| Author |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
 Posted: Wed 14 Oct '15 16:16 Post subject: Any chance to have a 256 cipher for http2 ? |
 |
|
Split from mod_http2 :: HowTo & Info & Tips
is there any chance to have a 256 cipher instead of ECDHE-RSA-AES128-GCM-SHA256 ?
I know it is from https://http2.github.io/http2-spec/#rfc.section.9.2.2 but still not satisfying. |
|
| Back to top |
|
yawnbox
Joined: 27 Oct 2015
Posts: 2
Location: Seattle, WA
|
| Posted: Tue 27 Oct '15 22:22 Post subject: |
|
|
Hello,
BetterCrypto.org (https://bettercrypto.org/static/applied-crypto-hardening.pdf) recommends the following cipher suites:
| Code: | SSLCipherSuite
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:
!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-HA:AES256SHA:CAMELLIA128-SHA:AES128-SHA |
The 'Theory' second in their doc is worth a read. You can see the outcome of this configuration by testing my blog:
https://www.ssllabs.com/ssltest/analyze.html?d=yawnbox.com
I am currently trying to get mod_http2 working, so unfortunately I cannot comment on that.
Cheers |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Wed 28 Oct '15 12:51 Post subject: |
|
|
Serious Camellia?
For mod_http2 you MUST use ECDHE-RSA-AES128-GCM-SHA256
Hardening with mod_http2
| Code: |
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
|
without mod_http2 see https://mariobrandt.de/archives/apache/sslciphersuite-alias-crypto-wars-945/ |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Thu 29 Oct '15 7:08 Post subject: |
|
|
On Oct 19, I enabled HTTP/2 on my Apache 2.4.17.
Immediately I had an error message "ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY" from Google Chrome v46.
At that time my SSLCipherSuite value was Apache default, HIGH:MEDIUM:!MD5:!RC4.
I checked 'openssl ciphers -v HIGH:MEDIUM:!MD5:!RC4' and added AESGCM to the head of SSLCipherSuite value to change ciphers order. After that HTTP/2 works well. My Server has been running for 10 days with HTTP/2.
I checked up my server log, and until now I only found DHE-RSA-AES256-SHA256 other than ECDHE-RSA-AES128-GCM-SHA256 as a successful cipher.
Is this helpful? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Thu 29 Oct '15 11:43 Post subject: |
|
|
| o6asan wrote: |
I checked up my server log, and until now I only found DHE-RSA-AES256-SHA256 other than ECDHE-RSA-AES128-GCM-SHA256 as a successful cipher.
|
DHE-RSA-AES256-SHA256 does not work. Then I get in chrome the ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY warning again. |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Thu 29 Oct '15 12:47 Post subject: |
|
|
I re-checked the logs. I also have DHE-RSA-AES256-GCM-SHA384 and ECDHE-RSA-AES128-GCM-SHA384, and DHE-RSA-AES256-GCM-SHA384 is used by msbot.
So Chrome might give an error for DHE-RSA-AES256-GCM-SHA384. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Thu 29 Oct '15 18:38 Post subject: |
|
|
| I don't mind any bot that may can speak it. I want the users not to have any errors viewing the page. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Fri 30 Oct '15 1:39 Post subject: |
|
|
| James Blond wrote: | | I don't mind any bot that may can speak it. I want the users not to have any errors viewing the page. |
According to https://www.ssllabs.com/ssltest/index.html, latest web browsers look to support GCM except Safari.
I think you should not move to HTTP/2 if you mind older browser users and Safari users.
I've confirmed that my site is visible by latest Chrome, Firefox, Internet Explorer, and Opera.
Last edited by o6asan on Fri 30 Oct '15 15:10; edited 2 times in total |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Fri 30 Oct '15 1:53 Post subject: |
|
|
I've seen the page. I've found that. I didn't notice it.
For GCM, I had added AESGCM to SSLCipherSuite.
About DHE-RSA-AES256-SHA256 I should check my logs again. |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Tue 03 Nov '15 14:10 Post subject: |
|
|
The protocol of clients using DHE-RSA-AES256-SHA256 is HTTP/1.0 and my server accepted these clients' request.
So, I added the followings to my Root htaccess. There is no HTTP/2 because Apache logs don't give HTTP/2 still now.
| Code: | RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F,L] |
This makes the server deny the above clients. Do a lot of people use HTTP/1.0 or HTTP/0.9 still now? If so, does this setting deny too many visitors? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Tue 03 Nov '15 18:54 Post subject: |
|
|
if you force HTTP/1.1 you can't use http/2 anymore.
But what does that has to do with my 256 bit question anyways? |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Tue 03 Nov '15 20:19 Post subject: |
|
|
| James Blond wrote: | if you force HTTP/1.1 you can't use http/2 anymore.
But what does that has to do with my 256 bit question anyways? |
I can use HTTP/2 still now.
At this point, Apache seems not to distinguish between HTTP/1.1 and HTTP/2 when you use Rewrite Directive. Is this a bug?
As successful ciphers for HTTP/2, I've had only two GCM ciphers ECDHE-RSA-AES128-GCM-SHA256 and ECDHE-RSA-AES256-GCM-SHA384 on the logs. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 03 Nov '15 21:31 Post subject: |
|
|
| o6asan wrote: | | At this point, Apache seems not to distinguish between HTTP/1.1 and HTTP/2 when you use Rewrite Directive. Is this a bug? |
Probably not. All requests to the server start out initially as HTTP/1.1 and the connection is then upgraded to HTTP/2 before the server sends the response data. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Wed 04 Nov '15 12:42 Post subject: |
|
|
| o6asan wrote: |
As successful ciphers for HTTP/2, I've had only two GCM ciphers ECDHE-RSA-AES128-GCM-SHA256 and ECDHE-RSA-AES256-GCM-SHA384 on the logs. |
Please post your SSLCipherSuite config line. |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Thu 05 Nov '15 19:16 Post subject: |
|
|
| o6asan wrote: |
I don't know why, but my config line doesn't show up here though I tried to write it several times.
Please see the post on my site.
|
I tried that. And still only 128 bit encryption |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Fri 06 Nov '15 1:56 Post subject: |
|
|
| James Blond wrote: | | I tried that. And still only 128 bit encryption |
How did you get the result? By OpenSSL, cURL or something else? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Fri 06 Nov '15 11:10 Post subject: |
|
|
| I tried with my browsers. Firefox 42, Chrome 46. Sure curl and OpenSSL can do it, but who uses that for viewing my webpage? maybe some lynx freak... but nay. |
|
| Back to top |
|
o6asan
Joined: 27 Aug 2015
Posts: 44
Location: Japan, Fukuoka
|
| Posted: Fri 06 Nov '15 15:29 Post subject: |
|
|
By easy test on my PCs,
Both Firefox42 and Chrome46 use ECDHE-RSA-AES128-GCM-SHA256 you wrote.
IE11 on Windows7 x86 uses DHE-RSA-AES256-GCM-SHA384.
IE11 on Windows10 x86 uses ECDHE-RSA-AES256-GCM-SHA384.
And from my logs, Safari9.0 on iPhone(?) seems to use ECDHE-RSA-AES256-GCM-SHA384. |
|
| Back to top |
|
