Hi Michael and Peter, > > Actually I proposed that in the discussion to another patch, but > Wolfgang said that we would exclude too many systems. I still think that there might be too many clients, which do not have support for TLS 1.2. I would suggest postponing this step to next year. Also, for the modern configuration, we should edit the SSLProtocol value: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 This allows anyone to understand that only TLSv1.2+ is supported. Regarding the re-ordering of the cipher suites: ECDHE-ECDSA is not always faster than ECDHE-RSA. It depends on the size of the EC and the RSA key. Although I'm assuming that a 4096-bit key is quite slow... I somewhere read that 2048-bit RSA is faster than 256-bit curve. We are using a 4096-bit RSA together with a 384-bit curve. Did anyone perform some measurements? > > Did you see that conversation? And I really thought that maybe my mail did not make it through after reading the patch... Best regards, Wolfgang > > On Tue, 2017-11-07 at 20:51 +0100, Peter Müller wrote: > > Change the TLS cipher list of Apache to "Mozilla Modern". > > > > ECDSA is preferred over RSA to save CPU time on both server and > > client. Clients without support for TLS 1.2 and AES will experience > > connection failures. > > > > Signed-off-by: Peter Müller > > --- > > config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > index c9ccd5be5..d08d3d2bb 100644 > > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > @@ -9,7 +9,7 @@ > > TransferLog /var/log/httpd/access_log > > SSLEngine on > > SSLProtocol all -SSLv2 -SSLv3 > > - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA > > -AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:EC > > DHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA2 > > 56:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-S > > HA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA: > > CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256 > > -SHA > > + SSLCipherSuite > > + ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-EC > > + DSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-S > > + HA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE- > > + RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA25 > > + 6 > > SSLHonorCipherOrder on > > SSLCertificateFile /etc/httpd/server.crt > > SSLCertificateKeyFile /etc/httpd/server.key