Apache SSL settings in vhost.conf.master outdated. (disable TLSv1-1.1 enable TLSv1.3)
the current apache SSL settings are outdated.
TLSv1 TLSv1.1 should be disabled, we should NOT respect outdated systems.
The following settings allow TLSv1.2 and TLSv1.3 on Debian Buster with letsencrypt enabled sites. Resulting in A+.
tmpl_if name='ssl_enabled
SSLEngine on
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLCipherSuite 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
# Optional add : SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/apache-dhparams.pem"
SSLOptions +StrictRequire
<IfModule mod_headers.c>
Header always add Strict-Transport-Security "max-age=15768000"
</IfModule>
For an A+ you must enable : Strict Transport Security (HSTS).
These result in A+ 100 100 90 90 on ssllabs.com
Cipher Suites
TLS 1.3 (suites in server-preferred order)
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 4096 bits FS 128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits FS 256
Sidenote on the TLS ciphers. I've set the 128bit before the 256 to gain performance and reduce load. If you preffer strongest first. use : SSLCipherSuite 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256' SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Not supported. IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure Safari 6 / iOS 6.0.1 Server sent fatal alert: handshake_failure Safari 7 / iOS 7.1 R Server sent fatal alert: handshake_failure Safari 7 / OS X 10.9 R Server sent fatal alert: handshake_failure Safari 8 / iOS 8.4 R Server sent fatal alert: handshake_failure Safari 8 / OS X 10.10 R Server sent fatal alert: handshake_failure
Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI 2 Protocol mismatch (not simulated) Android 4.0.4 Protocol mismatch (not simulated) Android 4.1.1 Protocol mismatch (not simulated) Android 4.2.2 Protocol mismatch (not simulated) Android 4.3 Protocol mismatch (not simulated) Baidu Jan 2015 Protocol mismatch (not simulated) IE 6 / XP No FS 1 No SNI 2 Protocol mismatch (not simulated) IE 7 / Vista Protocol mismatch (not simulated) IE 8 / XP No FS 1 No SNI 2 Protocol mismatch (not simulated) IE 8-10 / Win 7 R Protocol mismatch (not simulated) IE 10 / Win Phone 8.0 Protocol mismatch (not simulated) Java 6u45 No SNI 2 Protocol mismatch (not simulated) Java 7u25 Protocol mismatch (not simulated) OpenSSL 0.9.8y Protocol mismatch (not simulated) Safari 5.1.9 / OS X 10.6.8 Protocol mismatch (not simulated) Safari 6.0.4 / OS X 10.8.4 R Protocol mismatch (not simulated)
While running this, enable website redirection for Protocol mismatches to a landing page saying that the current browers/os version is marked as insecure and not supported.