I am looking for guidance on ordering cipher suites from most secure to least secure.
I'm using Apache 2.2.x with latest OpenSSL 1.0.1g with SSLHonorCipherOrder On.
Ephemeral Diffie Hellman keys are limited to 1024 bits (because we can't upgrade to
Apache 2.4.7 yet).
1. Would TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 be preferred to
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256? The former uses Galois
Counter mode but uses only a 1024-bit ephemeral DH key, due to
our use of Apache 2.2. The latter does not use Galois Counter
Mode but has a stronger ephemeral key for key exchange and is
2. Would TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 be preferred to
TLS_RSA_WITH_AES_128_CBC_SHA256? The former has Forward Secrecy
but only a 1024-bit ephemeral DH key. The latter uses a 2048-bit
RSA key (in our case) but does not provide Forward Secrecy.
3. Is CAMELLIA as strong as AES for the same key length? Is it secure?
Any reason not to offer it?
4. Would TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA be preferred to
TLS_RSA_WITH_AES_128_CBC_SHA? The former has Forward Secrecy but
only a 1024-bit ephemeral DH key and only uses 3DES. The latter
has no Forward Secrecy but uses a 2048-bit RSA key (in our case)