0

I have a web application using Apache 2.4 that runs an external API. Recently a client had trouble connecting to our system due to an SSL handshake failure. They went on ssllabs and found that our server supports the following cipher suite for TLS 1.2 (which they are using):

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)             DH 2048 bits   FS    128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)         ECDH secp521r1 (eq. 15360 bits RSA)   FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)             DH 2048 bits   FS    256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)         ECDH secp521r1 (eq. 15360 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   ECDH secp521r1 (eq. 15360 bits RSA)   FS 256

Because the SSL handshake failure happens entirely on their side (nothing appears on my access or error log when LogLevel is set to debug) they think it is an SSLCipherSuite issue.

They wanted me to add the following SSLCipherSuite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) or according to google, the following in Apache2: TLS_RSA_WITH_AES_256_GCM_SHA384.

Cool, so first I tried it in my specific apache config file, but just including the following line after all the LetsEncrypt directives:

SSLCipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384

Unfortunately, ssllabs and sslscan tell me the exact CipherSuite I need isn't there, even after restarting apache2. I get this back:

Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  ECDHE-RSA-CHACHA20-POLY1305   Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits

So I went into /etc/options/letsencrypt/options-ssl-apache.conf and modified the SSLCipherSuite directive to the following, and then restarted apache:

SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384

Note that I stuck :TLS_RSA_WITH_AES_256_GCM_SHA384 at the end of the original directive. Yet, ssllabs and sslscan both don't list this cipher.

I'm not super good with networking, apache, or ciphers in general, so I'm unsure what I can do to get this cipher to come up to fix the SSL handshake error.

Alex
  • 221
  • 2
  • 8
  • 1
    The syntax of the cipher is wrong. Please refer to the [documentation of SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite) which then refers to the relevant [OpenSSL documentation](https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html) for the exact syntax. In your case this should not be `TLS_RSA_WITH_AES_256_GCM_SHA384` but `AES256-GCM-SHA384`. Just search in the documentation for exactly this cipher and you'll find the mapping. – Steffen Ullrich Feb 10 '21 at 06:50
  • 1
    Does this answer your question? [How can I specify exact ciphers for my Apache TLS server](https://serverfault.com/questions/916907/how-can-i-specify-exact-ciphers-for-my-apache-tls-server) – Steffen Ullrich Feb 10 '21 at 06:52
  • @SteffenUllrich This was it. Not sure how I missed it, I must have read the wrong column from the documentation :( – Alex Feb 10 '21 at 19:34

0 Answers0