Configure Apache SSL Cipher Suites for Best Security

By | 2013/01/25

Apache can be configured to use various SSL Cipher suites. For best security, set Apache SSL settings to use only the highest grade security ciphers. It has become common practice to also set the server to prefer an RC4-SHA cipher both for speed (it’s fast!) as well as a fix against the BEAST attack.

Google, for example uses an RC4 cipher by default as their preferred SSL cipher as do many other shops.

I’ll show you how to configure this in apache!


On Debian or Ubuntu, edit the following file:

$ sudo nano /etc/apache2/mods-available/ssl.conf

Red Hat / CentOS, edit this file:

$ sudo nano /etc/httpd/conf.d/ssl.conf


Put in the following configuration, save, then restart apache:

SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH

SSLProtocol all -SSLv2

Done!

10 thoughts on “Configure Apache SSL Cipher Suites for Best Security

    1. Scott Miller Post author

      Cool looks good, but those settings will not prefer that RC4 cipher. Otherwise pretty similar re: ciphers.

      There is no need to specify SSLCompression off as this is the default.


      $ openssl ciphers -v 'HIGH:!aNULL:!SSLv2:!MD5:@STRENGTH'

      DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
      DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
      AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
      EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
      EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
      DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
      DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
      DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
      AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

      $ openssl ciphers -v 'RC4-SHA:HIGH:!ADH'

      RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
      DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
      DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
      AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
      DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
      DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
      AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
      EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
      EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
      DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
      DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5

      Reply
      1. htt

        Wouldn’t the duraconf be a better fit for the title “Best security” or did you mean “best speed”?

        Reply
        1. Scott Miller Post author

          Nope. 🙂

          duraconf’s SSL cipher settings leave you vulnerable to the BEAST attack, if that is a concern by not preferring RC4.

          Otherwise the SSL cipher suites (the focus of this post) are pretty similar as shown in my comment above.

          I did (and do) mean best security for SSL ciphers. 🙂

          Cheers,

          Reply
          1. htt

            Good point 🙂 Had to go check my own set up, probably would have helped had i done this first…..


            SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

            Similar to what you suggest but drops


            DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5

  1. htt

    Seeing as we are making sure we mitigate BEAD, Might want to add CRIME prevention too by adding the following to config

    SSLCompression off

    Reply
      1. Scott Miller Post author

        The Apache default for SSLCompression is off so there is no need to specify that now. Here is the upstream bug report discussion.

        Distros rolled out Apache backported patches to disable SSLCompression by default as well after the CRIME buzz (ex ubuntu). So if you are up to date on your Apache updates for your distro, you are all set.

        Hope this helps,

        Reply
        1. Scott Miller Post author

          Edit: For Red Hat / CentOS, see this bugreport re: CRIME

          “Adding the following line to the /etc/sysconfig/httpd file:

          export OPENSSL_NO_DEFAULT_ZLIB=1

          and restarting the httpd service disables the use of SSL/TLS compression in mod_ssl and the compression will not be negotiated even when connecting client supports it.”

          Reply
  2. Areeb

    These settings get an A on SSL Labs test tool:SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS”
    SSLProtocol -all +TLSv1.2 -SSLv3 -SSLv2

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.