I'm in the process of configuring an Apache web server to utilize only NIST-approved encryption (specifically FIPS 140-2/140-3 compliant). Easy enough, right?
Apache config, specifically identifying 4 FIPS compliant ciphers and TLS 1.2 & TLS 1.3.
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
ssllabs is showing the change, many of the previously included cipher suites are now removed (captured from ssllabs report):
Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (0x1302)
TLS_CHACHA20_POLY1305_SHA256 (0x1303)
TLS_AES_128_GCM_SHA256 (0x1301)
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
The issue is CHACHA20_POLY1305 over TLS 1.3 is still listed. Since this suite is not FIPS validated, I'm attempting to remove it.
I've reviewed all apache config files, only this one has the CipherSuite command. Which I also assume to be the case since all other 'standard' suites have been successfully removed.
I've also tried specifically removing it with excluding it, with the same result.
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:!CHACHA20:!POLY1305
Any suggestions?
TLSv1.3 cipher suites are separate set than cipher suites of older TLS versions.
Also openssl library itself provides different function for setting TLSv1.3 ciphersuites: SSL_CTX_set_ciphersuites().
Function for older TLS-versions is: SSL_CTX_set_cipher_list().
This might be reason why also apache requires own list for TLSv1.3.
Try something like this:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
SSLHonorCipherOrder on