From: William A. Rowe Jr Date: Fri, 22 May 2015 06:43:12 +0000 (+0000) Subject: mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher X-Git-Tag: 2.2.30~81 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=013aeaf0b53415b3ed250a8da0f15273791d3463;p=thirdparty%2Fapache%2Fhttpd.git mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher priority and add explanations relative to RFC 7525 guidance. Submitted by: wrowe Backports: 1679428, 1679432 Reviewed by: wrowe, ylavic, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681002 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 02c6ed3e4c9..11268be62ed 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,14 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.30 + *) In alignment with RFC 7525, the default recommended SSLCipherSuite + and SSLProxyCipherSuite now exclude RC4 as well as MD5. Existing + configurations must be adjusted by the administrator. [William Rowe] + + *) In alignment with RFC 7525, the default recommended SSLProtocol and + SSLProxyProtocol directives now excludes SSLv3. Existing configurations + must be adjusted by the administrator. [William Rowe] + *) core: Avoid potential use of uninitialized (NULL) request data in request line error path. [Yann Ylavic] diff --git a/STATUS b/STATUS index 031e854afdf..1c112300e4e 100644 --- a/STATUS +++ b/STATUS @@ -101,12 +101,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher - priority and add explanations relative to RFC 7525 guidance. - http://svn.apache.org/r1679428 - http://svn.apache.org/r1679432 [CHANGES] - 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-default-httpd-ssl.conf.in.patch - +1: wrowe, ylavic, rjung PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index 0586d1e200c..df71ec9d8c3 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -50,28 +50,39 @@ AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 +# List the ciphers that the client is permitted to negotiate, +# and that httpd will negotiate as the client of a proxied server. +# See the OpenSSL documentation for a complete list of ciphers, and +# ensure these follow appropriate best practices for this deployment. +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 + +# By the end of 2016, only TLSv1.2 ciphers should remain in use. +# Older ciphers should be disallowed as soon as possible, while the +# kRSA ciphers do not offer forward secrecy. These changes inhibit +# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy +# non-browser tooling) from successfully connecting. +# +# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable +# those protocols which do not support forward secrecy, replace +# the SSLCipherSuite and SSLProxyCipherSuite directives above with +# the following two directives, as soon as practical. +# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA +# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on -# Speed-optimized SSL Cipher configuration: -# If speed is your main concern (on busy HTTPS servers e.g.), -# you might want to force clients to specific, performance -# optimized ciphers. In this case, prepend those ciphers -# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. -# Caveat: by giving precedence to RC4-SHA and AES128-SHA -# (as in the example below), most connections will no longer -# have perfect forward secrecy - if the server's key is -# compromised, captures of past or future traffic must be -# considered compromised, too. -#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 -#SSLHonorCipherOrder on - # SSL Protocol support: -# List the protocol versions which clients are allowed to -# connect with. Disable SSLv2 (cf. RFC 6176) and SSLv3 -# (cf. RFC 7525 and CVE 2014-3566). +# List the protocol versions which clients are allowed to connect with. +# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) +# should be disabled as quickly as practical. By the end of 2016, only +# the TLSv1.2 protocol or later should remain in use. SSLProtocol all -SSLv2 -SSLv3 +SSLProxyProtocol all -SSLv2 -SSLv3 # Pass Phrase Dialog: # Configure the pass phrase gathering process.