Apache The Definitive Guide, 3rd EditionApache: The Definitive GuideSearch this book

11.9. Cipher Suites

The SSL protocol does not restrict clients and servers to a single encryption brew for the secure exchange of information. There are a number of possible cryptographic ingredients, but as in any cookpot, some ingredients go better together than others. The seriously interested can refer to Bruce Schneier's Applied Cryptography (John Wiley & Sons, 1995), in conjunction with the SSL specification (from http://www.netscape.com/ ). The list of cipher suites is in the OpenSSL software at ... /ssl/ssl.h. The macro names give a better idea of what is meant than the text strings.

11.9.1. Cipher Directives for Apache v1.3

SSLRequiredCiphers


SSLRequiredCiphers cipher-list
Server config, virtual hostl
Not available in Apache v2

This directive specifies a colon-separated list of cipher suites, used by OpenSSL to limit what the client end can do. Possible suites are listed Table 11-3. This is a per-server option. For example:

SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA

Table 11-3. Cipher suites for Apache v1.3

OpenSSL name

Config name

Keysize

Encrypted-Keysize

SSL3_TXT_RSA_IDEA_128_SHA
IDEA-CBC-SHA

128

128

SSL3_TXT_RSA_NULL_MD5
NULL-MD5

0

0

SSL3_TXT_RSA_NULL_SHA
NULL-SHA

0

0

SSL3_TXT_RSA_RC4_40_MD5
EXP-RC4-MD5

128

40

SSL3_TXT_RSA_RC4_128_MD5
RC4-MD5

128

128

SSL3_TXT_RSA_RC4_128_SHA
RC4-SHA

128

128

SSL3_TXT_RSA_RC2_40_MD5
EXP-RC2-CBC-MD5

128

40

SSL3_TXT_RSA_IDEA_128_SHA
IDEA-CBC-MD5

128

128

SSL3_TXT_RSA_DES_40_CBC_SHA
EXP-DES-CBC-SHA

56

40

SSL3_TXT_RSA_DES_64_CBC_SHA
DES-CBC-SHA

56

56

SSL3_TXT_RSA_DES_192_CBC3_SHA
DES-CBC3-SHA

168

168

SSL3_TXT_DH_DSS_DES_40_CBC_SHA
EXP-DH-DSS-DES-CBC-SHA

56

40

SSL3_TXT_DH_DSS_DES_64_CBC_SHA
DH-DSS-DES-CBC-SHA

56

56

SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 
DH-DSS-DES-CBC3-SHA

168

168

SSL3_TXT_DH_RSA_DES_40_CBC_SHA
EXP-DH-RSA-DES-CBC-SHA

56

40

SSL3_TXT_DH_RSA_DES_64_CBC_SHA
DH-RSA-DES-CBC-SHA

56

56

SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 
DH-RSA-DES-CBC3-SHA

168

168

SSL3_TXT_EDH_DSS_DES_40_CBC_SHA
EXP-EDH-DSS-DES-CBC-SHA

56

40

SSL3_TXT_EDH_DSS_DES_64_CBC_SHA
EDH-DSS-DES-CBC-SHA
 

56

SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA
EDH-DSS-DES-CBC3-SHA

168

168

SSL3_TXT_EDH_RSA_DES_40_CBC_SHA
EXP-EDH-RSA-DES-CBC

56

40

SSL3_TXT_EDH_RSA_DES_64_CBC_SHA
EDH-RSA-DES-CBC-SHA

56

56

SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
EDH-RSA-DES-CBC3-SHA

168

168

SSL3_TXT_ADH_RC4_40_MD5
EXP-ADH-RC4-MD5

128

40

SSL3_TXT_ADH_RC4_128_MD5
ADH-RC4-MD5

128

128

SSL3_TXT_ADH_DES_40_CBC_SHA
EXP-ADH-DES-CBC-SHA

128

40

SSL3_TXT_ADH_DES_64_CBC_SHA
ADH-DES-CBC-SHA

56

56

SSL3_TXT_ADH_DES_192_CBC_SHA
ADH-DES-CBC3-SHA

168

168

SSL3_TXT_FZA_DMS_NULL_SHA
FZA-NULL-SHA

0

0

SSL3_TXT_FZA_DMS_RC4_SHA
FZA-RC4-SHA

128

128

SSL2_TXT_DES_64_CFB64_WITH_MD5_1
DES-CFB-M1

56

56

SSL2_TXT_RC2_128_CBC_WITH_MD5
RC2-CBC-MD5

128

128

SSL2_TXT_DES_64_CBC_WITH_MD5
DES-CBC-MD5

56

56

SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
DES-CBC3-MD5

168

168

SSL2_TXT_RC4_64_WITH_MD5
RC4-64-MD5

64

64

SSL2_TXT_NULL
NULL

0

0

SSLRequireCipher

SSLRequireCipher cipher-list
Server config, virtual host, .htaccess, directory
Not available in Apache v2

This directive specifies a space-separated list of cipher suites, used to verify the cipher after the connection is established. This is a per-directory option.

SSLCheckClientDN

SSLCheckClientDN fileBanCipher cipher-list
Config, virtual
Not available in Apache v2

The client DN is checked against the file. If it appears in the file, access is permitted; if it does not, it isn't. This allows client certificates to be checked and basic auth to be used as well, which cannot happen with the alternative, SSLFakeBasicAuth. The file is simply a list of client DNs, one per line.

SSLBanCipher

SSLBanCipher cipher-list
Config, virtual, .htaccess, directory
Not available in Apache v2

This directive specifies a space-separated list of cipher suites, as per SSLRequire-Cipher, except it bans them. The logic is as follows: if banned, reject; if required, accept; if no required ciphers are listed, accept. For example:

SSLBanCipher NULL-MD5 NULL-SHA

It is sensible to ban these suites because they are test suites that actually do no encryption.

11.9.2. Cipher Directives for Apache v2

SSLCipherSuite

SSLCipherSuite cipher-spec
Default: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Server config, virtual host, directory, .htaccess
Override: AuthConfig
Apache v2 0nly

Unless the webmaster has reason to be paranoid about security, this directive can be ignored.

This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.

An SSL cipher specification in cipher-spec is composed of four major components plus a few extra minor ones. The tags for the key-exchange algorithm component, which includes RSA and Diffie-Hellman variants, are shown in Table 11-4.

Table 11-4. Key-exchange algorithms

Tag

Description

kRSA

RSA key exchange

KDHr

Diffie-Hellman key exchange with RSA key

kDHd

Diffie-Hellman key exchange with DSA key

kEDH

Ephemeral (temporary key) Diffie-Hellman key exchange (no certificate)

The tags for the authentication algorithm component, which includes RSA, Diffie-Hellman, and DSS, are shown in
Table 11-5.

Table 11-5. Authentication algorithms

Tag

Description

aNull

No authentication

aRSA

RSA authentication

aDSS

DSS authentication

aDH

Diffie-Hellman authentication

The tags for the cipher encryption algorithm component, which includes DES, Triple-DES, RC4, RC2, and IDEA, are shown in
Table 11-6.

Table 11-6. Cipher encoding algorithms

Tag

Description

eNULL

No encoding

DES

DES encoding

3DES

Triple-DES encoding

RC4

RC4 encoding

RC2

RC2 encoding

IDEA

IDEA encoding

The tags for the MAC digest algorithm component, which includes MD5, SHA, and SHA1, are shown in
Table 11-7.

Table 11-7. MAC digest algorithms

Tag

Description

MD5

MD5 hash function

SHA1

SHA1 hash function

SHA

SHA hash function

An SSL cipher can also be an export cipher and is either an SSLv2 or SSLv3/TLSv1 cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use, one can either specify all the ciphers, one at a time, or use the aliases shown in
Table 11-8 to specify the preference and order for the ciphers.

Table 11-8. Cipher aliases

Tag

Description

SSLv2

All SSL Version 2.0 ciphers

SSLv3

All SSL Version 3.0 ciphers

TLSv1

All TLS Version 1.0 ciphers

EXP

All export ciphers

EXPORT40

All 40-bit export ciphers only

EXPORT56

All 56-bit export ciphers only

LOW

All low-strength ciphers (no export, single DES)

MEDIUM

All ciphers with 128-bit encryption

HIGH

All ciphers using Triple-DES

RSA

All ciphers using RSA key exchange

DH

All ciphers using Diffie-Hellman key exchange

EDH

All ciphers using Ephemeral Diffie-Hellman key exchange

ADH

All ciphers using Anonymous Diffie-Hellman key exchange

DSS

All ciphers using DSS authentication

NULL

All ciphers using no encryption

These tags can be joined together with prefixes to form the cipher-spec. Available prefixes are the following:

none
Add cipher to list

+
Add ciphers to list and pull them to current location in list

-
Remove cipher from list (can be added later again)

!
Kill cipher from list completely (cannot be added later again)

A simpler way to look at all of this is to use the openssl ciphers -v command, which provides a way to create the correct cipher-spec string:

$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
...                     ...               ...     ...           ...
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

The default cipher-spec string is "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", which means the following: first, remove from consideration any ciphers that do not authenticate, i.e., for SSL only the Anonymous Diffie-Hellman ciphers are removed. Next, use ciphers using RC4 and RSA. Next, include the high-, medium-, and then the low-security ciphers. Finally, pull all SSLv2 and export ciphers to the end of the list.

Example

SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW

The complete lists of particular RSA and Diffie-Hellman ciphers for SSL are given in Tables Table 11-9 and Table 11-10.

Table 11-9. Particular RSA SSL ciphers

Cipher Tag

Protocol

Key Ex.

Auth.

Enc.

MAC

Type

DES-CBC3-SHA

SSLv3

RSA

RSA

3DES(168)

SHA1

 

DES-CBC3-MD5

SSLv2

RSA

RSA

3DES(168)

MD5

 

IDEA-CBC-SHA

SSLv3

RSA

RSA

IDEA(128)

SHA1

 

RC4-SHA

SSLv3

RSA

RSA

RC4(128)

SHA1

 

RC4-MD5

SSLv3

RSA

RSA

RC4(128)

MD5

 

IDEA-CBC-MD5

SSLv2

RSA

RSA

IDEA(128)

MD5

 

RC2-CBC-MD5

SSLv2

RSA

RSA

RC2(128)

MD5

 

RC4-MD5

SSLv2

RSA

RSA

RC4(128)

MD5

 

DES-CBC-SHA

SSLv3

RSA

RSA

DES(56)

SHA1

 

RC4-64-MD5

SSLv2

RSA

RSA

RC4(64)

MD5

 

DES-CBC-MD5

SSLv2

RSA

RSA

DES(56)

MD5

 

EXP-DES-CBC-SHA

SSLv3

RSA(512)

RSA

DES(40)

SHA1

export

EXP-RC2-CBC-MD5

SSLv3

RSA(512)

RSA

RC2(40)

MD5

export

EXP-RC4-MD5

SSLv3

RSA(512)

RSA

RC4(40)

MD5

export

EXP-RC2-CBC-MD5

SSLv2

RSA(512)

RSA

RC2(40)

MD5

export

EXP-RC4-MD5

SSLv2

RSA(512)

RSA

RC4(40)

MD5

export

NULL-SHA

SSLv3

RSA

RSA

None

SHA1

 

NULL-MD5

SSLv3

RSA

RSA

None

MD5

 

Table 11-10. Particular Diffie-Hellman ciphers

Cipher Tag

Protocol

Key Ex.

Auth.

Enc.

MAC

Type

ADH-DES-CBC3-SHA

SSLv3

DH

None

3DES(168)

SHA1

 

ADH-DES-CBC-SHA

SSLv3

DH

None

DES(56)

SHA1

 

ADH-RC4-MD5

SSLv3

DH

None

RC4(128)

MD5

 

EDH-RSA-DES-CBC3-SHA

SSLv3

DH

RSA

3DES(168)

SHA1

 

EDH-DSS-DES-CBC3-SHA

SSLv3

DH

DSS

3DES(168)

SHA1

 

EDH-RSA-DES-CBC-SHA

SSLv3

DH

RSA

DES(56)

SHA1

 

EDH-DSS-DES-CBC-SHA

SSLv3

DH

DSS

DES(56)

SHA1

 

EXP-EDH-RSA-DES-CBC-SHA

SSLv3

DH(512)

RSA

DES(40)

SHA1

export

EXP-EDH-DSS-DES-CBC-SHA

SSLv3

DH(512)

DSS

DES(40)

SHA1

export

EXP-ADH-DES-CBC-SHA

SSLv3

DH(512)

None

DES(40)

SHA1

export

EXP-ADH-RC4-MD5

SSLv3

DH(512)

None

RC4(40)

MD5

export



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.