Web servers such as Apache use encryption to protect critical information such as credit card numbers.

The secret language they use to encrypt data is called a Cipher. Some of these secret languages are weak, and some are strong.

At Bobcares, we help server owners to enable strong ciphers in servers as part of our Support Services for Web Hosts.

Today we’ll discuss how to set a strong Cipher for Apache.

What is Apache SSLCipherSuite ?

The secret language used in SSL communication (accessing websites via https) is called SSLCipherSuite.

Before proceeding further, let’s check more on Apache SSLCipherSuite.

When you access a website from browsers like Firefox, Chrome etc.,many processes happen in the background. The server and the browser has to mutually agree on the method in which the data transfer will take place. And, if both of them do not agree on the method, connection fails.

In SSL communication, this agreement process happens in a phase called “SSL Handshake“.

At first, browser sends its list of ciphers to the server. When the Apache web server finds a match in its cipher list, communication happens using that matching method.

Why to change Apache SSLCipherSuite ?

Now, we’ll see the need for changing the default values set for SSLCipherSuite in Apache.

In the past few years, attackers have found several flaws in older ciphers such as CBC, RC4. Based on these protocols, attackers were able to break into many servers via attacks like “poodle”, “BEAST”, “FREAK”, “SWEET32” etc.

That’s why our Security Engineers disable such weak ciphers and allow only the latest and strong ciphers in HTTPS connections.

The default cipher suite in Apache looks something like this.

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Here, Apache disables LOW strength ciphers and allows HIGH and MEDIUM strength ciphers along with RC4 and RSA. But, RC4 and RSA have known vulnerabilities. So we need to avoid them.

Apache SSLCipherSuite Recommended

We need to consider facts like type of visitors on server, applications running on server etc. before changing SSLCipherSuite in Apache configuration.

Now, let’s have a look at these facts.

1. Wide client compatibility

If wide client compatibility is a priority for the server, SSLCipherSuite need to use methods like ECDHE (Elliptic Curve Diffie-Hellman Exchange). When you enforce ECDHE usage, the server will automatically reject old browsers such as Internet explorer 6.0 or 7.0.

Additionally, it helps to achieve features like Forward secrecy that allows information to be kept secret even if there is a compromise in the private key.

Again, for Apache2 versions prior to 2.4.7, there is a risk that the methods like “Ephemeral Diffie-Hellman (DHE)” will use a weaker key exchange. To fix, we need to upgrade Apache to at least  2.4.8 or later.

2. Support only modern browsers

Similarly, the choice of ciphers differs when you want only modern browsers to access the websites. These recent browsers support modern methods for data transfer. As a result, we can use fast and efficient methods like “ChaCha20″ that runs very well on smartphones too.

Unfortunately, often this strict method implementation is not feasible in live servers as the customers still use old browsers.

3. High security

Again, servers can enforce only latest TLS 1.2 protocol on the server for enhancing server security. This can be set by the following value in the Apache configuration file.

SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3

With this, server totally removes support for TLS versions 1 and 1.1, and disables SSLv2 and SSLv3.

However, here the user will need to use recent web browsers like Firefox version 27 or higher, IE version 11 or higher etc.

Based on the various aspects of security, a typical SSLCipherSuite on Apache server looks like:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

Here, we select ECDHE+AESGCM ciphers first. Also, we prefer AES128 because it is fast and provides security. Similarly, we totally avoid weak ciphers like RC4, MD5, DES etc.

Also, the ordering of a cipher suite is very important because it decides the priority of methods used in data transfer.

Effects of changing Apache SSLCipherSuite

As such, allowing only strong ciphers increase server security. But, the downside is that, it can cause compatibility issues. It can prevent certain browsers from accessing the websites on the server.

Hence, it is necessary to consider the type of visitors that access the server. And, we need to make changes only with proper planning.

So, our Support Engineers disable weak ciphers on the server only after ensuring the following.

1. Send a notification to customers with the list of affected browsers.
2. Force customers to install browser updates.
3. Selectively customize SSLCipherSuite for certain websites alone.

Conclusion

SSLCipherSuite is responsible for ensuring security of data exchanged between server and the browser. However, changing SSLCipherSuite in Apache affects the web traffic. Today, we’ve seen how our Support Engineers set SSLCipherSuite with least impact on genuine server traffic.