From: Kaspar Brand Date: Sun, 29 Sep 2013 10:41:52 +0000 (+0000) Subject: update transformations for mod_ssl and ssl_faq X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=430c24993791610ebdc9beee6123bd28b98c3115;p=thirdparty%2Fapache%2Fhttpd.git update transformations for mod_ssl and ssl_faq git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1527296 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index f373b9ccda8..cee80f8b694 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -568,12 +568,33 @@ SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt Module:mod_ssl

-This directive points to the PEM-encoded Certificate file for the server and -optionally also to the corresponding RSA or DSA Private Key file for it -(contained in the same file). If the contained Private Key is encrypted the -Pass Phrase dialog is forced at startup time. This directive can be used up to -three times (referencing different filenames) when both a RSA, a DSA, and an -ECC based server certificate is used in parallel.

+This directive points to the file with the PEM-encoded certificate, +optionally also the corresponding private key, and - beginning with +version 2.5.0-dev as of 2013-09-29 - DH parameters and/or an EC curve name +for ephemeral keys (as generated by openssl dhparam +and openssl ecparam, respectively). If the private key +is encrypted, the pass phrase dialog is forced at startup time. +

+

+This directive can be used up to three times (referencing different filenames) +when both an RSA, a DSA, and an ECC based server certificate is used in +parallel. Note that DH and ECDH parameters are only read from the first +SSLCertificateFile directive.

+ +
+

DH parameter interoperability with primes > 1024 bit

+

+Beginning with version 2.5.0-dev as of 2013-09-29, mod_ssl makes use of +standardized DH parameters with prime lengths of 2048, 3072 and 4096 bits +(from RFC 3526), and hands +them out to clients based on the length of the certificate's RSA/DSA key. +With Java-based clients in particular (Java 7 or earlier), this may lead +to handshake failures - see this +FAQ answer for working around +such issues. +

+
+

Example

 SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
@@ -715,6 +736,15 @@ prefixes are:

  • -: remove cipher from list (can be added later again)
  • !: kill cipher from list completely (can not be added later again)
    • + +
    +

    aNULL, eNULL and EXP +ciphers are always disabled

    +

    Beginning with version 2.5.0-dev as of 2013-09-25, null and export-grade +ciphers are always disabled, as mod_ssl unconditionally prepends any supplied +cipher suite string with !aNULL:!eNULL:!EXP: at initialization.

    +
    +

    A simpler way to look at all of this is to use the ``openssl ciphers -v'' command which provides a nice way to successively create the correct cipher-spec string. The default cipher-spec string diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en index b05c510f11a..3adf499e924 100644 --- a/docs/manual/ssl/ssl_faq.html.en +++ b/docs/manual/ssl/ssl_faq.html.en @@ -524,6 +524,8 @@ Does this mean the username/password is being sent unencrypted?

  • Why do I get I/O errors when connecting via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE)?
    • +
  • How do I enable TLS-SRP?
    • +
  • Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits?

    • Why do I get lots of random SSL protocol @@ -746,6 +748,37 @@ SetEnvIf User-Agent "MSIE [2-5]" \

    +

    Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits?

    +

    Beginning with version 2.5.0-dev as of 2013-09-29, + mod_ssl will use DH parameters which include primes + with lengths of more than 1024 bits. Java 7 and earlier limit their + support for DH prime sizes to a maximum of 1024 bits, however.

    + +

    If your Java-based client aborts with exceptions such as + java.lang.RuntimeException: Could not generate DH keypair and + java.security.InvalidAlgorithmParameterException: Prime size must be + multiple of 64, and can only range from 512 to 1024 (inclusive), + and httpd logs tlsv1 alert internal error (SSL alert number 80) + (at LogLevel info + or higher), you can either rearrange mod_ssl's cipher list with + SSLCipherSuite + (possibly in conjunction with SSLHonorCipherOrder), + or you can use the SSLCertificateFile + directive to configure custom DH parameters with a 1024-bit prime, which + will always have precedence over any of the built-in DH parameters.

    + +

    To generate custom DH parameters, use the openssl dhparam + command. Alternatively, you can append the following standard 1024-bit DH + parameters from RFC 2409, + section 6.2 to the respective + SSLCertificateFile file:

    + 
    -----BEGIN DH PARAMETERS-----
+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
+-----END DH PARAMETERS-----
    + +
    top

    mod_ssl Support