Optimizing the SSL settings of Apache 2.4

After having configured Apache with Let's Encrypt certificates (see my previous post), we will now work on optimizing the SSL configuration of apache.

Note: the following instructions have been tested on Debian 8 with Apache 2.4 and OpenSSL 1.0.1

Prerequisites:
  • Apache2 is installed and configured with at least one Virtual host using mod_ssl
  • Basic knowledge of apache configuration
  • root password
Testing the current configuration:

The website SSL Labs allow you to test and rate your SSL configuration. With the default SSL configuration of apache 2.4, here are the results I got by testing this blog :
SSL lab resutls

B ... not too bad ... But I'm sure we can do better :-)

Optimizing the Cipher strength and browsers compatibility:

First of all, checking at the results, it seems that we have an issue with the Ciphersuite: we definitely need to modify it, but we don't want this to affect the compatibly with older browsers...

Mozilla's wiki suggests 3 different configurations :

  • Modern (Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8 )
  • Intermediate (Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7)
  • Old (Windows XP IE6, Java 6 )

I chose the Intermediate configuration because it was a good compromise between browser compatibility and security.

Once you have chosen your configuration, open the apache configuration file for the SSL module:

sudo vi /etc/apache2/mods-available/ssl.conf  

search for the setting "CipherSuite" and update its value accordingly with the configuration chosen:

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SH    A256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES12    8-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:E    CDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-R    SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-    AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DH    E-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3    -SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-    GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DE    S-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC    3-SHA:!KRB5-DES-CBC3-SHA  

then restart Apache

sudo apachectl graceful  

and test again with SSL labs !
Much Better isn't it ? :-)
now we have an "A-", but we do want an "A" don't we ?

Forward Secrecy support

The reason why we have an "A-" is explained in this warning message:
"The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-."

for more information about Forward Secrecy, please check the following link

In order to make apache support the forward secrecy, you just need to change one setting in Apache SSL configuration file...

Open the conf file:

sudo vi /etc/apache2/mods-available/ssl.conf  

and add the following line (or uncomment if it exists)

SSLHonorCipherOrder on  

then restart Apache

sudo apachectl graceful  

lets test one more time with SSL labs ! and tadaaaa !
now we have an "A" !

Please note that this rating has been obtained starting from a fresh install of Debian 8 and from the default configuration files of Apache 2.4. Many other settings of Apache (such as SSLProtocol) or openssl could give you very different results. in any cases, follow the tips given by SSLlabs.

For future reference, please find below the content of my ssl.conf file :

SSLRandomSeed startup builtin  
SSLRandomSeed  startup file:/dev/urandom 512  
SSLRandomSeed connect builtin  
SSLRandomSeed connect file:/dev/urandom 512

AddType application/x-x509-ca-cert .crt  
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase

SSLSessionCache         shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)  
SSLSessionCacheTimeout  300

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SH    A256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES12    8-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:E    CDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-R    SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-    AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DH    E-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3    -SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-    GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DE    S-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC    3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

SSLProtocol all -SSLv3