httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <>
Subject [users@httpd] Two SSL directives appear to be not working with SSL Labs server test
Date Tue, 07 Aug 2012 12:14:40 GMT
I have been checking my Apache 2.2.14 server with this link:

I am trying to improve my SSL Labs security score but can't beat 85.
I am running Apache 2.2.14 (from Ubuntu's package).

I get the following scores:

  Certificate              100
  Protocol support       85
  Key exchange          80
  Cipher exchange      90

The test report shows:

  This server is vulnerable to the BEAST attack.
  Certificate Key RSA/4096 bits
  Cipher Suites (sorted by strength; server has no preference)
    TLS_RSA_WITH_RC4_128_MD5 (0x4)	128
    TLS_RSA_WITH_RC4_128_SHA (0x5)	128
    TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)	128
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g:
1, Ys: 128)	128
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits (p: 128,
g: 1, Ys: 128)	168
    TLS_RSA_WITH_AES_256_CBC_SHA (0x35)	256
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g:
1, Ys: 128)	256

I have the following in my server block:

  SSLProtocol all -SSLv2
  SSLHonorCipherOrder On
  # disallow DH ciphers

It looks like the "SSLHonorCipherOrder On" and "SSLCipherSuite"
directives aren't working according to the test report.

I see nothing in the latest Apache2 bug report about any of this.  I
have found a closed bug that fixed the cipher order in 2004 (#28665).

Does anyone have any ideas about the situation?


Best regards,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message