
A few days ago I changed the configuration of
haproxy to stop accepting
TLSv1.0 and TLSv1.1. With the upcoming deprecation of TLSv1.0 and TLSv1.1
this seemed the right SSL configuration. Today I remembered there is one
directly reachable Apache server, so I had a look at the settings there
and checked the results with the
Qualys SSL Labs SSL Server test
where I noticed some ciphers listed as 'weak'. And seeing different results
between my haproxy and apache servers, which I did not expect as I used the
same settings for
SSLCipherSuite in Apache and
ssl-default-bind-ciphers in haproxy.
The last issue was caused by the fact that Apache2.4.25 in Devuan ascii uses
libssl 1.0.2 and haproxy 1.7.5 uses libssl 1.1.0. I'm not sure that's an ideal
configuration but it's what I work with.
With the output of
openssl ciphers -v I get a list of cipher names.
But this is with libssl1.1.0 so the output lists ciphers that Apache doesn't
have access to (yet). The good part is that Apache ignores ciphers that aren't
available, so the net result is a running and working configuration.
The current result is for Apache 2.4.25:
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256
And for haproxy 1.7.5:
ssl-default-bind-options force-tlsv12 no-tls-tickets
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256
The fun part is that I can test the SSL negotiation with
sslscan
locally but sslscan is linked against openssl 1.0.2 so it misses some of the
newer options. And I also test with the
Qualys SSL Labs ssl test but that takes a while.
The too long; didn't read version of finding the right configuration options
And later I found I could have saved a lot of time researching options using
the
Mozilla SSL Configuration Generator. I don't completely agree with the suggestions there because I
want to generate my own dhparams. Using 'well-known Diffie-Hellman paramaters'
has security risks. But otherwise all the suggestions for ciphers are very
usable and save me a lot of time.