[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#765783: apache2: The sample TLS config should recommend a better cipher list



On Sunday 19 October 2014 12:02:55, Francois Marier wrote:
> On 2014-10-18 at 21:27:24, Stefan Fritsch wrote:
> > I don't think enabling SSLHonorCipherOrder by default is good. It
> > makes it nearly impossible for the clients to select what they
> > think is appropriate. Also, clients will be upgraded much more
> > often during the lifetime of a Debian stable release than
> > apache2. Therefore adjusting the default ciphers to be up-to-date
> > makes more sense on the clients.
> 
> Unfortunately, that's required if you want to prevent cipher suite
> downgrades. Otherwise, you may be setting a preference for good
> ciphers, but it can be ignored and set to something easier to
> attack.

Isn't that the choice of the client? For example, GCM ciphers are very 
slow without special hardware support. Shouldn't a client be able to 
select something different?

> > As an example of how this is problematic, see RC4 and
> > SSLHonorCipherOrder being suggested as mitigation against BEAST,
> > and RC4 later being found to be broken. This caused problems on
> > servers where the configuration has not been updated afterwards.
> 
> Yes, that's the unfortunate reality of using TLS. Server admins have
> to keep up with evolving security guidelines.

Those who do can do that even with the current default config. For the 
rest (which is likely the majority), the current defaults are better.

> > The difference of the overly complicated suggested SSLCipherSuite
> > versus "HIGH" is rather small and does not justify the maintenance
> > problems it causes. If the default is "HIGH" in apache2, it is
> > quite easy to adjust the meaning of "HIGH" in an openssl security
> > update if necessary. Otherwise, a conffile update would be
> > necessary to change it.
> 
> I think there's a lot of value in promoting good cipher suites that
> enable forward secrecy for the majority of users for example. Sure
> it's annoyingly verbose, but that's the only way to achieve this at
> the moment.

The "HIGH" setting also has FS-ciphers as first choices.


Reply to: