6

I tried the settings below to remove the CBC cipher suites in Apache server,

SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off

after doing some retests, the CBC cipher suites are still enabled in my Apache. I'm not sure about what suites I shouldremove/add?

1 Answers1

10

It's a common pitfall with the TLS library your Apache installation uses, OpenSSL, which doesn't name its cipher suites by their full IANA name but often a simplified one, which often omits the chaining mode used. That is a bad idea and I don't think they do it anymore for newly added suites.

Your configuration still asks for some CBC suites, there is for example ECDHE-ECDSA-AES256-SHA384 that is really TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384. Any AES suite not specifying a chaining mode is likely using CBC in OpenSSL (and thus Apache).

You can hunt them one by one checking https://ciphersuite.info/cs/?sort=asc&security=all&singlepage=true&tls=tls12&software=openssl or the option I'd recommend, using the Mozilla SSL Configuration Generator to quickly get a known to work well configuration (https://ssl-config.mozilla.org/). To avoid the generator including CBC suites, select "Intermediate" as setting as "Old" do includes some CBC suites to permit very old clients to connect.

Bruno Rohée
  • 275
  • Thanks for the link you provided https://ciphersuite.info/cs/?sort=asc&security=all&singlepage=true&tls=tls12&software=openssl I'll look into it. The config I did was from Mozilla https://ssl-config.mozilla.org/. Did some research and the BP they provide also includes the weak ciphers. –  Apr 22 '22 at 02:40
  • 1
    What I did is this - ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!SHA1:!SHA256:!SHA384:!DSS:!aNULL;

    Add the !SHA1:!SHA256:!SHA384:!DSS:!aNULL; to disable the CBC ciphers.

     –  Apr 22 '22 at 02:41
  • It looks like you used the "Old" setting on the Mozilla configurator, when most people want "Intermediate". Old is there to permit really old stuff to connect (think IE6), which actually needs the CBC suites not having the more modern ones. I'll amend my answer in that regard. – Bruno Rohée Apr 22 '22 at 08:25