AnsweredAssumed Answered

Help understanding Apache SSLCipherSuite declarations

Question asked by Michael Peters on Aug 10, 2015
Latest reply on Aug 11, 2015 by Michael Peters

Okay I need help determing the best cipher order for Apache's SSLCipherSuite

 

The server is built against LibreSSL 2.2.2

 

Helping me is helping others, best practices documentation specific to my build will be up at

 

https://librelamp.com/

 

where a yum repository will make my project readily available (I am very good with RPM)

 

This project of mine is primarily hoping to help improve TLS implementations at hosting providers. My favorite web site in the world gets an "F" for many reasons. The owner pays for a hosting provider to handle things - old version of OpenSSL + poor configuration - and there is too much of that.

 

Anyway -

 

https://www.ssllabs.com/ssltest/analyze.html?d=librelamp.com

 

The IPv4 is LibreLAMP stack default configuration with only HSTS added to virtual hosts.

Way too many cipher suites. Especially since some historic exploits have involved MITM tricking web servers into using particular cipher suites, that clearly needs to be reduced.

 

The IPv6 is what I am playing with to figure things out and has the following added to the virtual host configuration:

 

SSLHonorCipherOrder on

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256"

 

That is based on https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

 

But that page is outdated as it allows RC4 ciphers in its list.

 

That results in an A+ but only TLS 1.2 clients are supported.

 

It also only supports 4 ciphers, so clearly some of the cipher suites listed in the directive aren't available in LibreSSL 2.2.2.

 

Other notes - in the IPv4 server, Android 5 uses TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)

When I connect's using the libressl command line utility - it also uses that cipher.

 

That cipher suite is not available in the IPv6 - I'm not even sure how to refer to it so it can be used, and that's the problem.

 

I'm trying to find documentation that helps map the suitable cipher declarations in SSLCipherSuite to the actual usable ciphers, so I can better educate myself and decide what the best order is and implement it.

 

Most of the TLS 1.0 clients supported by IPv4 virtual host used TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

 

That does provide FS. Is that best cipher suite for TLS 1.0 clients, or is the better one I need to add to the SSLCipherSuite declaration?

 

-=-

 

Nutshell - I don't care about IE <= 8, clients without NSI support, clients without proper FS support.

 

Without caring for them, I want the best cipher whitelist including support for older Android 4.x as some people using prepaid cellphones are stuck with it due to drivers.

 

But I don't just want a list, that would help - but I want to understand the list. I don't like not understanding the mapping of declarations to the ciphers used. Part of the problem is both google and bing seem to like to re-interpret my specified search queries when I search for technical documentation, even putting terms in quotes doesn't always work properly anymore. I am beginning to hate them.

 

Thank you for any assistance.

 

And a huge thank you to Qualsys SSL Labs. Before I found your test, I actually thought I knew what I was doing. And I think that is a large problem with security on the web.

Outcomes