How to prioritize TLS 1.2 connections on Apache/IBM HTTP Server

aixapache-2.4tls

I have an IBM AIX machine running IBM HTTP Server version 8.5.5.0 which was recently configured to use TLS 1.2. Per corporate policy my server is supposed to use TLS 1.2, but for compatibility purposes we also have TLS 1.1 enabled. Testing with OpenSSL using openssl s_client -connect ihs8server.example.com:443 -tls1_2 reveals that the server is accepting TLS 1.2 connections properly. However, when I connect from my browser (Firefox ESR 38.7.0), the connection security information dialog says I got a TLS 1.1 connection.

Is there any way to configure IBM HTTP Server (or Apache for that matter, since IHS is very similar) to default to TLS 1.2 but allow the option of connecting over TLS 1.1 in case a client does not support it?

Best Answer

In Apache...

You can remove the protocols you do not want to support.

SSLProtocol all -SSLv2 -SSLv3

You can create Ciphers based on your preference and set the system to follow it/negotiate in that order.

SSLHonorCipherOrder     on

Here's a good SSL Cipher generator that always up to date with the latest Ciphers. From Mozilla.

Related Solutions

Apache – How to Disable TLS 1.1 & 1.2 in Apache

Intrigued by this bug (and yes, I've been able to reproduce it) I've taken a look at the source code for the latest stable version of mod_ssl and found an explanation. Bear with me, this is gonna get amateur-stack-overflowish:

When the SSLProtocol has been parsed, it results in a char looking something like this:

0 1 0 0
^ ^ ^ ^
| | | SSLv1
| | SSLv2
| SSLv3
TLSv1

Upon initiating a new server context, ALL available protocols will be enabled, and the above char is inspected using some nifty bitwise AND operations to determine what protocols should be disabled. In this case, where SSLv3 is the only protocol to have been explicitly enabled, the 3 others will be disabled.

OpenSSL supports a protocol setting for TLSv1.1, but since the SSLProtocol does not account for this options, it never gets disabled. OpenSSL v1.0.1 has some known issues with TLSv1.2 but if it's supported I suppose the same goes for that as for TLSv1.1; it's not recognized/handled by mod_ssl and thus never disabled.

Source Code References for mod_ssl:

SSLProtocol gets parsed at line 925 in pkg.sslmod/ssl_engine_config.c
The options used in the above function is defined at line 444 in pkg.sslmod/mod_ssl.h
All protocols gets enabled at line 586 in pkg.sslmod/ssl_engine_init.c whereafter specific protocols gets disabled on the subsequent lines

How to disable it then?

You have a few options:

Disable it in the OpenSSL config file with:
Protocols All,-TLSv1.1,-TLSv1.2
Rewrite mod_ssl ;-)

TLS 1.2 – How to Verify if TLS 1.2 is Supported on a Remote Web Server

You should use openssl s_client, and the option you are looking for is -tls1_2.

An example command would be:

openssl s_client -connect google.com:443 -tls1_2

If you get the certificate chain and the handshake you know the system in question supports TLS 1.2. If you see don't see the certificate chain, and something similar to "handshake error" you know it does not support TLS 1.2. You can also test for TLS 1 or TLS 1.1 with -tls1 or tls1_1 respectively.