Trying to mitigate Logjam on Apache 2.2.16

Question

I am trying to follow the instructions located here to mitigate for the logjam vulnerability, however I keep getting the following error from appache:

Syntax error on line 18 of /etc/apache2/sites-enabled/000-default:
Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

When I add the following line to the config:

SSLOpenSSLConfCmd DHParameters /etc/ssl/certs/dhparams.pem

My appache details are:

Server version: Apache/2.2.16 (Debian)
Server built:   Oct 16 2014 10:27:58
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.4.2, APR-Util 1.3.9
Compiled using: APR 1.4.2, APR-Util 1.3.9
Architecture:   32-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

I have been searching, but cant find any way to resolve this issue.

possible duplicate of [How to fix 'logjam' vulnerability in Apache (httpd)](http://serverfault.com/questions/693241/how-to-fix-logjam-vulnerability-in-apache-httpd) — Jenny D, Jun 08 '15 at 08:03

score 8 · Answer 1 · answered May 21 '15 at 08:44

also apache 2.2.22 (debian 7) I also removed the problematic ciphers one by one, according to the qualys ssl labs test https://www.ssllabs.com/ssltest/index.html it passes now, only WinXP / IE6 is incompatible

Cipher i ended up using:

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA

this is based on the recommendation from https://weakdh.org/sysadmin.html but removing the dh-ciphers that the test marked as problematic

score 4 · Accepted Answer · edited Jun 11 '20 at 10:02

4

From the Apache documentation, the SSLOpenSSLConfCmd option was added in version 2.4.8:

Compatibility: Available in httpd 2.4.8 and later, if using OpenSSL 1.0.2 or later

You will need to update to a later version of Apache if you need to use this option.

edited Jun 11 '20 at 10:02

Community

1

answered May 20 '15 at 13:52

Craig Watson

9,370
3
30
46

I am running Debian 6, and that command results in "Module ssl already enabled". – Joel Lewis May 20 '15 at 13:55
Apologies, see my edited answer. – Craig Watson May 20 '15 at 13:56
Thanks looks like I need to look at updating Debian soon. – Joel Lewis May 20 '15 at 13:58
You may not need to upgrade, see this answer for more detail: http://serverfault.com/a/693244/163830 – Craig Watson May 20 '15 at 13:59
@CraigWatson Red Hat backported the relevant code, Debian doesn't appear to have done. – Michael Hampton May 20 '15 at 22:16

score 4 · Answer 3 · edited May 21 '15 at 19:43

4

The "SSLOpenSSLConfCmd" config parameter isn't working for Apache 2.2 and it doesn't provide any similar config parameter for this. Though there is a workaround for Apache 2.2 until there is an official patch: https://bitbucket.org/snippets/wneessen/grb8

edited May 21 '15 at 19:43

Community

1

answered May 20 '15 at 22:15

Winni

41
2

score 1 · Answer 4 · answered May 20 '15 at 15:43

1

I have apache 2.2.22 (Debian) and now use the following CipherSuite, which works for most modern browsers because it omits DH:

SSLCipherSuite ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

answered May 20 '15 at 15:43

digitalhippie

35
1

1

Could you please elaborate on how this ciphersuite has been constructed and why it is better than others? – sebix May 20 '15 at 15:54
1

Actually, I have difficulties in understanding WHY I should elaborate, but anyway: I started from what was considered "safe" about a year ago (from SSLLabs.com) and gradually took away whatever popped up as "unsafe", carefully checking for browser compatibility (again: SSLLabs and the sslscan utility) ... besides: I never claimed this suite was better than others, you will have to test (and see) for yourselves. – digitalhippie May 20 '15 at 16:26
2

*you will have to test (and see) for yourselves* Than it's not an answer but a guess. Omitting DH is quite radical, as DH is not broken by itself. – sebix May 20 '15 at 17:02
4

"I have difficulties in understanding WHY I should elaborate" because this is an open question and answer site and if you can't elaborate on the details no one should trust your answer. – jeremyjjbrown May 21 '15 at 00:58
-1 for the reason @sebix has said - this is a guess, not an answer. – Craig Watson May 21 '15 at 07:18
A couple of notes: not everyone can or even want to recompile their Apache to support SSLOpenSSLConfCmd. If you really feel like the Apache version that Debian ships is bad - report it to the Debian team. Since Debian uses an older version of Apache it makes sense to disable DH until they can release a newer version. If you feel that DH is secure and should be used - talk to the guys behind SSL Labs to flag it in their tests - this gives an A on their test and they seem like a fairly trustworthy source. – Natalie Adams May 22 '15 at 23:57

elbarna · Answer 5 · 2015-06-12T23:15:39.357

I avoid the logjam in a apachet 2.4 server but with openssl 1.0.1 using this

SSLProtocol -all +TLSv1 +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Then i create the dhparams

openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem

and add to cert

cat /etc/ssl/certs/dhparams.pem >> /etc/ssl/certs/serverhttp.crt

reload apache

apachectl -k graceful

And check it with the tool in this site or with nmap

nmap --script ssl-enum-ciphers -p 443 yourserver |grep weak

score 0 · Answer 6 · answered Jun 27 '15 at 01:08

On Apache httpd 2.4.7 and earlier:

The ephemeral/anonymous DH ([EC]DHE, those providing perfect forward secrecy) will be computed automatically from standardized DH primes (parameters) whose size is based on the server certificate's modulus (namely 2048/3072/4096/6144/8192, or still 1024 if the certificates is a -not recommended- 1024 bits one).

Source

Basically it says that Apache < 2.4.7 will use DH parameters the same length as the certificate modulus length, though I have Apache & mod_ssl 2.2.15 with a 2048 cert for which the test indicates it is using the "Common 1024-bit Prime" for DHE.

On the other hand, Apache 2.2 docs states that mod_ssl < 2.2.30 is not capable of using key lengths > 1024:

Beginning with version 2.2.30, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits

The CipherSuite in use is as indicated by the Mozilla config generator:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

score -1 · Answer 7 · answered May 22 '15 at 15:03

The greenone83 ciphers helped me! I pass from B on SSL Qualys Labs to A.

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA

Trying to mitigate Logjam on Apache 2.2.16

7 Answers7