2

Until now I was only aware of Hynek Schlawack's blog post on hardening web server cyphers having a relatively short list of cyphers.

But recently I found How to fix 'logjam' vulnerability in Apache (httpd) which pointing to the much longer intermediate list from Mozilla Security: Server Side TLS.

The lists are quite different, so I wonder how to map between the two.

I split both so there one cypher per line making spotting differences easier:

https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

ECDH+AESGCM
DH+AESGCM
ECDH+AES256
DH+AES256
ECDH+AES128
DH+AES
ECDH+3DES
DH+3DES
RSA+AESGCM

https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations

ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA
DHE-RSA-AES256-SHA
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-SHA256
AES256-SHA256
AES128-SHA
AES256-SHA
AES
CAMELLIA
DES-CBC3-SHA
!aNULL
!eNULL
!EXPORT
!DES
!RC4
!MD5
!PSK
!aECDH
!EDH-DSS-DES-CBC3-SHA
!EDH-RSA-DES-CBC3-SHA
!KRB5-DES-CBC3-SHA
Community
  • 1
Jeroen Wiert Pluimers
  • 286
  • 5
  • 14

1 Answers1

3

If you put both of these specifications into openssl ciphers -V and compare you will find that:

  • 25 ciphers are contained in both sets.
  • The set from Mozilla contains 6 SRP (secure remote password) ciphers which are not supported by the browsers. It also contains 7 ciphers using CAMELIA. I don't know which browser supports these ciphers but according to SSLLabs none of the major desktop browsers offers it. The rest are DSS ciphers which you only need if you have a certificate using a DSA key. Usually certificates use RSA and sometimes ECDSA.
  • The set from Hynek includes instead some more RSA and ECDSA ciphers.

In my opinion the set from Hynek makes more sense, especially since the ciphers only in the set from Mozilla are usually not supported by either the browser or the servers certificate anyway.

Steffen Ullrich
  • 12,227
  • 24
  • 37
  • 1
    Thanks for the `openssl ciphers -V` command. In which order does that list them? – Jeroen Wiert Pluimers Jul 12 '15 at 16:56
  • 2
    @JeroenWiertPluimers: they are listed in the order of preference. Although this is only relevant if you also set the option set the server should use its order and not the clients preferred order of ciphers. – Steffen Ullrich Jul 12 '15 at 17:00
  • Thanks again. How does the selector work? `openssl ciphers -V "RSA+AESGCM"` lists a few "Mac=AEAD" entries, but `openssl ciphers -V "AEAD"` lists none. But `openssl ciphers -V "PSK"` lists some `Mac=SHA1` entries and `openssl ciphers -V "SHA1"` lists even more entries having `Mac=SHA1*` – Jeroen Wiert Pluimers Jul 12 '15 at 17:07
  • 1
    @JeroenWiertPluimers: please see the [documentation of the ciphers command](https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT) for details. – Steffen Ullrich Jul 12 '15 at 20:30
  • Thanks again. https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT explained the + and https://www.openssl.org/docs/apps/ciphers.html#CIPHER-STRINGS the groups. A few `openssl ciphers -V` commands combined with sorting will get me going. Accepted your answer. – Jeroen Wiert Pluimers Jul 12 '15 at 20:34