SSLCipherSuite settings in Apache for supporting TLS 1.0, 1.1 and 1.2
Solution 1
The following configuration is (or used to be) the best configuration according to SSLLabs:
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA"
It will, however, exclude all older browsers (including Opera Mini!), because it lacks non-PFS and RC4 cipher suites. You can append the following (before the closing quote, of course) to enable RC4, including a fallback (last entry) to RC4 without PFS:
:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA
You should encourage users to upgrade ASAP. RC4 is broken and should no longer be used, especially without PFS.
To achieve better grades, also send a HSTS header (for this to work, you need to enable mod_header):
Header always set Strict-Transport-Security "max-age=63072000;"
This configuration will not work for Apache <2.2.26, because it does not support Elliptic-curve cryptography.
Update:
Just checked, it’s still good for A+. :) I believe this requires a certificate with SHA256, though.
Update Oct 2015:
I recently found another generator for SSL configurations, provided by Mozilla. It orders ciphers so that Chrome doesn’t say you’re using a deprecated cipher suite.
Solution 2
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP:!kEDH
^^^^^^^^
Disabling SSLv3 cipher suites disables all cipher suites introduced with SSL3.0. Since these ciphers suites are also used with later SSL versions (TLS1.0+) and new cipher suites were mostly introduced with TLS1.2 this setting makes TLS1.0 and TLS1.1 unavailable because of no shared ciphers. Thus the protocol is effectively restricted to TLS1.2.
If you would call openssl ciphers -V <cipher> with your cipher string you would see, that all available ciphers require TLS1.2.
For example: openssl ciphers -V TLSv1.2.
Solution 3
I found this recommendation on Cipherli.st:
SSLCipherSuite AES128+EECDH:AES128+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
Related videos on Youtube
01 : 44
04 : 55
02 : 37
03 : 07
09 : 05
11 : 59
Comments
-
Kristian over 1 year
I have an Apache 2.4.7 web server running multiple domain names using a single IP address. As a result of the Poodle vulnerability, I added the following
SSLCipherSuiteline. It worked fine for a while, but users are reporting problems with accessing the page in Firefox. Asking the users to switch browsers is unfortunately not an option, so I need to change the settings to support TLS 1.0, 1.1 and 1.2.The current settings are:
<VirtualHost ZYX.XYZ.org:443> DocumentRoot /var/www/ZYX.XYZ/www ServerName ZYX.XYZ.org <Directory "/var/www/ZYX.XYZ/"> allow from all Options -Indexes </Directory> SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP:!kEDH SSLCertificateFile /etc/apache2/ssl/XYZ.org.crt SSLCertificateKeyFile /etc/apache2/ssl/XYZ.org.key SSLCACertificateFile /etc/apache2/ssl/gd_bundle-g2-g1.crt </VirtualHost>If we look at Qualys' test, we see that the server only supports TLS 1.2.
What would the appropriate settings be for enabling TLS 1.0, TLS 1.1 and TLS 1.2, so the site can support older browsers, and also maintain a decent level of security?
-
grove almost 4 yearsLink cipherli.st is not working.