Finding the right ciphers with 256 bit alias crypto wars part nine

Finding a good cipher for your web server is not an easy task. openssl ciphers -v ALL:COMPLEMENTOFALL lists all the available ciphers on your system.
What we don’t want

  • SSLv3 that is no longer secure.
  • 128 bit encryption is too weak
  • no encrytion cipther ;)
  • DSS cipher for key auth
  • DHE-RSA-AES256-SHA is no longer secure
  • TLSv1 no longer secure
  • PSK ( pre shared key) cipher
  • CAMELLIA
  • CBC cipher because of the BEAST attack
  • RSA because of FREAK and SMACK and ROBOT
  • Au=None
  • AESCCM it is also a Cipher Block Chaining (CBC)

That gives us:

openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "SSLv3" | grep -v "(128)" | grep -v "Enc=None" | \
 grep -v "Au=DSS" | grep -v "DHE-RSA-AES256-SHA" | grep -v "TLSv1 " | grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | \
 grep -v "CAMELLIA" | grep -v "CBC" | grep -v "Au=RSA" | grep -v "Au=None" | grep -v "Enc=AESCCM"

now choose your poison.

Secure apache against CVE-2011-3389 aka Beast attack

During the summer rumours about a new attack against SSL started circulating (CVE-2011-3389).
As it turns out, the attack itself was conceived years ago, deemed impractical, but it was nevertheless fixed in TLS 1.1. The new attack technique introduced a few optimizations to make it practical.

In terms of mitigation, I expect this problem will be largely addressed on the client side, despite a potential compatibility problem that may cause some TLS sites to stop working.

With this config you can avoid that attack.

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL

#NO Longer needed cause since IE 7 this works ;) 
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

With OpenSSL 1.0.1 it must be

SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

Posts Tagged ssl

Archives by Month: