How to Enable Perfect Forward Secrecy in Apache 2.2 on Debian Linux

By | 2013/06/26

Perfect Forward Secrecy requires Apache 2.2 on Debian Wheezy, or Apache 2.4+ for other distros.

Below is a good configuration to use which I have tested and used on Debian Wheezy:

SSLProtocol TLSv1 TLSv1.1 TLSv1.2 -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES256+EECDH:AES256+EDH	

This can then be tested on


A good reference is: Category: linux sysadmin Tags: , , , , , , , , ,

11 thoughts on “How to Enable Perfect Forward Secrecy in Apache 2.2 on Debian Linux

  1. S0me0ne

    THANKS! I’ve searched the whole day and found nothing about how to do it. Turns out, i’ve running Ubuntu with Apache 2.2.22. So this won’t work execpt I compile Apache 2.4 manually 🙁

    1. Scott Miller Post author

      There are a few Ubuntu PPAs with Apache 2.4 around if you are feeling risky. 🙂

  2. ryan

    thanks for this, I couldnt find it anywhere either. But for some reason SSLLabs tells me that I’m vulnerable to beast and that I dont use Forward Secrecy when I use these three lines. I’m not sure what is going on, yours seems to check out.

    1. ryan

      Never mind, I just realized that apache isn’t in the normal Arch repositories. It is only is the AUR, where you have to compile it from the source on your own.

  3. Alexandru


    Did you make any other changes after this post ? I tried your code with apache 2.2 and 2.4.4 and Forward Secrecy to work for all browsers while testing via

  4. Jesper

    PFS does in fact work on Apache 2.2. Please correct your misleading statement 🙂

    The only browser I havent been able to play with, is IE10, which states:

    Internet Explorer 10 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

    Other than that, all browsers are perfectly supported with PFS, on a stock Apache 2.2.22, via Ubuntu 12.04 LTS.

      1. Jesper


        The reporter states three conditions he needs satisfied, and thats not what this post is about – its just about enabling PFS, which _can_ be done in Apache 2.2, and is working beautifully.

        Also – as you probably know, the BEAST attack is vectored towards the client side. Just disable TLS 1.0 if you need to take care of that. Yes, IE will be broken in its default settings, but thats another headache.

        1. Scott Miller Post author

          Disabling TLS 1.0 is a bit drastic as it would kill off Firefox, IE, and perhaps other mobile browsers. (Though current Firefox nightlies are working in TLS 1.1 and 1.2 support.)


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.