SSLCipherSuite order is not respected

Hello all,

I quote the mod_ssl documentation present at
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9

"An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1 cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use, one can either specify all the Ciphers,
one at a time, or use aliases to specify the preference and order for the ciphers (see Table 1). "

There it says "use aliases to specify the preference and order for the ciphers".
I wonder what is meant by this.

My problem emerged with a Netscape browser which can speak both weak and strong ciphers. In the SSL handshake it presents all these ciphers. Next, the apache server takes his set of supported ciphers,
and makes the intersection between his set and the set of the client.

Now one could expect that the server takes the cipher from this intersection, which is the first in its SSLCipherSuite settings, or maybe that the server takes the strongest common cipher. However
this is not true: the server just takes the first supported cipher requested by the client.

The funny thing is that most clients first present their weak ciphers, and next their strong ciphers. This makes that all strong browsers speaking with most ssl servers, will always speak a very weak
cipher.

I think mod_ssl or openssl should be tuned to use their SSLCipherSuite config to choose the cipher, instead of using the client config.

I found a reference on this in a thread from 1998
http://marc.theaimsgroup.com/?l=apache-ssl&m=91231283120300& w=2

Apparently this is not considered a problem, although I consider this a change request for mod_ssl and/or openssl.

Kind regards,

--
__________________________________________________

Carl D'Halluin - Product Manager DMZ/Shield
We secure e-business.

http://www.ubizen.com
tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00
Ubizen - Ubicenter - Philipssite 5 - B-3001 Leuven - Belgium
__________________________________________________
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLCipherSuite order is not respected

On Thu, Oct 10, 2002 at 01:08:01PM +0200, Carl D'Halluin wrote:
> Now one could expect that the server takes the cipher from this intersection, which is the first in its SSLCipherSuite settings, or maybe that the server takes the strongest common cipher. However
> this is not true: the server just takes the first supported cipher requested by the client.

This is the default behaviour of OpenSSL.

> The funny thing is that most clients first present their weak ciphers, and next their strong ciphers. This makes that all strong browsers speaking with most ssl servers, will always speak a very weak
> cipher.
>
> I think mod_ssl or openssl should be tuned to use their SSLCipherSuite config to choose the cipher, instead of using the client config.
>
> I found a reference on this in a thread from 1998
> http://marc.theaimsgroup.com/?l=apache-ssl&m=91231283120300& w=2
>
> Apparently this is not considered a problem, although I consider this a change request for mod_ssl and/or openssl.

OpenSSL as of 0.9.7 does have the necessary option to change this default.
Set SSL_OP_CIPHER_SERVER_PREFERENCE with SSL_CTX_set_options().
However: as far as I am aware, mod_ssl does not yet have a httpd.conf option
to enable this flag.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org