You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by Hildegard Meier <da...@gmx.de> on 2016/06/09 07:19:00 UTC

Important SSL ciphers undocumented

Hello,

regarding the page 

https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite

(using Apache 2.4.7 and openssl 1.0.1f)

I am missing some ciphers (or aliases?), which are really important to mention, I think, since they provide better security:

AESCGM (no mentioning of CGM at all)

ECDHE

I would suggest the sentence "Newer openssl versions may include additional ciphers." to be written _bold_, to pretend confusion.

I would suggest to add a column "available with openssl version" in the tag table.

It's confusing for me what is the relation between DHE and EDH. E.g.

openssl ciphers -v 'DHE'
Error in cipher list
139664124364448:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:

openssl ciphers -v 'EDH'
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
[...]

So querying DHE gives an error, and querying EDH outputs DHE ciphers ? Why that?


I have read this documentation about the SSLCiphersuite directive many times now, but the whole thing is still very confusing to me. Also other websites regarding forward secrecy and Apache cipher optimisation are very complex and vague.

Little bit OT:
Such a huge amount of ciphers and the high complexity of the permutual combinations of Key Exchange, Authentication, Cipher Encoding, MAC Digest algorithms, and their (not clearly defined) aliases is insecure by design, IMHO!

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

Re: Important SSL ciphers undocumented

Posted by Luis Gil de Bernabé <lj...@googlemail.com>.

Hi,
i wouldn't recommend you to use the 1.0.1f version, since it has a CVE-2016-2107



On 9 June 2016 at 09:19, Hildegard Meier <da...@gmx.de> wrote:
>
> Hello,
>
> regarding the page
>
> https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite
>
> (using Apache 2.4.7 and openssl 1.0.1f)
>
> I am missing some ciphers (or aliases?), which are really important to mention, I think, since they provide better security:
>
> AESCGM (no mentioning of CGM at all)
>
> ECDHE
>
> I would suggest the sentence "Newer openssl versions may include additional ciphers." to be written _bold_, to pretend confusion.
>
>
> I would suggest to add a column "available with openssl version" in the tag table.
>
> It's confusing for me what is the relation between DHE and EDH. E.g.

you can see here (second comment, for me its a good explanation)
http://openssl.6102.n7.nabble.com/EDH-vs-DHE-which-specifications-use-the-term-quot-EDH-quot-td47752.html


>
> openssl ciphers -v 'DHE'
> Error in cipher list
> 139664124364448:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:


try to update your openssl ;)
i have tried to do as you say and it gives me  the lists as folow :
apache@ubuntu:~$ openssl ciphers -v 'DHE'
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1


>
>
> openssl ciphers -v 'EDH'
> DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
> [...]
>
> So querying DHE gives an error, and querying EDH outputs DHE ciphers ? Why that?

and doing  your query above:

apache@ubuntu:~$ openssl ciphers -v 'EDH'
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1

As you can see, it gives me the same result, nothing changes...
 but, if you try a wrong query, for exapmle 'E' and then try out 'DEH'
that will give you an error... strange but true, you should think in
opne  a bugg issue  to the openssl team maybe im not sure what is
this; i was just messing around with openssl and found that weird
behaviour.

>
>
>
> I have read this documentation about the SSLCiphersuite directive many times now, but the whole thing is still very confusing to me. Also other websites regarding forward secrecy and Apache cipher optimisation are very complex and vague.
>
> Little bit OT:
> Such a huge amount of ciphers and the high complexity of the permutual combinations of Key Exchange, Authentication, Cipher Encoding, MAC Digest algorithms, and their (not clearly defined) aliases is insecure by design, IMHO!

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org