Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
TLSv1.3, AES and Apache2 on opensuse leap 15.2
cryptearth at cryptearth
Jul 20, 2020, 7:20 PM
Post #1 of 2 (250 views)
Permalink
first of: as I'm not sure what's causing this issue I'll post this
question on these locations:
opensuse official forums
https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
apache httpd mailing list
openssl mailing list

As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos it's
now possible to use TLSv1.3 with Apache2 out of the box. As I use the
TLS test on ssllabs.com as a reference I encountered some issues I'd
like to ask for help to fix.
First of, as most important, the used versions:

apache2: 2.4.43-lp152.1.1
openssl: 1.1.1d-lp152.1.1

And here's the config (only used ssl-global.conf for this test):

SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384
SSLOpenSSLConfCmd Curves secp521r1:secp384r1

There were no other changes made to any other conf.
As one can see I only enabled AES with 256 bit keylength and ordered
chacha20 preferred over AES. But when testing with ssllabs.com server
test it shows two issues I'm unable to solve myself:

1) although not enabled the server test also shows AES with only 128 bit
keylength enabled and working - hence capping the score to only 90% for
cipher strength (only ciphers with an equivalent of at least RSA 4096
give one full 100%)
2) the order doesn'T match the config - it shows AES256 as the most
preferred one, then followed by the chacha20 and finally the AES128

As I don't know if this is an issue with apache, openssl or opensuse I
posted it on all three to reach most group of people, so, if you're
member of more than one of the mentioned I apologize if you get this
topic multiple times.

Thanks in advance to anyone,

Matt
Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2 [ In reply to ]
cryptearth at cryptearth
Jul 21, 2020, 1:48 AM
Post #2 of 2 (249 views)
Permalink
I'd just like to inform anyone that this topic was solved by replies on
both the opensuse forums as well as on the openssl mailing list. The
trick was to split up the SSLCipherSuites directive:

SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLCipherSuite SSL
ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384

This now results in the ssllabs.com server test only shows the chacha20
and AES256 cipher suites for 1.3 in that order.

As the reply on the opensuse forums noted: As 1.3 requires AES128
(without mention them by name - my guess is this was just another of
those "recommendations" by one of those north-american
three-letter-clubs) the ssllabs.com test had a penalty in place at first
which caped the final score when the server did not offer the mandatory
AES128. But as users reported it as an issue on their githubs it was
decided to lift this penalty as otherwise both, a correct configured
server as well as a "more secure one", would never be able to get all
four tests with 100%. Reasons: I don'T know, couldn't find any
explanation why - only that it was lifted so servers not supporting
AES128 don't get a penalty anymore, although this means it doesn't
follow the RFC exactly anymore.

This topic is solved for now.

Matt

Am 21.07.2020 um 04:20 schrieb cryptearth:
> first of: as I'm not sure what's causing this issue I'll post this
> question on these locations:
> opensuse official forums
> https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
> apache httpd mailing list
> openssl mailing list
>
> As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos
> it's now possible to use TLSv1.3 with Apache2 out of the box. As I use
> the TLS test on ssllabs.com as a reference I encountered some issues
> I'd like to ask for help to fix.
> First of, as most important, the used versions:
>
> apache2: 2.4.43-lp152.1.1
> openssl: 1.1.1d-lp152.1.1
>
> And here's the config (only used ssl-global.conf for this test):
>
> SSLProtocol -all +TLSv1.2 +TLSv1.3
> SSLCipherSuite
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
> SSLOpenSSLConfCmd Curves secp521r1:secp384r1
>
> There were no other changes made to any other conf.
> As one can see I only enabled AES with 256 bit keylength and ordered
> chacha20 preferred over AES. But when testing with ssllabs.com server
> test it shows two issues I'm unable to solve myself:
>
> 1) although not enabled the server test also shows AES with only 128
> bit keylength enabled and working - hence capping the score to only
> 90% for cipher strength (only ciphers with an equivalent of at least
> RSA 4096 give one full 100%)
> 2) the order doesn'T match the config - it shows AES256 as the most
> preferred one, then followed by the chacha20 and finally the AES128
>
> As I don't know if this is an issue with apache, openssl or opensuse I
> posted it on all three to reach most group of people, so, if you're
> member of more than one of the mentioned I apologize if you get this
> topic multiple times.
>
> Thanks in advance to anyone,
>
> Matt

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal