Forum Discussion
What_Lies_Bene1
Cirrostratus
CirrostratusManagement Interface SSL Ciphers
Hey all,
So, I'm trying to restrict the SSL ciphers used with the management interface (including iControl). To test this, I've used the
[tmsh] modify sys httpd ssl-ciphersuite ...*When using a browser I'm negotiating a TLS cipher suite *When using iControl I'm negotiating an even stronger suite: TLS_RSA_WITH_AES_256_CBC_SHA
I've two reasons to do this;
1) I want to troubleshoot some iControl issues
2) I want to disable SSLv3 ciphers, if my changes are ignored, I'm worried
Any ideas anyone?
The ciphersuite I've configured is: -ALL:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA
TMOS v11.4.1 (VE), build 608.0.
What_Lies_Bene1NONE:RC4+RSA as recommended in SOL7823 did the trick but doesn't remove my concern that what should be valid cipher suites are ignored despite a using valid string and not getting an error.Greetings, Here's the default apache cipher list:
DEFAULT:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP
Can you simply append !SSLv3 to the list to disable SSLv3?
tmsh modify sys httpd ssl-ciphersuite 'DEFAULT:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP:!SSLv3' tmsh save sys config bigstart restart httpdLooks to have been added to /etc/httpd/conf.d/ssl.conf and SSLv3 no longer negotiates.
SSLCipherSuite DEFAULT:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP:!SSLv3
Kevin
- What_Lies_Bene1
Thanks Kevin. To be blunt I think I've not being paying attention. Its all working fine. Cheers
JGCumulonimbus
Is there really a cipher suite called SSLv3 for the httpd? It is the SSLv3 protocol that should be disabled entirely, as the two cipher suites supported by that protocol are both insecure.
Please see related thread Disabling SSLv3 for Configuration Utility.
- What_Lies_Bene1
Thanks Jie but I don't see any solution in SOL15702 or the article you link to, for versions prior to 11.5?
Regardless, I'm happy that I can disable SSLv3 by simply specifying
followed by a small set of TLS only ciphers.NONE:- JGI see. Did you test to see if SSLv3 is really disabled after removing SSLv3 cipher suite?
- What_Lies_Bene1See below, restricting the ciphers to TLS1.2 ones indirectly 'disables' SSLv3 (i.e its not disabled but will never be used) without the need to modify the Apache ssl.conf file.
- What_Lies_Bene1
Just for the benefit of others, I've implemented just TLS1.2 supported ciphers using this string;
NONE:DHE-RSA-AES256-SHA:AES256-SHAOpenSSL reports as follows (ignore the SSLv3 output, it's just an OpenSSL 'thing');
$ openssl ciphers -v NONE:DHE-RSA-AES256-SHA:AES256-SHA DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1And here's the output from ssldump proving when I connect that only one of these ciphers is used;
$ ssldump -ndX New TCP connection 1: 10.11.12.13(50592) <-> 192.168.1.1(443) 1 1 0.0491 (0.0491) C>S Handshake ClientHello Version 3.1 resume [32]= 13 70 c7 87 b7 5a 78 8d b6 ca fd cc 4d 92 f9 17 d0 61 90 36 5b 1b 69 cd f1 e5 e7 f9 5f 2a 5b e1 cipher suites Unknown value 0xc02b Unknown value 0xc02f Unknown value 0x9e Unknown value 0xcc14 Unknown value 0xcc13 Unknown value 0xc00a Unknown value 0xc009 Unknown value 0xc013 Unknown value 0xc014 Unknown value 0xc007 Unknown value 0xc011 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA Unknown value 0x9c TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 compression methods NULL 1 2 0.0513 (0.0022) S>C Handshake ServerHello Version 3.1 session_id[32]= 13 70 c7 87 b7 5a 78 8d b6 ca fd cc 4d 92 f9 17 d0 61 90 36 5b 1b 69 cd f1 e5 e7 f9 5f 2a 5b e1 cipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA compressionMethod NULLHere's what happens if I try to connect using Firefox configured to use unwanted ciphers;
1 1 0.0074 (0.0074) C>S Handshake ClientHello Version 3.0 cipher suites Unknown value 0xff SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0x45 SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 compression methods NULL 1 2 0.0080 (0.0005) S>C Alert level fatal value handshake_failure
