Since a few weeks the ssllabs server tests marks three more ciphers as CBC ciphers. Block ciphers are not secure. And flagged orange in the test results.
The candidates are
ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA
Removing them form the configuration also means removing the support for several older browsers.
The new recommended cipher suite is:
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
Thanks to Gregg for showing the other POLY 1305 ciphers that I didn’t know of until today. I saw you post at AL.
Update: I had to remove ECDHE-RSA-CHACHA20-POLY1305 and DHE-RSA-CHACHA20-POLY1305 since they are not HIPAA nor NIST compatible.
The TLS_AES_128_GCM_SHA256 ciphers is mandatory for TLS 1.3, but I kindly ignore that since I want only 256 bit encryption. This is not madness, this is crypto wars.
The whole configuration
<If "%{SERVER_PORT} == '443'">
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; preload"
</IfModule>
</If>
SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1
H2Direct On