SSLCipherSuite settings in Apache for supporting TLS 1.0, 1.1 and 1.2

apache-http-serverhttpsopensslsslssl-certificate

I have an Apache 2.4.7 web server running multiple domain names using a single IP address. As a result of the Poodle vulnerability, I added the following SSLCipherSuite line.
It worked fine for a while, but users are reporting problems with accessing the page in Firefox. Asking the users to switch browsers is unfortunately not an option, so I need to change the settings to support TLS 1.0, 1.1 and 1.2.

The current settings are:

<VirtualHost ZYX.XYZ.org:443>
DocumentRoot /var/www/ZYX.XYZ/www
ServerName ZYX.XYZ.org

<Directory "/var/www/ZYX.XYZ/">
  allow from all
  Options -Indexes
</Directory>

SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP:!kEDH
SSLCertificateFile /etc/apache2/ssl/XYZ.org.crt
SSLCertificateKeyFile /etc/apache2/ssl/XYZ.org.key
SSLCACertificateFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

If we look at Qualys' test, we see that the server only supports TLS 1.2.

What would the appropriate settings be for enabling TLS 1.0, TLS 1.1 and TLS 1.2, so the site can support older browsers, and also maintain a decent level of security?

Best Answer

The following configuration is (or used to be) the best configuration according to SSLLabs:

SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA"

It will, however, exclude all older browsers (including Opera Mini!), because it lacks non-PFS and RC4 cipher suites. You can append the following (before the closing quote, of course) to enable RC4, including a fallback (last entry) to RC4 without PFS:

:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA

You should encourage users to upgrade ASAP. RC4 is broken and should no longer be used, especially without PFS.

To achieve better grades, also send a HSTS header (for this to work, you need to enable mod_header):

Header always set Strict-Transport-Security "max-age=63072000;"

This configuration will not work for Apache <2.2.26, because it does not support Elliptic-curve cryptography.

Update:
Just checked, it’s still good for A+. :) I believe this requires a certificate with SHA256, though.

Update Oct 2015:
I recently found another generator for SSL configurations, provided by Mozilla. It orders ciphers so that Chrome doesn’t say you’re using a deprecated cipher suite.

Related Question