[dochtman]

I think this CipherSuite is actually better than what you have (and Qualys seems to think so, too):

SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

Also, I couldn't get your disabling of SSL compression to work (on Gentoo Linux), either by pasting the export line into /etc/conf.d/apache2 (at the end) or /etc/init.d/apache2 (at the top).

[jgrahamc]

That, coincidentally, is the configuration that we (CloudFlare) are using for all our SSL sites: http://blog.cloudflare.com/new-ssl-vulnerabilities-cloudflar... One of the things we try to do for our customers is worry about this sort of thing so they don't have to.

[hynek]

Yes, but some of the ciphers aren’t supported in widely used OpenSSL versions (like 0.9.8). I wanted to give people a configuration that works everywhere and is reasonable secure.

If they want more, there’s a link list at the end. Let’s not make perfect the enemy of the good.

Edit I’ve added an advanced section with a link to here so you get your credit. :)

[timdoug]

To be fair, that line does work everywhere; the unrecognized ciphers are just ignored. In fact, on my Debian VPS with OpenSSL 0.9.8 it results in the exact same list of ciphers as the Apache one given in the post ("openssl ciphers" on the command line is very useful).

May as well add the newer ones to get the support if you upgrade your SSL library without having to change your Apache/nginx/etc. conf.

[CrLf]

For openssl 0.9.8, where "ECDHE-RSA-AES128-SHA256" and "AES128-GCM-SHA256" aren't supported, that cipher suite actually places RC4 40bit as the preferred cipher ("openssl ciphers -v").

[newman314]

For that reason, I prefer to explicitly list the ciphers to be used to avoid situations like this or when OpenSSL decides to modify its cipher list.

FWIW, this is what I use:

ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-S HA:RC4-SHA:AES128-SHA:AES256-SHA;

[ksdlck]

Unless you're worried about lack of GCM (and I guess you're not, given the next suite spec), you might as well make that highest-preference suite ECDHE-RSA-AES128-GCM-SHA256.