A better SSL configuration for Apache 2
Tags: security, linux
RC4 with TLS has been broken for quite some time now, but I did not yet manage to make the switch. Having a little time on my hands, I decided to future-proof my Apache configuration.
Basically, what I want to do is:
- Disable ciphers for SSL that have known weaknesses. RC4, I am looking at you. DES, yes, you are
meant as well. This includes ciphers that are marked
- Use TLS 1.2 instead of the older versions.
- Enable “Perfect forward secrecy” to annoy the NSA. Yes, using encryption might make you a target. They also admitted to storing encrypted session data with the express purpose of maybe being able to decrypt it after obtaining the private key of the server. Good luck with that.
It took me a while to collate the necessary information, but I finally managed to arrive at the following configuration for Apache:
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLCompression Off
squeeze does not ship with OpenSSL 1.0 and Apache 2.4,
which means that not all ciphers are currently supported. Thus, perfect
forward secrecy will only work with a few choice browsers, but at least
the configuration is better than it was before.
Some references which proved very helpful:
- Hynek Schlawack's notes on hardening SSL ciphers
- The Apache documentation for
mod_ssl. I am liking to the most recent version altough my server does not support it yet.
- An interesting discussion on Information Security Stack Exchange. Thomas Pornin's answer was very detailed.