0

I have a apache server running and following configuration for ssl:

 Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
 SSLProtocol -all +TLSv1.2
 SSLCompression Off
 SSLHonorCipherOrder on
 SSLCipherSuite "ECDH+AESGCM256:DH+AESGCM256:ECDH+AES256:SH+AES256:RSA+AESGCM256:RSA+AES256:!aNULL:!MD5:!kEDH:!DSS"

In Chrome i got the same "problem" as the user asked here: Google Chrome "Your connection to website is encrypted with obsolete cryptography"

Can anyone tell me what i have to change in this configuration that i get "modern cryptography"?

My certificate is signed with SHA512withRSA and I only want to support 256-Bit chiphers.

MCSeifert
  • 3
  • 1
  • (I have barely ever used Chrome and never done anything else with it, but) Chrome might be objecting to your server not supporting forward secrecy. –  May 29 '15 at 08:07
  • @RickyDemer I tested my server with Qualys SSL Labs and the result was that Chrome supports Forward Secrecy – MCSeifert May 29 '15 at 08:30

1 Answers1

5

When looking what ciphers you actually provide:

openssl ciphers -V 'ECDH+AESGCM256:DH+AESGCM256:ECDH+AES256:SH+AES256:RSA+AESGCM256:RSA+AES256:!aNULL:!MD5:!kEDH:!DSS'

      0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
      0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
      0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
      0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
      0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
      0xC0,0x0A - ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
      0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
      0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
      0xC0,0x2A - ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
      0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
      0xC0,0x0F - ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
      0xC0,0x05 - ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
      0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
      0x00,0x3D - AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
      0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

You provide ciphers with GCM, which is what you need for "modern cryptography". But you provide only ciphers with SHA384, which is not supported by Chrome. Thus none of the GCM ciphers can be used by the client and only the "obsolete cryptography" ciphers can be used.

My certificate is signed with SHA512withRSA and I only want to support 256-Bit chiphers.

You should provide adequate security and not "mine is bigger than yours" security. AES128-GCM-SHA256 is adequate and supported by Chrome.

I recommend reading https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86
Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Thanks. That was an interesting bit of new TLS trivia for me. No SHA384 in Chrome. Huh. I wouldn't have known. How did you know this? Is this is explicitly documented somewhere? Did you just run the [SSL Labs client test](https://www.ssllabs.com/ssltest/viewMyClient.html)? – StackzOfZtuff May 29 '15 at 09:37
  • 2
    The SSL Labs client tests shows it too, but I've stumbled over this while debugging other stuff. But Firefox doesn't support this either and IE only got this end of last year with the repeatedly broken updates for the MS14-066 "WinShock" remote code execution in SChannel. – Steffen Ullrich May 29 '15 at 10:02