OpenSSL Ciphers

Facebook
Google+
https://www.neblink.net/openssl-ciphers/
Twitter

Yet another article about why my cipher string is better than yours.

There are several very good articles about hardening OpenSSL ciphers. Over the years I’ve combined lessons learned from others, my own research of standards and best practices, and my own real-life experiences to come up with the OpenSSL cipher string that I’ve found works best. My goal with this string is to provide the best security while minimizing the length of the string and not include cipher suites that are unnecessary or would be ignored due to certificate type.

The String

AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA

You can test is on your OpenSSL installation

openssl ciphers -v 'AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA'

It should result in the following cipher suites in this order:

ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA

Prioritization Logic

  • Only PFS cipher suites. ECDHE first, then DHE.
  • AESGCM ciphers are preferred over everything else.
  • AES-128 is preferred to AES-256. AES-256 provides little improvement to security, while AES-128 is faster making it less taxing in virtual server environments and more resistant to timing attacks.
  • SHA1 cipher suites are given the least preference to everything else.
  • Only use RSA authenticated cipher suites. Most websites use RSA certificates. EC certificate websites are a more complicated setup and not the target of this article.

Apache

SSLEngine on
SSLProtocol -All +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA

Nginx

ssl_prefer_server_ciphers On;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM+EECDH+AES128:AESGCM+EECDH:AESGCM+EDH+AES128:AESGCM+EDH:EECDH+AES128:EECDH+AES:EDH+AES128:EDH+AES:+SSLv3:!DSS:!ECDSA;

more to come…

Facebook
Google+
https://www.neblink.net/openssl-ciphers/
Twitter