SSLCipherSuite
SSLCipherSuite cipher-spec Default: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP Server config, virtual host, directory, .htaccess Override: AuthConfig Apache v2 0nly
Unless the webmaster has reason to be paranoid about security, this directive can be ignored.
This complex directive uses a colon-separated
cipher-spec string consisting of OpenSSL cipher
specifications to configure the Cipher Suite the client is permitted
to negotiate in the SSL handshake phase. Notice that this directive
can be used both in per-server and per-directory context. In
per-server context it applies to the standard SSL handshake when a
connection is established. In per-directory context it forces an SSL
renegotiation with the reconfigured Cipher Suite after the HTTP
request was read but before the HTTP response is sent.
An SSL cipher specification in cipher-spec is
composed of four major components plus a few extra minor ones. The
tags for the key-exchange algorithm component, which includes RSA and
Diffie-Hellman variants, are shown in Table 11-4.
Table 11-4. Key-exchange algorithms
|
Tag |
Description |
|---|---|
|
|
RSA key exchange |
|
|
Diffie-Hellman key exchange with RSA key |
|
|
Diffie-Hellman key exchange with DSA key |
|
|
Ephemeral (temporary key) Diffie-Hellman key exchange (no certificate) |
The tags for the authentication algorithm component, which includes RSA, Diffie-Hellman, and DSS, are shown in Table 11-5.
Table 11-5. Authentication algorithms
|
Tag |
Description |
|---|---|
|
|
No authentication |
|
|
RSA authentication |
|
|
DSS authentication |
|
|
Diffie-Hellman authentication |
The tags for the cipher encryption algorithm component, which includes DES, Triple-DES, RC4, RC2, and IDEA, are shown in Table 11-6.
Table 11-6. Cipher encoding algorithms
|
Tag |
Description |
|---|---|
|
|
No encoding |
|
|
DES encoding |
|
|
Triple-DES encoding |
|
|
RC4 encoding |
|
|
RC2 encoding |
|
|
IDEA encoding |
The tags for the MAC digest algorithm component, which includes MD5, SHA, and SHA1, are shown in Table 11-7.
Table 11-7. MAC digest algorithms
|
Tag |
Description |
|---|---|
|
|
MD5 hash function |
|
|
SHA1 hash function |
|
|
SHA hash function |
An SSL cipher can also be an export cipher and is either an SSLv2 or SSLv3/TLSv1 cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use, one can either specify all the ciphers, one at a time, or use the aliases shown in Table 11-8 to specify the preference and order for the ciphers.
Table 11-8. Cipher aliases
|
Tag |
Description |
|---|---|
|
|
All SSL Version 2.0 ciphers |
|
|
All SSL Version 3.0 ciphers |
|
|
All TLS Version 1.0 ciphers |
|
|
All export ciphers |
|
|
All 40-bit export ciphers only |
|
|
All 56-bit export ciphers only |
|
|
All low-strength ciphers (no export, single DES) |
|
|
All ciphers with 128-bit encryption |
|
|
All ciphers using Triple-DES |
|
|
All ciphers using RSA key exchange |
|
|
All ciphers using Diffie-Hellman key exchange |
|
|
All ciphers using Ephemeral Diffie-Hellman key exchange |
|
|
All ciphers using Anonymous Diffie-Hellman key exchange |
|
|
All ciphers using DSS authentication |
|
|
All ciphers using no encryption |
These tags can be joined together with prefixes to form the
cipher-spec. Available prefixes are the following:
none
Add cipher to list
+
Add ciphers to list and pull them to current location in list
-
Remove cipher from list (can be added later again)
!
Kill cipher from list completely (cannot be added later again)
A simpler way to look at all of this is to use the openssl
ciphers -v command, which provides a way to create the
correct cipher-spec string:
$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP' NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 ... ... ... ... ... EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The default cipher-spec string is
"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP",
which means the following: first, remove from consideration any
ciphers that do not authenticate, i.e., for SSL only the Anonymous
Diffie-Hellman ciphers are removed. Next, use ciphers using RC4 and
RSA. Next, include the high-, medium-, and then the low-security
ciphers. Finally, pull all SSLv2 and export ciphers to the end of the
list.
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
The complete lists of particular RSA and Diffie-Hellman ciphers for SSL are given in Tables Table 11-9 and Table 11-10.
Table 11-9. Particular RSA SSL ciphers
|
Cipher Tag |
Protocol |
Key Ex. |
Auth. |
Enc. |
MAC |
Type |
|---|---|---|---|---|---|---|
|
|
SSLv3 |
RSA |
RSA |
3DES(168) |
SHA1 | |
|
|
SSLv2 |
RSA |
RSA |
3DES(168) |
MD5 | |
|
|
SSLv3 |
RSA |
RSA |
IDEA(128) |
SHA1 | |
|
|
SSLv3 |
RSA |
RSA |
RC4(128) |
SHA1 | |
|
|
SSLv3 |
RSA |
RSA |
RC4(128) |
MD5 | |
|
|
SSLv2 |
RSA |
RSA |
IDEA(128) |
MD5 | |
|
|
SSLv2 |
RSA |
RSA |
RC2(128) |
MD5 | |
|
|
SSLv2 |
RSA |
RSA |
RC4(128) |
MD5 | |
|
|
SSLv3 |
RSA |
RSA |
DES(56) |
SHA1 | |
|
|
SSLv2 |
RSA |
RSA |
RC4(64) |
MD5 | |
|
|
SSLv2 |
RSA |
RSA |
DES(56) |
MD5 | |
|
|
SSLv3 |
RSA(512) |
RSA |
DES(40) |
SHA1 |
export |
|
|
SSLv3 |
RSA(512) |
RSA |
RC2(40) |
MD5 |
export |
|
|
SSLv3 |
RSA(512) |
RSA |
RC4(40) |
MD5 |
export |
|
|
SSLv2 |
RSA(512) |
RSA |
RC2(40) |
MD5 |
export |
|
|
SSLv2 |
RSA(512) |
RSA |
RC4(40) |
MD5 |
export |
|
|
SSLv3 |
RSA |
RSA |
None |
SHA1 | |
|
|
SSLv3 |
RSA |
RSA |
None |
MD5 |
Table 11-10. Particular Diffie-Hellman ciphers
|
Cipher Tag |
Protocol |
Key Ex. |
Auth. |
Enc. |
MAC |
Type |
|---|---|---|---|---|---|---|
|
|
SSLv3 |
DH |
None |
3DES(168) |
SHA1 | |
|
|
SSLv3 |
DH |
None |
DES(56) |
SHA1 | |
|
|
SSLv3 |
DH |
None |
RC4(128) |
MD5 | |
|
|
SSLv3 |
DH |
RSA |
3DES(168) |
SHA1 | |
|
|
SSLv3 |
DH |
DSS |
3DES(168) |
SHA1 | |
|
|
SSLv3 |
DH |
RSA |
DES(56) |
SHA1 | |
|
|
SSLv3 |
DH |
DSS |
DES(56) |
SHA1 | |
|
|
SSLv3 |
DH(512) |
RSA |
DES(40) |
SHA1 |
export |
|
|
SSLv3 |
DH(512) |
DSS |
DES(40) |
SHA1 |
export |
|
|
SSLv3 |
DH(512) |
None |
DES(40) |
SHA1 |
export |
|
|
SSLv3 |
DH(512) |
None |
RC4(40) |
MD5 |
export |