tls 1.1 and tls 1.2

justme

Well-Known Member
#3
And now? Defaulting to TLS_RSA_WITH_RC4_128_SHA is not exactly HIGH as far as ciphers are concerned (although that's what I selected).
 

mistwang

LiteSpeed Staff
#6
We have put a build of 4.2.5 with OpenSSL 1.0.1 ,
You can give it a try if you want, with command

/usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.5
 

justme

Well-Known Member
#7
Thank you. Now the only thing missing is being able to tune it with cipher lists, as the hardcoded one doesn't include ECDHE ciphers and TLS_RSA_WITH_RC4_128_SHA being second on the offered list it gets chosen by all browsers but one, IE11 (see www.ssllabs.com/ssltest).
edit: AESNI is useless with non-AES ciphers ;)
 
Last edited:

justme

Well-Known Member
#9
Great, much better! Now if ciphers could be sorted in strength (or offering an option to toggle @strength or @speed), as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA should be above TLS_RSA* to have a chance to get picked by IE. Almost there 8)
edit: actually TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA should be on top to burry these outdated RC4 ciphers (which only XP requires now).
 
Last edited:

mistwang

LiteSpeed Staff
#10
ECDHE-RSA-AES128-SHA256 has the highest priority on server side, so it must be IE8 not support it. TLSv1.0 with AES CBC is not safe to BEAST attack, it has lower priority than RC4.

And remember that ECDHE ciphers is much slower than AES128-GCM-SHA256 or RC4.
 

justme

Well-Known Member
#11
Indeed, security comes at a cost, which could be user-selectable... like all other web servers allowing cipher-list tuning. By the way, the comment on AESNI going to waste still stands (all browsers using RSA with current build).
 

justme

Well-Known Member
#13
What about real life tests? No browser supports AES128-GCM-SHA256 and since it is below TLS_RSA_WITH_RC4_128_SHA on the cipher list it won't get picked anyway. Not trying to be picky but while we are at improving the cipher list...
 

mistwang

LiteSpeed Staff
#14
We use a default cipher string like "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH", and server's cipher order should be followed. You can customize the XML configuration file directly (not through the web console) to get your preferred cipher order.
 

justme

Well-Known Member
#16
Hrm, I need help:
the following suite isn't giving the expected result with 4.2.5:
ECDH+AES256: DH+AES256: DH+AES128: RC4-SHA: !aNULL
DH ciphers are being ignored, along with ECDHE-ECDSA.

Code:
openssl ciphers -v 'ECDH+AES256:DH+AES256:DH+AES128:RC4-SHA:!aNULL'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
 

joe

Well-Known Member
#17
Today I d/l'd 4.2.7 standard and I'm trying to enable TLSv1.1 & TLSv1.2. So far regardless of the configuration items checked on, I cant verify its working. This is running on a Freebsd 9.2 platform. Locally oppenssl is 9.8y but based on the announcement for 4.2.7 its built in isn't it?

Is this possible using my configuration?
 
Top