Yet another article about why my cipher string is better than yours.
There are several very good articles about hardening OpenSSL ciphers. Over the years I’ve combined lessons learned from others, my own research of standards and best practices, and my own real-life experiences to come up with the OpenSSL cipher string that I’ve found works best. My goal with this string is to provide the best security while minimizing the length of the string and not include cipher suites that are unnecessary or would be ignored due to certificate type.
The String
AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA
You can test is on your OpenSSL installation
openssl ciphers -v 'AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA'
It should result in the following cipher suites in this order:
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA
Prioritization Logic
- Only PFS cipher suites. ECDHE first, then DHE.
- AESGCM ciphers are preferred over everything else.
- AES-128 is preferred to AES-256. AES-256 provides little improvement to security, while AES-128 is faster making it less taxing in virtual server environments and more resistant to timing attacks.
- SHA1 cipher suites are given the least preference to everything else.
- Only use RSA authenticated cipher suites. Most websites use RSA certificates. EC certificate websites are a more complicated setup and not the target of this article.
Apache
SSLEngine on SSLProtocol -All +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder On SSLCipherSuite AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA
Nginx
ssl_prefer_server_ciphers On; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA;
more to come…