[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Hanno Böck
hanno at hboeck.de
Tue Dec 16 02:15:41 UTC 2014
On Mon, 15 Dec 2014 18:07:15 -0800
Ryan Sleevi <rsleevi at chromium.org> wrote:
> I fear you may have misread again.
>
> SSLHonorCipherOrder is on by default, and respects the client
> preferences. The mainstream clients generally prefer GCM over CBC,
> ergo, honoring the cipher order is the right thing.
>
> By setting SSLHonorCipherOrder to false (disabling it), you set the
> servers preference. It now becomes the server operator's
> responsibility to configure the ciphersuites correctly, which gets
> into the issues you were wanting to avoid.
Reading apache doc tells me the opposite:
"When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the
client's preference is used. If this directive is enabled, the server's
preference will be used instead."
> As Rich said, have you observed this in practice and looked into why?
I have on my own servers and as I already wrote you can on
see it on www.openssl.org.
Having tested with not setting SSLHonorCipherOrder however causes other
issues - some other browsers won't use FS ciphers then (notably some
older IE versions and all mobile IEs - at least that's what the ssl labs
test says).
To reiterate the above said, I have two apache configs:
SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL at STRENGTH
Result: GCM in chrome/ff, but no FS in many IE versions (and A- on ssl
labs).
SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL at STRENGTH
Result: no GCM in chrome/ff, but FS in all ssl labs reference browsers
(and A+ rating).
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mta.opensslfoundation.net/pipermail/openssl-dev/attachments/20141216/66f9f9a4/attachment-0001.sig>
More information about the openssl-dev
mailing list