[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cipher Configuration on Apache HTTPD

Posted on 2016-11-28
4
Medium Priority
?
133 Views
Last Modified: 2016-11-30
Hello Experts:

I need to configure Apache HTTPD to only take the following ciphers:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

This is what I have in my ssl.conf configuration file:


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite  AES128+EECDH:AES128+EDH:!3DES:!DES

I am confused on how to translate the above ciphers into the proper Apache syntax.  

Apache/2.2.15
CentOS release 6.5 (Final)

OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"


Thanks.
0
Comment
Question by:willie0-360
  • 2
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
Phil Phillips earned 2000 total points
ID: 41904922
Apache uses the format that OpenSSL uses.  This page has a translation from the specification name to the OpenSSL equivalent: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

So, in your case, the SSLCipherSuite line would look like:

SSLCipherSuite ECDHE-RSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA

Open in new window

0
 

Author Comment

by:willie0-360
ID: 41904971
That looks very promising Phil.  By any chance, can you help me understand what these other expressions mean:

(0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS

(0x35)

(0x2f)


Thanks very much.
0
 
LVL 15

Expert Comment

by:Phil Phillips
ID: 41904996
ECDH refers to the encryption protocol (Elliptic curve Diffie–Hellman)
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy

I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
0
 

Author Comment

by:willie0-360
ID: 41907964
Thanks a lot for your help.  
It worked!
Excellen!
Grade: A
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn different types of Android Layout and some basics of an Android App.
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
Suggested Courses
Course of the Month19 days, 15 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question