The SSL protocol does not restrict clients and servers to a single encryption brew for the secure exchange of information. There are a number of possible cryptographic ingredients, but as in any cookpot, some ingredients go better together than others. The seriously interested can refer to Bruce Schneier's Applied Cryptography (John Wiley & Sons, 1995), in conjunction with the SSL specification (from http://www.netscape.com/ ). The list of cipher suites is in the OpenSSL software at ... /ssl/ssl.h. The macro names give a better idea of what is meant than the text strings.
SSLRequiredCiphers |
SSLRequiredCiphers cipher-list Server config, virtual hostl Not available in Apache v2
This directive specifies a colon-separated list of cipher suites, used by OpenSSL to limit what the client end can do. Possible suites are listed Table 11-3. This is a per-server option. For example:
SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA
OpenSSL name |
Config name |
Keysize |
Encrypted-Keysize |
---|---|---|---|
SSL3_TXT_RSA_IDEA_128_SHA |
IDEA-CBC-SHA |
128 |
128 |
SSL3_TXT_RSA_NULL_MD5 |
NULL-MD5 |
0 |
0 |
SSL3_TXT_RSA_NULL_SHA |
NULL-SHA |
0 |
0 |
SSL3_TXT_RSA_RC4_40_MD5 |
EXP-RC4-MD5 |
128 |
40 |
SSL3_TXT_RSA_RC4_128_MD5 |
RC4-MD5 |
128 |
128 |
SSL3_TXT_RSA_RC4_128_SHA |
RC4-SHA |
128 |
128 |
SSL3_TXT_RSA_RC2_40_MD5 |
EXP-RC2-CBC-MD5 |
128 |
40 |
SSL3_TXT_RSA_IDEA_128_SHA |
IDEA-CBC-MD5 |
128 |
128 |
SSL3_TXT_RSA_DES_40_CBC_SHA |
EXP-DES-CBC-SHA |
56 |
40 |
SSL3_TXT_RSA_DES_64_CBC_SHA |
DES-CBC-SHA |
56 |
56 |
SSL3_TXT_RSA_DES_192_CBC3_SHA |
DES-CBC3-SHA |
168 |
168 |
SSL3_TXT_DH_DSS_DES_40_CBC_SHA |
EXP-DH-DSS-DES-CBC-SHA |
56 |
40 |
SSL3_TXT_DH_DSS_DES_64_CBC_SHA |
DH-DSS-DES-CBC-SHA |
56 |
56 |
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA |
DH-DSS-DES-CBC3-SHA |
168 |
168 |
SSL3_TXT_DH_RSA_DES_40_CBC_SHA |
EXP-DH-RSA-DES-CBC-SHA |
56 |
40 |
SSL3_TXT_DH_RSA_DES_64_CBC_SHA |
DH-RSA-DES-CBC-SHA |
56 |
56 |
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA |
DH-RSA-DES-CBC3-SHA |
168 |
168 |
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA |
EXP-EDH-DSS-DES-CBC-SHA |
56 |
40 |
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA |
EDH-DSS-DES-CBC-SHA |
56 |
|
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA |
EDH-DSS-DES-CBC3-SHA |
168 |
168 |
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA |
EXP-EDH-RSA-DES-CBC |
56 |
40 |
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA |
EDH-RSA-DES-CBC-SHA |
56 |
56 |
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA |
EDH-RSA-DES-CBC3-SHA |
168 |
168 |
SSL3_TXT_ADH_RC4_40_MD5 |
EXP-ADH-RC4-MD5 |
128 |
40 |
SSL3_TXT_ADH_RC4_128_MD5 |
ADH-RC4-MD5 |
128 |
128 |
SSL3_TXT_ADH_DES_40_CBC_SHA |
EXP-ADH-DES-CBC-SHA |
128 |
40 |
SSL3_TXT_ADH_DES_64_CBC_SHA |
ADH-DES-CBC-SHA |
56 |
56 |
SSL3_TXT_ADH_DES_192_CBC_SHA |
ADH-DES-CBC3-SHA |
168 |
168 |
SSL3_TXT_FZA_DMS_NULL_SHA |
FZA-NULL-SHA |
0 |
0 |
SSL3_TXT_FZA_DMS_RC4_SHA |
FZA-RC4-SHA |
128 |
128 |
SSL2_TXT_DES_64_CFB64_WITH_MD5_1 |
DES-CFB-M1 |
56 |
56 |
SSL2_TXT_RC2_128_CBC_WITH_MD5 |
RC2-CBC-MD5 |
128 |
128 |
SSL2_TXT_DES_64_CBC_WITH_MD5 |
DES-CBC-MD5 |
56 |
56 |
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 |
DES-CBC3-MD5 |
168 |
168 |
SSL2_TXT_RC4_64_WITH_MD5 |
RC4-64-MD5 |
64 |
64 |
SSL2_TXT_NULL |
NULL |
0 |
0 |
SSLRequireCipher |
SSLRequireCipher cipher-list Server config, virtual host, .htaccess, directory Not available in Apache v2
This directive specifies a space-separated list of cipher suites, used to verify the cipher after the connection is established. This is a per-directory option.
SSLCheckClientDN |
SSLCheckClientDN fileBanCipher cipher-list Config, virtual Not available in Apache v2
The client DN is checked against the file. If it appears in the file, access is permitted; if it does not, it isn't. This allows client certificates to be checked and basic auth to be used as well, which cannot happen with the alternative, SSLFakeBasicAuth. The file is simply a list of client DNs, one per line.
SSLBanCipher |
SSLBanCipher cipher-list Config, virtual, .htaccess, directory Not available in Apache v2
This directive specifies a space-separated list of cipher suites, as per SSLRequire-Cipher, except it bans them. The logic is as follows: if banned, reject; if required, accept; if no required ciphers are listed, accept. For example:
SSLBanCipher NULL-MD5 NULL-SHA
It is sensible to ban these suites because they are test suites that actually do no encryption.
SSLCipherSuite |
SSLCipherSuite cipher-spec Default: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP Server config, virtual host, directory, .htaccess Override: AuthConfig Apache v2 0nly
Unless the webmaster has reason to be paranoid about security, this directive can be ignored.
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
An SSL cipher specification in cipher-spec is composed of four major components plus a few extra minor ones. The tags for the key-exchange algorithm component, which includes RSA and Diffie-Hellman variants, are shown in Table 11-4.
Tag |
Description |
---|---|
kRSA |
RSA key exchange |
KDHr |
Diffie-Hellman key exchange with RSA key |
kDHd |
Diffie-Hellman key exchange with DSA key |
kEDH |
Ephemeral (temporary key) Diffie-Hellman key exchange (no certificate) |
Tag |
Description |
---|---|
aNull |
No authentication |
aRSA |
RSA authentication |
aDSS |
DSS authentication |
aDH |
Diffie-Hellman authentication |
Tag |
Description |
---|---|
eNULL |
No encoding |
DES |
DES encoding |
3DES |
Triple-DES encoding |
RC4 |
RC4 encoding |
RC2 |
RC2 encoding |
IDEA |
IDEA encoding |
Tag |
Description |
---|---|
MD5 |
MD5 hash function |
SHA1 |
SHA1 hash function |
SHA |
SHA hash function |
Tag |
Description |
---|---|
SSLv2 |
All SSL Version 2.0 ciphers |
SSLv3 |
All SSL Version 3.0 ciphers |
TLSv1 |
All TLS Version 1.0 ciphers |
EXP |
All export ciphers |
EXPORT40 |
All 40-bit export ciphers only |
EXPORT56 |
All 56-bit export ciphers only |
LOW |
All low-strength ciphers (no export, single DES) |
MEDIUM |
All ciphers with 128-bit encryption |
HIGH |
All ciphers using Triple-DES |
RSA |
All ciphers using RSA key exchange |
DH |
All ciphers using Diffie-Hellman key exchange |
EDH |
All ciphers using Ephemeral Diffie-Hellman key exchange |
ADH |
All ciphers using Anonymous Diffie-Hellman key exchange |
DSS |
All ciphers using DSS authentication |
NULL |
All ciphers using no encryption |
A simpler way to look at all of this is to use the openssl ciphers -v command, which provides a way to create the correct cipher-spec string:
$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP' NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 ... ... ... ... ... EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The default cipher-spec string is "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", which means the following: first, remove from consideration any ciphers that do not authenticate, i.e., for SSL only the Anonymous Diffie-Hellman ciphers are removed. Next, use ciphers using RC4 and RSA. Next, include the high-, medium-, and then the low-security ciphers. Finally, pull all SSLv2 and export ciphers to the end of the list.
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
The complete lists of particular RSA and Diffie-Hellman ciphers for SSL are given in Tables Table 11-9 and Table 11-10.
Cipher Tag |
Protocol |
Key Ex. |
Auth. |
Enc. |
MAC |
Type |
---|---|---|---|---|---|---|
DES-CBC3-SHA |
SSLv3 |
RSA |
RSA |
3DES(168) |
SHA1 |
|
DES-CBC3-MD5 |
SSLv2 |
RSA |
RSA |
3DES(168) |
MD5 |
|
IDEA-CBC-SHA |
SSLv3 |
RSA |
RSA |
IDEA(128) |
SHA1 |
|
RC4-SHA |
SSLv3 |
RSA |
RSA |
RC4(128) |
SHA1 |
|
RC4-MD5 |
SSLv3 |
RSA |
RSA |
RC4(128) |
MD5 |
|
IDEA-CBC-MD5 |
SSLv2 |
RSA |
RSA |
IDEA(128) |
MD5 |
|
RC2-CBC-MD5 |
SSLv2 |
RSA |
RSA |
RC2(128) |
MD5 |
|
RC4-MD5 |
SSLv2 |
RSA |
RSA |
RC4(128) |
MD5 |
|
DES-CBC-SHA |
SSLv3 |
RSA |
RSA |
DES(56) |
SHA1 |
|
RC4-64-MD5 |
SSLv2 |
RSA |
RSA |
RC4(64) |
MD5 |
|
DES-CBC-MD5 |
SSLv2 |
RSA |
RSA |
DES(56) |
MD5 |
|
EXP-DES-CBC-SHA |
SSLv3 |
RSA(512) |
RSA |
DES(40) |
SHA1 |
export |
EXP-RC2-CBC-MD5 |
SSLv3 |
RSA(512) |
RSA |
RC2(40) |
MD5 |
export |
EXP-RC4-MD5 |
SSLv3 |
RSA(512) |
RSA |
RC4(40) |
MD5 |
export |
EXP-RC2-CBC-MD5 |
SSLv2 |
RSA(512) |
RSA |
RC2(40) |
MD5 |
export |
EXP-RC4-MD5 |
SSLv2 |
RSA(512) |
RSA |
RC4(40) |
MD5 |
export |
NULL-SHA |
SSLv3 |
RSA |
RSA |
None |
SHA1 |
|
NULL-MD5 |
SSLv3 |
RSA |
RSA |
None |
MD5 |
Cipher Tag |
Protocol |
Key Ex. |
Auth. |
Enc. |
MAC |
Type |
---|---|---|---|---|---|---|
ADH-DES-CBC3-SHA |
SSLv3 |
DH |
None |
3DES(168) |
SHA1 |
|
ADH-DES-CBC-SHA |
SSLv3 |
DH |
None |
DES(56) |
SHA1 |
|
ADH-RC4-MD5 |
SSLv3 |
DH |
None |
RC4(128) |
MD5 |
|
EDH-RSA-DES-CBC3-SHA |
SSLv3 |
DH |
RSA |
3DES(168) |
SHA1 |
|
EDH-DSS-DES-CBC3-SHA |
SSLv3 |
DH |
DSS |
3DES(168) |
SHA1 |
|
EDH-RSA-DES-CBC-SHA |
SSLv3 |
DH |
RSA |
DES(56) |
SHA1 |
|
EDH-DSS-DES-CBC-SHA |
SSLv3 |
DH |
DSS |
DES(56) |
SHA1 |
|
EXP-EDH-RSA-DES-CBC-SHA |
SSLv3 |
DH(512) |
RSA |
DES(40) |
SHA1 |
export |
EXP-EDH-DSS-DES-CBC-SHA |
SSLv3 |
DH(512) |
DSS |
DES(40) |
SHA1 |
export |
EXP-ADH-DES-CBC-SHA |
SSLv3 |
DH(512) |
None |
DES(40) |
SHA1 |
export |
EXP-ADH-RC4-MD5 |
SSLv3 |
DH(512) |
None |
RC4(40) |
MD5 |
export |
Copyright © 2003 O'Reilly & Associates. All rights reserved.