Hildegard, I believe this is the result of a deliberate change in the OpenSSL API when going to version 1.1.0. In earlier versions of OpenSSL one could switch on/off individual protocols, whereas now one specifies a minimum and maximum TLS version to use. In Apache, the configuration handling needed to accomodate for that and the implementation looks for the "highest" protocol and then scans "downward". If a protocol is not listed, it basically stops. I am not sure why this decision was taken, but it seems that one wanted to avoid enabling a protocol that was not configured. I believe the documentation could be clearer on this. As a token of our good intentions, please see a <https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol> that since Apache 2.4.42 one can configure different protocols for all VirtualHost. So if you need TLSv1 only on a particular host, you can disable it on all others. Hope this helps, Stefan > Am 04.06.2021 um 06:17 schrieb Hildegard Meier <daku8938@xxxxxx>: > > Solution to have TLSv1.2 and TLSv1.0 support together again with Apache 2.4.29 on Ubuntu 18: > > Changing > > SSLProtocol -all +TLSv1.2 +TLSv1 > > to > > SSLProtocol -all +TLSv1.2 +TLSv1.1 +TLSv1 > > This gives the following sslscan output: > > Supported Server Cipher(s): > Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256 > Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits > Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256 > Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 > Accepted TLSv1.2 256 bits AES256-SHA > Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 > Accepted TLSv1.1 256 bits AES256-SHA > Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 > Accepted TLSv1.0 256 bits AES256-SHA > > and connection with all three protocols with curl works, also from the old client which is not TLSv1.2 capable. > > But I want only to allow TLSv1.2 and TLSv1.0, TLSv1.1 is not needed, so I do not want to allow it. > > By luck, I found this Apache bug report about chaotic behaviour resulting from different combinations of options SSLProtocol and SSLCipherSuite: > > https://bz.apache.org/bugzilla/show_bug.cgi?id=60739 > > This is really scary: Undocumented change of behaviour, behaviour that is not reasonable/logic, nearly zero documentation of option SSLProtocol. > > Any explanation by the Apache devs, why > SSLProtocol -all +TLSv1.2 +TLSv1 > did work with Apache 2.4.7 on Ubuntu 14 > > but with Apache 2.4.29 on Ubuntu 18 one has to set > SSLProtocol -all +TLSv1.2 +TLSv1.1 +TLSv1 > to get TLSv1.0 protocol support? > > Any suggestion how I can have TLSv1.2 and TLSv1.0 support, but no TLSv1.1 support at the same time? > > >> Gesendet: Mittwoch, 02. Juni 2021 um 17:29 Uhr >> Von: "Hildegard Meier" <daku8938@xxxxxx> >> An: users@xxxxxxxxxxxxxxxx >> Betreff: Newer Apache does not offer TLS cipher with TLSv1 anymore >> >> Hello, >> >> we host a website which clients still need to use the cipher ECDHE-RSA-AES256-SHA >> >> with protocol "TLSv1.0" aka "TLSv1". >> >> With our old Apache server that worked. Spec: >> Ubuntu 14.04 LTS >> Apache 2.4.7-1ubuntu4.22 >> OpenSSL 1.0.1f-1ubuntu2.27 >> >> Apache config: >> SSLProtocol -all +TLSv1.2 +TLSv1 >> SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA >> >> sslscan shows the following cipher support of the old Apache server: >> Supported Server Cipher(s): >> Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256 >> Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits >> Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256 >> Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 >> Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 >> >> So, ECDHE-RSA-AES256-SHA is offered both via TLSv1.2 and TLSv1.0. >> >> Now we have a newer Apache server setup. Spec: >> Ubuntu 18.04.1 LTS >> Apache 2.4.29-1ubuntu4.14 >> OpenSSL 1.1.1-1ubuntu2.1~18.04.9 >> >> The complete Apache config. is unchanged, so still: >> SSLProtocol -all +TLSv1.2 +TLSv1 >> SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA >> >> But now sslscan shows for the new Apache server: >> Supported Server Cipher(s): >> Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256 >> Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits >> Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256 >> Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 >> >> The problem is, ECDHE-RSA-AES256-SHA is now _only_ supported via TLSv1.2, not via TLSv1.0 anymore. >> >> How does this come? >> >> Is it possible to make the new Apache to offer ECDHE-RSA-AES256-SHA also via TLSv1.0 again? >> >> Thank you very much. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|