willie0-360
asked on
Cipher Configuration on Apache HTTPD
Hello Experts:
I need to configure Apache HTTPD to only take the following ciphers:
TLS_ECDHE_RSA_WITH_AES_256 _CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_RSA_WITH_AES_256_CBC_S HA (0x35)
TLS_ECDHE_RSA_WITH_AES_128 _CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_RSA_WITH_AES_128_CBC_S HA (0x2f)
This is what I have in my ssl.conf configuration file:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES128+EECDH:AES128+EDH:!3 DES:!DES
I am confused on how to translate the above ciphers into the proper Apache syntax.
Apache/2.2.15
CentOS release 6.5 (Final)
OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"
Thanks.
I need to configure Apache HTTPD to only take the following ciphers:
TLS_ECDHE_RSA_WITH_AES_256
TLS_RSA_WITH_AES_256_CBC_S
TLS_ECDHE_RSA_WITH_AES_128
TLS_RSA_WITH_AES_128_CBC_S
This is what I have in my ssl.conf configuration file:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES128+EECDH:AES128+EDH:!3
I am confused on how to translate the above ciphers into the proper Apache syntax.
Apache/2.2.15
CentOS release 6.5 (Final)
OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ECDH refers to the encryption protocol (Elliptic curve Diffie–Hellman)
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy
I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy
I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
ASKER
Thanks a lot for your help.
It worked!
Excellen!
Grade: A
It worked!
Excellen!
Grade: A
ASKER
(0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
(0x35)
(0x2f)
Thanks very much.