Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

Solved

Cipher Configuration on Apache HTTPD

Posted on 2016-11-28

1 solution

Medium Priority

117 Views

Last Modified: 2016-11-30

Hello Experts:

I need to configure Apache HTTPD to only take the following ciphers:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

This is what I have in my ssl.conf configuration file:

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES128+EECDH:AES128+EDH:!3DES:!DES

I am confused on how to translate the above ciphers into the proper Apache syntax.

Apache/2.2.15
CentOS release 6.5 (Final)

OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"

Thanks.

Comment

Question by:willie0-360

[X]

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

Help others & share knowledge
Earn cash & points
Learn & ask questions

Join The Community

4 Comments

LVL 14

Accepted Solution

by:Phil Phillips

Phil Phillips earned 2000 total points

ID: 419049222016-11-28

Apache uses the format that OpenSSL uses. This page has a translation from the specification name to the OpenSSL equivalent: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

So, in your case, the SSLCipherSuite line would look like:

SSLCipherSuite ECDHE-RSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA

Open in new window

Author Comment

by:willie0-360

ID: 419049712016-11-28

That looks very promising Phil. By any chance, can you help me understand what these other expressions mean:

(0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS

(0x35)

(0x2f)

Thanks very much.

LVL 14

Expert Comment

by:Phil Phillips

ID: 419049962016-11-28

ECDH refers to the encryption protocol (Elliptic curve Diffie–Hellman)
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy

I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.

Author Comment

by:willie0-360

ID: 419079642016-11-30

Thanks a lot for your help.
It worked!
Excellen!
Grade: A

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Simple Implementation of .NET Array/List's Generic FindAll Method in Java

Article by: Kevin

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all. Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …

Java

Closures in Java 7 - does a new era start for the language?

Article by: Venabili

Java had always been an easily readable and understandable language. Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…

Java

Troubleshooting

Video by: Michael

Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…

How to fix incompatible JVM issue while installing Eclipse

Video by: Durga Charan

How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…