1

I use these protocols in the configuration of Apache HTTPD server

SSLProtocol -ALL -SSLv3 +TLSv1.2

I have configured these SSLCipherSuite: 

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCMSHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCMSHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSAAES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSAAES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSAAES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

I used script described here https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers to obtain the list of actual ciphers:

Testing ECDHE-RSA-AES256-SHA384...YES
Testing ECDHE-RSA-AES256-SHA...YES
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA256...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-RSA-AES128-SHA256...YES
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA256...YES

Can server side communicate using cipher that not listed in the CipherSuite? For example can the server side communicate using this DES-CBC3-SHA cipher?

I ask different question. One who use our customers claims that we uses DES-CBC3-SHA. I am sure it is not possible but I will happy for the confirmation.

Community
  • 1
Michael
  • 1,457
  • 1
  • 18
  • 36
  • Possible duplicate of [Picking cipher suites for HTTPS](http://security.stackexchange.com/questions/20045/picking-cipher-suites-for-https) – Purefan Feb 20 '17 at 14:54
  • I ask different question. One who use our customers claims that we uses `DES-CBC3-SHA`. I am sure it is not possible but I want confirmation. – Michael Feb 20 '17 at 14:57
  • You can use [the RFC](https://tools.ietf.org/html/rfc5246#section-7.3) as evidence of how this works: "If the server is authenticated, it may request a certificate from the client, if that is appropriate to the cipher suite selected.", since you have the list of cipher suits allowed you have a definite proof... unless they are not connected to that specific server you're checking – Purefan Feb 20 '17 at 15:15

1 Answers1

3

In short: the client offers the ciphers it likes to use in the ClientHello message of the TLS handshake. The server chooses one of these ciphers based on what is configured on the server side. This means that the server will not chose a cipher from the clients listed when it is not configured on the server side too.

What you describe can thus in theory not happen. In practice it can happen if you look at the configuration of one server but the client actually connects to a different server. This can be for example a SSL terminating load balancer which might forward the clients traffic again with SSL to you, but where the SSL handshake is done between the load balancer and the client and not your server and the client. In this case your configuration does not matter but instead the load balancers configuration is the relevant one from the perspective of the client.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424