Re: Improving SSL config

[Kaspar Brand <ht...@velox.ch>]

On 29.09.2011 16:31, Rainer Jung wrote:
>  #   SSL Cipher Suite:
>  #   List the ciphers that the client is permitted to negotiate.
>  #   See the mod_ssl documentation for a complete list.
> -SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> +SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL

Alternatively, it could be configured with a somewhat shorter

  SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5

(This produces the same list, but is more "whitelist based". We
still have to ban aNULL and MD5, though.)

> Furthermore I wonder whether we should activate the SSLHonorCipherOrder
> in this config by default - at least for trunk. At the moment it is
> commented out.

That mostly depends on what SSLCipherSuite is set to, IMO. If RC4-SHA
and AES128-SHA appear at the beginning, then turning on
SSLHonorCipherOrder effectively means giving up perfect forward secrecy
for many connections, as both of these cipher suites use RSA for key
exchange.

For Windows browsers which use Schannel for SSL/TLS - IE, most notably
-, this doesn't make a real difference, that's true (Schannel has
TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_RC4_128_SHA at the
beginning of its default list). But OTOH browsers using Mozilla NSS,
such as Firefox or Chrome, have suites with [EC]DHE key exchanges before
those with RSA. In that latter case, turning SSLHonorCipher on makes
these users lose PFS.

> For 2.2.x it is possible people use OpenSSL older than 0.9.6 and the
> directive will not work then.

SSL_OP_CIPHER_SERVER_PREFERENCE was added to OpenSSL 0.9.7, to be
precise. As ssl_cmd_SSLHonorCipherOrder() will hard fail in that case,
turning it on has the risk of shipping a default config which fails to load.

Kaspar