DHE cipher suite issue

Question

I am now using this cipher suite:

SSLCipherSuite "ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES128-CBC-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:DHE-DSS-3DES-EDE-CBC-SHA:AES128-SHA:DES-CBC3-SHA:!CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"

(I am on Apache - Synology DS115j)

Here is the check of SSLLabs: https://www.ssllabs.com/ssltest/analyze.html?d=sufix.cz&s=185.47.222.240

The point is: this two algorithms:

DHE-DSS-3DES-EDE-CBC-SHA
DHE-RSA-AES128-CBC-SHA

should be enabled, but they are not. What is wrong here?

score 2 · Accepted Answer · answered Apr 01 '15 at 19:09

I would check with your OpenSSL version that is installed and see if it supports those ciphers first. Try runnining the following command to see what you have installed:

openssl ciphers -v

I'm not sure about DHE-DSS-3DES-EDE-CBC-SHA though, I don't think it works with RSA certificates.

DHE cipher suite issue

1 Answers1