountered HTTPS optimization case.

With the introduction of strict measures such as “unsafe” and red page warning on HTTP protocol by relevant browsers, as well as mandatory HTTPS requirements on ATS of iOS applications and small programs of wechat and Alipay, as well as requirements on transmission security in terms of compliance, such as level protection, are promoting the development of HTTPS.

Although HTTPS improves the web experience (against hijacking) and makes the delivery more secure, many web owners who use HTTPS to rush to the web face problems such as slow page loading, high server load, and expired certificates.

So this article will discuss HTTPS optimization practices.

The selection

In fact, Web services like Apache Httpd, LigHttpd, Canddy and other software can set HTTPS, but in the corresponding extension ecology and update rate are inferior to Nginx. Nginx has gained widespread support as a Web portal for large Internet sites, such as Alibaba’s Tengine, CloudFlare’s Cloudflare-Nginx, and OpenResty, which is also used in the cloud, are all based on Nginx. Nginx is authenticated on a large scale. At the same time, people will also develop their own components back to the Nginx community, so that Nginx has a very good extension ecosystem.

Figure 1-1 Usage of Nginx on the entire network

Therefore, Nginx is a good Web service software, and the choice of Nginx can greatly reduce our expansion costs while improving performance.

New features

There are a lot of new features around Web services that need to be looked at and applied, so here are some of the new features.

HTTP/2

Compared to the old HTTP/1.x, HTTP/2 has major changes and optimizations in the underlying transport, including:

  1. Each server only uses one connection, saving the time of establishing multiple connections, which is especially effective in TLS
  2. To speed UP TLS delivery, HTTP/2 takes only one TLS handshake, achieving optimum performance through multiplexing over a connection
  3. More secure, more secure user information by reducing the performance penalty of TLS and enabling more applications to use TLS

In Akamai’s HTTP/2 DEMO, the advantages of HTTP/2 became apparent when loading 300 images. HTTP/2 took less than 1s of HTTP/ 1.x’s 14.8s.

HTTP/2 is now supported by most modern browsers. As long as we ensure that Nginx is greater than 1.9.5. Of course, it is recommended to keep the latest stable version of Nginx in order to update relevant patches. HTTP/2 also requires OpenSSL greater than 1.0.2 to support modern browsers.

The TLS 1.3

As well as HTTP/1.x, the currently supported TLS protocol versions 1.1 and 1.2, released in 2006 and 2008 respectively, have fallen behind The Times. In August 2018, IETF finally announced the release of the TLS 1.3 specification. Standards Track is defined in rfc8446.



TLS 1.3 has the following enhancements compared to previous versions:

  1. Handshake time: In the same case, TLSv1.3 has one less RTT than TLSv1.2
  2. Application data: 0-RTT is supported for sending application data in session multiplexing scenarios
  3. Handshake messages: all after ServerHello are ciphertext.
  4. Session reusing mechanism: The Session reusing based on the Session ID is deprecated and the Session reusing based on the PSK mechanism is adopted.
  5. Key algorithm: TLSv1.3 supports only the PFS (full forward security) key exchange algorithm. RSA is disabled. The symmetric key algorithm adopts only the AEAD encryption algorithm. The AES and RC4 algorithms in CBC mode are disabled.
  6. Key export algorithm: TLSv1.3 uses a newly designed algorithm called HKDF, while TLSv1.2 uses PRF algorithm. We will look at the differences between the two algorithms later.

OpenSSL 1.1.1 is an LTS version. In the future, RHEL8 and Debian10 will support TLS 1.3 as the main version. Implementation on Nginx requires Nginx 1.13+.

Brotli

Brotli is a lossless compression algorithm introduced by Google in September 2015. It uses variant LZ77 algorithm, Huffman coding and second-order text modeling to compress data, which is a compression method with high compression ratio.

According to a research report published by Google, Brotli has the following characteristics:

  1. Brotli performs 17-25% better than Gzip for common Web resource content;
  2. Brotli compression level 1 is the fastest, and the compression rate is higher than gzip compression level 9 (the highest).
  3. Brotli still provides very high compression rates when working with different HTML documents;

While compatible with GZIP, compared to GZIP:

  1. Zoom out 14% on JavaScript
  2. Shrunk by 21% in HTML
  3. Shrink by 17% on CSS

Brotli support must rely on HTTPS, but in other words Brotli can only be implemented with HTTPS.

ECC certificates

Elliptic Curve Cryptography (ECC), an algorithm for establishing public key encryption, based on Elliptic curve mathematics. The use of elliptic curves in cryptography was independently proposed by Neal Koblitz and Victor Miller in 1985.

A certificate with a built-in ECDSA public key is called an ECC certificate. A certificate with a built-in RSA public key is an RSA certificate. ECDHE Key exchange + ECDSA digital signature is undoubtedly the best choice because 256-bit ECC Key is the same as 3072-bit RSA Key in terms of security and ECC operation speed is faster. Under the same security conditions, the ECC algorithm requires shorter keys. Therefore, the ECC certificate file size is smaller than that of the RSA certificate.

The ECC certificate can not only be used in HTTPS scenarios, but can replace all RSA certificates, such as SSH key login and SMTP TLS sending.

However, there are two points to note when using ECC certificates:

Not all certificate types are supported. Generally, the issuing of ECC certificates is supported only for commercial certificates with enhanced words.

Second, ECC certificates may not be supported in some scenarios, because some products or software may not support ECC. In this case, dashed lines are required to solve the problem. For example, some old operating systems and browsers do not support ECC. You can use ECC+RSA dual-certificate mode to solve the problem.

The installation

Download the source code

With all the new features we’re going to use, let’s put together the requirements:

HTTP/2 requires Nginx 1.9.5+, OpenSSL 1.0.2+

TLS 1.3 requires Nginx 1.13+, OpenSSL 1.1.1+

Brotli requires HTTPS and adds extended support to Nginx

ECC dual certificates require Nginx 1.11+

For Nginx, I personally recommend 1.15+ because 1.14 already supports TLS1.3, but some advanced TLS1.3 features are only available in 1.15+.

Then we define the version number:

# Version OpenSSLVersion = 'openssl - 1.1.1 a'; NginxVersion = 'nginx - 1.14.1';Copy the code

Go to the official website to pay attention to the latest version:

Nginx.org/en/download…

www.openssl.org/source/

Github.com/eustas/ngx_…

Nginx

cd /opt
wget http://nginx.org/download/$nginxVersion.tar.gz
tar xzf $nginxVersion.tar.gzCopy the code

OpenSSL

cd /opt
wget https://www.openssl.org/source/$OpenSSLVersion.tar.gz
tar xzf $OpenSSLVersion.tar.gzCopy the code

Brotli

cd /opt
git clone https://github.com/eustas/ngx_brotli.git
cd ngx_brotli
git submodule update --init --recursiveCopy the code

compile

CD /opt/$nginxVersion/./configure \ --prefix=/usr/local/nginx \ ## --with-openssl=/opt/$OpenSSLVersion \ ## --with-openssl-opt=enable-tls1_3 \ ## Enable TLS 1.3 Support --with-http_v2_module \ ## Enable HTTP/2 --with-http_ssl_module ## Enable GZip compression --add-module=/opt/ngx_brotli ## Make && make install ## Build and install ngx_BroTliCopy the code

The following steps include setting variables, setting up services, and starting the startup process. This article introduces the compilation of Nginx in Ubuntu: www.mf8.biz/ubuntu-ngin… .

configuration

Next we need to modify the configuration file.

HTTP2

listen 443 ssl http2;Copy the code

Just add http2 to lisen 443 SSL under server{}. Since 1.15+, there is no need to write SSL on. If you use 1.15+, you will get an error when using the original configuration file.

The TLS 1.3

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;Copy the code

If you do not intend to continue supporting IE8, or some compliance requirements, you can remove TLSv1.

Then we modify the corresponding encryption algorithm and add the new algorithm introduced by TLS1.3:

ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-12 8-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECD H+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:! MD5;Copy the code

If you do not want to support Internet Explorer 8, you can remove Cipher Suite including 3DES.

Ssl_early_data on; ssl_early_data on; ssl_early_data; Command to enable 0-RTT support.

— — —

Experimental trial

As we all know, TLS1.3 due to the update for a long time, many browsers still only support the old version of the Draft version, such as 23, 26, 28 respectively on Chrome, FirFox support, on the other hand, the official version due to the Draft out for a long time, resulting in TLS1.3 compatibility on the browser a lot too good.

You can use github.com/hakasenyang… The provided OpenSSL Patch enables OpenSSL 1.1.1 to support both draft 23,26,28 and official output. However, since it is not an official script, stability and security are subject to consideration.

ECC double certificate

Double certificate configuration is very simple, ensure that the domain name certificate has RSA and ECC respectively can be.

Part # # certificate ssl_certificate/usr/local/nginx/conf/SSL/www.mf8.biz-ecc.crt; # certificate of ECC ssl_certificate_key/usr/local/nginx/conf/SSL/www.mf8.biz-ecc.key; # ECC key ssl_certificate/usr/local/nginx/conf/SSL/www.mf8.biz.crt; # ssl_certificate_key RSA certificate/usr/local/nginx/conf/SSL/www.mf8.biz.key; # RSA keyCopy the code

Brotli

Add the following code to the corresponding configuration file:

    brotli                     on;
    brotli_comp_level          6;
    brotli_min_length          1k;
    brotli_types               text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;Copy the code

In case you get confused, put a complete server{} for your reference:

server { listen 443 ssl http2; # enable HTTP /2 server_name mf8.biz www.mf8.biz; Part # certificate ssl_certificate/usr/local/nginx/conf/SSL/www.mf8.biz-ecc.crt; # certificate of ECC ssl_certificate_key/usr/local/nginx/conf/SSL/www.mf8.biz-ecc.key; # ECC key ssl_certificate/usr/local/nginx/conf/SSL/www.mf8.biz.crt; # sl_certificate_key RSA certificate/usr/local/nginx/conf/SSL/www.mf8.biz.key; Ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; keepalive_timeout 75s; keepalive_requests 100; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-1 28-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EEC DH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:! MD5'; 1. O-rtt ssl_early_data on; # GZip and Brotli GZip on gzip_comp_level 6; gzip_min_length 1k; gzip_types text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype; brotli on; brotli_comp_level 6; brotli_min_length 1k; brotli_types text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype; location / { root html; index index.html index.htm; }}Copy the code

Verify that the configuration file is correct:

nginx -tCopy the code

If the feedback is:

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successfulCopy the code

You can restart Nginx, and then go to the corresponding website to see the effect.

validation

HTTP/2

Using the browser’s developer tools, we can see whether h2 is displayed in Protocol in the Network column.

The TLS 1.3

As usual, you can check the Connection TAB to see if TLS 1.3 is displayed under the Security TAB of the developer tools in your browser

ECC double certificate

ECC dual certificate configuration is nothing more than authentication on older browser Settings. Here’s an old enough XP virtual machine to prove a wave.

On XP:

On modern operating systems:

Brotli

Using the developer tools of the browser, we can open the header of the specific page in the Network column and see the accept-Encoding with br in it.

conclusion

By doing so, you should be able to optimize the HTTPS experience a lot, and it will probably be faster than sites that don’t do HTTPS.

This mode is more suitable for the establishment of a single cloud server or a simple cluster. If SLB seven-layer agent, WAF, CDN and other products are applied, these operations may be in vain. These operations are self-built Web 7-layer services. If SLB 7-layer proxy, WAF and CDN are set, they will be overwritten before the cloud server.

Since products like SLB layer 7 and CDN tend to be more compatible and stable than the new features mentioned above (HTTP/2 is common), However, they are equipped with Ali Cloud’s Tengine external dedicated algorithm acceleration hardware such as Intel® QuickAssist Technology(QAT) accelerator which can significantly improve SSL/TLS handshake phase performance. All HTTPS encryption and decryption are performed on the SLB or CDN instead of the ECS, which significantly reduces the load of the ECS and improves the access experience.

At present, the network products on the cloud that can support layer 4 can continue to be compatible with our design, such as layer 4 forwarding (TCP UDP) of SLB and Layer 4 forwarding of high anti-ddos.

Insight into the clouds
huicute
www.mf8.biz