?
Solved

Cipher Configuration on Apache HTTPD

Posted on 2016-11-28
4
Medium Priority
?
104 Views
Last Modified: 2016-11-30
Hello Experts:

I need to configure Apache HTTPD to only take the following ciphers:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

This is what I have in my ssl.conf configuration file:


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite  AES128+EECDH:AES128+EDH:!3DES:!DES

I am confused on how to translate the above ciphers into the proper Apache syntax.  

Apache/2.2.15
CentOS release 6.5 (Final)

OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"


Thanks.
0
Comment
Question by:willie0-360
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
Phil Phillips earned 2000 total points
ID: 41904922
Apache uses the format that OpenSSL uses.  This page has a translation from the specification name to the OpenSSL equivalent: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

So, in your case, the SSLCipherSuite line would look like:

SSLCipherSuite ECDHE-RSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA

Open in new window

0
 

Author Comment

by:willie0-360
ID: 41904971
That looks very promising Phil.  By any chance, can you help me understand what these other expressions mean:

(0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS

(0x35)

(0x2f)


Thanks very much.
0
 
LVL 14

Expert Comment

by:Phil Phillips
ID: 41904996
ECDH refers to the encryption protocol (Elliptic curve Diffie–Hellman)
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy

I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
0
 

Author Comment

by:willie0-360
ID: 41907964
Thanks a lot for your help.  
It worked!
Excellen!
Grade: A
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question