Solved

Cipher Configuration on Apache HTTPD

Posted on 2016-11-28
4
93 Views
Last Modified: 2016-11-30
Hello Experts:

I need to configure Apache HTTPD to only take the following ciphers:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

This is what I have in my ssl.conf configuration file:


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite  AES128+EECDH:AES128+EDH:!3DES:!DES

I am confused on how to translate the above ciphers into the proper Apache syntax.  

Apache/2.2.15
CentOS release 6.5 (Final)

OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"


Thanks.
0
Comment
Question by:willie0-360
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
Phil Phillips earned 500 total points
ID: 41904922
Apache uses the format that OpenSSL uses.  This page has a translation from the specification name to the OpenSSL equivalent: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

So, in your case, the SSLCipherSuite line would look like:

SSLCipherSuite ECDHE-RSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA

Open in new window

0
 

Author Comment

by:willie0-360
ID: 41904971
That looks very promising Phil.  By any chance, can you help me understand what these other expressions mean:

(0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS

(0x35)

(0x2f)


Thanks very much.
0
 
LVL 14

Expert Comment

by:Phil Phillips
ID: 41904996
ECDH refers to the encryption protocol (Elliptic curve Diffie–Hellman)
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy

I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
0
 

Author Comment

by:willie0-360
ID: 41907964
Thanks a lot for your help.  
It worked!
Excellen!
Grade: A
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question