3

In SSL labs, I got that I'm using this "weak cipher":

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Now in Apache, this is the set of suites I have enabled:

SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384

To that list above, I tried adding !ECDHE-RSA-AES256-CBC-SHA384, but that didn't help. I also tried adding !CBC, and that doesn't fix the problem in SSL Labs either. What should I do to disable this cipher?

I'm on Debian Buster. The Apache version I'm using is 2.4.38-3+deb10u3. Everything is up-to-date.

The Quantum Physicist
  • 656
  • 2
  • 11
  • 25

1 Answers1

3

The cipher suite you are trying to remove is called ECDHE-RSA-AES256-SHA384 by openssl.

Whenever in your list of ciphers appears AES256 not followed by GCM, it means the server will use AES in Cipher Block Chaining mode. This cipher is by no means broken or weak (especially when used with a good hash function like the SHA-2 variants you have in your list). It is just less recommended than Galois Counter Mode.

Before manually choosing your ciphers your should read Mozilla's Server Side TLS page to make an aware choice. E.g. Debian 8 is just 4 years old and it doesn't have openssl version 1.1.

Once you edit your list of cipher suites as you like, you can test the result with:

openssl ciphers -v 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384'
Piotr P. Karwasz
  • 5,292
  • 2
  • 9
  • 20
  • Thank you. That works! I think they don't prefer CBC cipher mode because it doesn't have authentication, so it might cause problems. I, personally, don't use any encryption without authentication anymore. – The Quantum Physicist Nov 18 '19 at 20:36