Ssl – Unable to turn off SSLv3 on Apache 2.4.9 without losing TLS 1.1 and 1.2

apache-2.4mod-sslssl

I have an interesting problem with two Linux servers with Apache 2.4.9: i'm trying to disable SSL v3 and RC4 in order to block POODLE and keep SSL Labs happy. However, whenever i turn off SSL v3, i also lose TLS 1.1 and 1.2 (keeping only TLS 1.0).

Here's my Apache version:

$ apachectl -v
Server version: Apache/2.4.9 (Unix)
Server built:   Mar 24 2014 10:51:20

And OpenSSL:

$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

And Linux:

$ cat /proc/version
Linux version 2.6.32-279.11.1.el6.x86_64 (mockbuild@x86-009.build.bos.redhat.com) (gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) ) #1 SMP Sat Sep 22 07:10:26 EDT 2012

Here's what i tried:

# TLS 1.0 only
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite MEDIUM:HIGH:!RC4

This first one is what i would expect to work, and i have used it successfully in other Apache installations. The result is TLS 1.0 only.

# SSLv3, TLS1.0, 1.1, 1.2
SSLProtocol all -SSLv2
SSLCipherSuite MEDIUM:HIGH:!RC4

This turns off RC4, and keeps TLS 1.0, 1.1 and 1.2, but SSL v3 is also enabled.

finally:

# TLS 1.2 only
SSLProtocol all 
SSLCipherSuite MEDIUM:HIGH:!RC4:!SSLv3

This combination results in TLS 1.2 only (no TLS 1.0 or 1.1, no SSL).

I'm thinking this is a bug in mod_ssl in the Apache i have. I'm curious if anyone here has seen this, and if you have found a way to have TLS 1.0, 1.1 and 1.2 enabled, but SSL disabled.

Thanks.

Best Answer

Is the use of MEDIUM preventing TLS 1.1 and 1.2 from being enabled? Below is my config. I don't remember why I forced the cipher order. I just checked at Qualys and it shows Only TLS is enabled 1.0, 1.1, 1.2.

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK

Related Solutions

Security – How to enable TLS 1.1 and 1.2 with OpenSSL and Apache

TLS1.2 is now available for apache, to add TLSs1.2 you just need to add in your https virtual host configuration:

SSLProtocol -all +TLSv1.2

-all is removing other ssl protocol (SSL 1,2,3 TLS1)

+TLSv1.2 is adding TLS 1.2

for more browser compatibility you can use

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2

by the way you can increase the Cipher suite too using:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GC$

You can test your https website security with an online scanner like: https://www.ssllabs.com/ssltest/index.html

Apache – How to Disable TLS 1.1 & 1.2 in Apache

Intrigued by this bug (and yes, I've been able to reproduce it) I've taken a look at the source code for the latest stable version of mod_ssl and found an explanation. Bear with me, this is gonna get amateur-stack-overflowish:

When the SSLProtocol has been parsed, it results in a char looking something like this:

0 1 0 0
^ ^ ^ ^
| | | SSLv1
| | SSLv2
| SSLv3
TLSv1

Upon initiating a new server context, ALL available protocols will be enabled, and the above char is inspected using some nifty bitwise AND operations to determine what protocols should be disabled. In this case, where SSLv3 is the only protocol to have been explicitly enabled, the 3 others will be disabled.

OpenSSL supports a protocol setting for TLSv1.1, but since the SSLProtocol does not account for this options, it never gets disabled. OpenSSL v1.0.1 has some known issues with TLSv1.2 but if it's supported I suppose the same goes for that as for TLSv1.1; it's not recognized/handled by mod_ssl and thus never disabled.

Source Code References for mod_ssl:

SSLProtocol gets parsed at line 925 in pkg.sslmod/ssl_engine_config.c
The options used in the above function is defined at line 444 in pkg.sslmod/mod_ssl.h
All protocols gets enabled at line 586 in pkg.sslmod/ssl_engine_init.c whereafter specific protocols gets disabled on the subsequent lines

How to disable it then?

You have a few options:

Disable it in the OpenSSL config file with:
Protocols All,-TLSv1.1,-TLSv1.2
Rewrite mod_ssl ;-)