SSL/TLS 1.2 on Apache with openssl 1.0.1

apache-2.2 openssl

I built and installed openssl 1.0.1. How do I force Apache to use TLS 1.2 Ciphers?


TLS 1.2 is covered in these 2 documents;
https://www.rfc-editor.org/rfc/rfc5246
https://www.rfc-editor.org/rfc/rfc6176

Basically the latter doc is Prohibiting SSL 2.0 from being negotiated by TLS1.2 and this is the default for httpd 2.2 shipped with fedora; eg SSLProtocol all -SSLv2

However your question was about CipherSuites which are also covered in those docs; By the looks of it, the only mandatory cipher suite for TLS 1.2 is TLS_RSA_WITH_AES_128_CBC_SHA

Appendix C. Cipher Suite Definitions
Cipher Suite                            Key        Cipher         Mac
                                        Exchange
TLS_RSA_WITH_AES_128_CBC_SHA            RSA          AES_128_CBC  SHA

This says that the server must provide an RSA certificate for key exchange, and that the cipher should be AES_128_CBC and the Mac SHA.

From the httpd mod_ssl docs, this translates to;

 SSLCipherSuite aRSA:kRSA:AES128-CBC:SHA

which is documented here;
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite

Related

NIC disabled in AWS instance
Configuring Frame Relay using a Switch Simulation - Packet Tracer
Can't connect to SMTP server
How can I stop Windows DNS server properties settings from changing by themselves?
get swap usage for a process
inverse of `lsof -i`
Supermicro + IPMI + FreeBSD: Kernel prints at 1-bps
Windows Server 2008 DNS Server and Root Hints Location
How to allow Active Directory authenticated users use Nagios web interface?
Mass 301 redirect URLs with Nginx
Restricting Internet Access in Windows 7
how to limit the number of simultaneous processes per user in the system?