7

A PCI Compliance scan has suggested that we disable Apache's MEDIUM and LOW/WEAK strength ciphers for security. Can someone tell me how to disable these ciphers?

Apache v2.2.14 mod_ssl v2.2.14

This is what they've told us:

Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits. Solution: Reconfigure the affected application if possible to avoid use of medium strength ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More]

Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More]

Keith Palmer Jr.
  • 1,173
  • 4
  • 16
  • 29
  • 1
    Their definition of Medium is not the same as Apache's! Their "medium" is included in Apache's "low", you can leave Apache's Medium enabled for PCI (as of writing this). – Chris S Dec 08 '10 at 14:43

8 Answers8

16

Depending on your needs, you can come up with an SSLCipherSuite line that handles the job for you.

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite

Mine are below and they pass PCI scans.

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
McJeff
  • 2,039
  • 13
  • 11
  • I actually suspect that won't work for me, because doesn't that enable MEDIUM ciphers? Is it as easy as just doing !MEDIUM instead of +MEDIUM? – Keith Palmer Jr. Mar 18 '10 at 17:17
  • I believe so, yeah. – McJeff Mar 18 '10 at 17:19
  • Also- Is there a way I can test this to check if they are, in fact, disabled (so that I don't need to wait 3 hours for the scanner thing to run to know it actually worked...)? – Keith Palmer Jr. Mar 18 '10 at 17:20
  • 1
    Yeah, you can connect via openssl using `openssl s_client` and set the appropriate command line options, limiting (or forcing) ciphers accordingly. – McJeff Mar 18 '10 at 17:28
  • Remember to verify the configuration, ssllabs.com has good scanner that also verifies if the configuration isn't susceptible to BEAST, has proper SSL ticket tracking, etc. – Hubert Kario Nov 27 '12 at 14:27
7

If you are unsure what ciphers this SSLCipherSuite line ends up permitting, you can run it through openssl:

openssl ciphers -v 'HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM'

This will give you a list of cipher combinations:

DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
...

Modify the argument until you end up with a list that contains only the ciphers you are allowed to offer.

5

Note that !MEDIUM will disable 128 bit ciphers as well, which is more than you need for your original request. The following config passed my PCI compliance scan, and is bit more friendly towards older browsers:

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLProtocol ALL -SSLv2 -SSLv3

SSL Version 3 is insecure due to Poodle Attack (refer:http://disablessl3.com/)

Community
  • 1
John York
  • 51
  • 1
  • 1
2

Just giving another solution. Per the suggestions from ssltools.com here was their suggestion that worked for me:

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
StingeyB
  • 121
  • 2
2
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Is what I am using - which, according to ssllabs.com gives the highest level of security.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
snazmeister
  • 21
  • 2
1

better use cipher generator by mozilla, I follow this https://mozilla.github.io/server-side-tls/ssl-config-generator

Sunny
  • 55
  • 6
0

The mod_ssl documentation lists MEDIUM as "all ciphers with 128 bit encryption", while HIGH is described as "all ciphers using Triple-DES". I'm guessing that this is a documentation error, but if not "MEDIUM" is actually higher than "HIGH".

As you were told that you need at least 112 bit keys; this shouldn't matter for you as both HIGH and MEDIUM will be strong enough and you should include both.

Jeffrey Goldberg
  • 101
-1

This is what I ended up having to use:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
SSLProtocol -ALL +SSLv3 +TLSv1
Keith Palmer Jr.
  • 1,173
  • 4
  • 16
  • 29
  • 3
    Disabling Medium is not necessary, see my comment above. McJeff's answer should have been marked correct. – Chris S Dec 08 '10 at 14:44
  • 5
    Marking your own answer as correct when there were correct answers to your question is really bad form. – mpeters Apr 05 '11 at 18:20