On 07.10.2011 07:10, William A. Rowe Jr. wrote: > Exactly... we should default to a server with a preference for cryptographic > strength, but I have no objection to offering a commented-out, clearly > documented 'alternative' configuration favoring performance, provided that > is clearly labeled as 'not for sensitive data'.
Now that the dust after the "BEAST" bang has settled somewhat (and it's clear that it needs to / will be fixed on the client side [1][2][3]), I think it's a good time to revisit the default setting for SSLCipherSuite - at least for trunk and 2.4. My proposal is something like the attached patch - thoughts, objections? Kaspar [1] https://bugzilla.mozilla.org/show_bug.cgi?id=665814 [2] http://codereview.chromium.org/7621002/ [3] http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Index: docs/conf/extra/httpd-ssl.conf.in =================================================================== --- docs/conf/extra/httpd-ssl.conf.in (revision 1201408) +++ docs/conf/extra/httpd-ssl.conf.in (working copy) @@ -48,12 +48,19 @@ # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL +SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 -# SSL Cipher Honor Order: -# On a busy HTTPS server you may want to enable this directive -# to force clients to use one of the faster ciphers like RC4-SHA -# or AES128-SHA in the order defined by SSLCipherSuite. +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance- +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Pass Phrase Dialog:
