The arrow of time

Ivan Voras' blog

Apache 2.2 and Perfect Forward Secrecy (PFS)

Update: apparently (I haven't tested it yet), Apache 2.2.26 finally supports ECDH cipher suites! The remainder of this blog post is not as usable any more and you can simply use some common SSLCipherSuite lines.

Using modern Perfect Forward Secrecy (PFS) cipher suites with #Apache 2.2 and #OpenSSL is not really possible in the general case. The best you can do is enable some DHE suites instead of the faster #ECDHE variants - for those you will need Apache 2.4.

About the best you can do to achieve the "A" rating on Qualys' SSL test and have PFS and BEAST mitigation for "many" (not all) users is to configure Apache like this:

SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:RC4-SHA

The point here being that you try to use stream ciphers and DHE as much as possible, and to fall back to plain old RC4 with RSA when nothing else works. Don't forget to update the SSLCipherSuite line when you upgrade to Apache 2.4 which supports ECDHE!

If you are using FreeBSD, you need to install OpenSSL from the ports to get the 1.0.1 version, and have "WITH_OPENSSL_PORT=yes" in your /etc/make.conf before recompiling APR and Apache.

#1 Re: Apache 2.2 and Perfect Forward Secrecy (PFS)

Added on 2013-10-23T17:21 by Sec

I used something similar to your config:

SSLEngine on SSLProtocol all -SSLv2 -SSLv3

SSLCompression off

SSLHonorCipherOrder on

SSLCipherSuite kEDH:HIGH:!MD5:!RC4:!3DES:!AES128:!CAMELLIA128:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL

But please note that disabling SSLv2/3 has the effect that some java versions will fail to connect and hang with an open connections sending useless data back-and-forth. This cost me a couple of hours debugging why using the SVN plugin in eclipse would suddenly just hang.

#2 Re: Apache 2.2 and Perfect Forward Secrecy (PFS)

Added on 2013-11-06T02:15 by Ivan Voras

That's one way to do it, but note that in your version you are not preferring AES stream-cipher (GCM) mode, which is very disirable nowadays (as opposed to the default CBC mode).

Post your comment here!

Your name:
Comment title:
Text:
Type "xxx" here:

Comments are subject to moderation and will be deleted if deemed inappropriate. All content is © Ivan Voras. Comments are owned by their authors... who agree to basically surrender all rights by publishing them here :)