Mike Lim

Forward Secrecy in CentOS/RHEL 6.6

Discussion created by Mike Lim on Oct 31, 2014

There was an article at https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy that explains how to enable FS.

For CentOS/RHEL, some recompilation is required.

 

 

We just upgraded to CentOS 6.6 and now FS is supported for all modern browsers. Finally A+ rating.

Anyway, here are my settings for those interested.

 

Settings #1

SSLProtocol all -SSLv2 -SSLv3

SSLHonorCipherOrder on

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:!MEDIUM:!LOW

 

Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH 256 bits (eq. 3072 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)256

 

Quite a long list

 

 

Settings #2

SSLProtocol all -SSLv2 -SSLv3

SSLHonorCipherOrder on

SSLCipherSuite AES256+EECDH:AES256+EDH

 

 

Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH 256 bits (eq. 3072 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS256
This gives Cipher Strength of 100 and kills WinXP IE and Java support.
May not be the best CipherSuite combination, I am open to suggestions.

Outcomes