TLSv1.3, AES and Apache2 on opensuse leap 15.2

Rüdiger Plüm r.pluem at gmx.de
Tue Jul 21 06:40:39 UTC 2020



On 7/21/20 4:20 AM, cryptearth wrote:
> first of: as I'm not sure what's causing this issue I'll post this question on these locations:
> opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
> apache httpd mailing list
> openssl mailing list
>
> As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos it's now possible to use TLSv1.3 with Apache2 out of the box.
> As I use the TLS test on ssllabs.com as a reference I encountered some issues I'd like to ask for help to fix.
> First of, as most important, the used versions:
>
> apache2: 2.4.43-lp152.1.1
> openssl: 1.1.1d-lp152.1.1
>
> And here's the config (only used ssl-global.conf for this test):
>
> SSLProtocol -all +TLSv1.2 +TLSv1.3
> SSLCipherSuite
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384

Try replacing the one SSLCiphersuite directive above with the below two ones:

SSLCipherSuite ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite

Regards

Rüdiger



More information about the openssl-users mailing list