Welcome to my world
With the upcoming mod_h2 the httpd apache module for HTTP/2.0 support there is a must to have ECDHE-RSA-AES128-GCM-SHA256 in the SSLCipherSuite[1]. So SSLHonorCipherOrder Off can’t be used. That leaves the connection with only 128 bit encryption instead of 256 bit.
My hope is that the browsers will support soon a 256 Cipher
[1] https://http2.github.io/http2-spec/#rfc.section.9.2.2
Choosing the correct SSL cipher can be very difficult. Having the best encryption, still fast, having a “Modern compatibility”.
The current best solustion is with all browsers to have 256 bit encryption ( Chrome is currently the only browser that uses only 128 bit with this config).
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
— Edit —
Chrome might barf about a not modern config, hoever the encryption is not 256 in all cases. That is why I switched back to
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
There is a relative new attack: the freak attack. How ever the proven apache config from https://mariobrandt.de/archives/apache/current-2013-bullet-proof-ssl-config-779/ still works.
— update —
see https://mariobrandt.de/archives/apache/sslciphersuite-alias-crypto-wars-945/
With CVE-2014-8730 the POODLE attack is back. However with the right config it is not an issue. https://mariobrandt.de/archives/apache/current-2013-bullet-proof-ssl-config-779/ is still the right config for this :) Make sure that your server is bullet proof, too.
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
How to achieve apache with a bullet proof SSL config and HTTP Strict Transport Security (HSTS) with long duration
Here is goes
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15553000; includeSubDomains" </IfModule> SSLUseStapling on SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000) SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000) SSLOptions +StrictRequire +StdEnvVars -ExportCertData SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
This gives a A+ at Qualys SSL Labs SSL Test.
Now in December 2013 the best available SSL config with a 4096 bit RSA Key and httpd Apache 2.4.7 with OpenSSL/1.0.1e.
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000) SSLOptions +StrictRequire +StdEnvVars -ExportCertData SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
YES Windows XP is no longer supported with this. But for me there is no more need to do so.
The SSL Test Lap Test shows a very good result. The Cipher Strength is at 100%. So any browser will use a 256 bit encrypted connection to that server.