4

What do I have to change so Google Chrome won't say that I am using an obsolete key exchange?

Obsolete Connection Settings

The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a stronc cipher (AES_128_GCM).

I am using Apache 2.4.18 and OpenSSL 1.0.2g. These are my settings:

SSLOpenSSLConfCmd DHParameters /etc/ssl/certs/dhparam.pem SSLOpenSSLConfCmd ECDHParameters Automatic SSLOpenSSLConfCmd Curves secp521r1:secp384r1:prime256v1 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000)

These are the recommended modern settings from the Mozilla ssl-config-generator. Any ideas?

Improve this question
6
  • 1
    The config you show (only ECDHE key exchange) does not match the message (RSA key exchange). My guess is that the configuration you show is not the one which is in effect, maybe because you've failed to restart, have a different SSL configuration in some other config files or have a reverse proxy in front with different configuration. Commented Dec 18, 2016 at 12:41
  • Firefox is using the correct key exchange. So maybe I'll need to reset something in Google Chrome?? Commented Dec 18, 2016 at 14:32
  • How do you know that Firefox is using the expected key exchange? And no, there is nothing to reset in Chrome: which key exchange is used is determined by the ciphers suite which is ultimately chosen by the server. You might check your site agains SSLLabs for more information which configuration is seen from the internet and which cipher will be used with different browsers. Commented Dec 18, 2016 at 15:32
  • FYI OpenSSL 1.0.2 (and earlier) does not support CHACHA-POLY, only 1.1.0 does. However OpenSSL ignores unsupported items in a cipherlist with others, so setting it now does no harm and may save you a few seconds later. Commented Dec 19, 2016 at 3:13
  • 1
    @EasyPeasy: check the certificate you get, i.e. the full chain. There might be an SSL interception going on, for example by a local AV or by a corporate firewall. In this case you will see differences in the certificate (fingerprint does not match original fingerprint), in the chain and there might also be differences in TLS protocol and cipher since the connection from the browser is not to the original server but to some MITM with different TLS settings. Commented Dec 19, 2016 at 14:05

1 Answer 1

Reset to default
-1

As Steffen Ullrich mentions in the comments, Google Chrome or Chromium basically lets you know there is no ECDHE ciphersuite used. This is no problem per se, but if you can permit it, use an EC key exchange.

The config you post is correct to the level that it will generate a certificate based on Elliptic Curves. However it seems like Apache is serving an RSA certificate.

Improve this answer
8
  • Do you know what the problem could be? Firefox is using the correct key exchange Commented Dec 18, 2016 at 14:43
  • @EasyPeasy Firefox cannot use an ECDHE key exchange while Apache is doing an RSA. We have no info here so we can only guess. Try using OpenSSL s_client. Commented Dec 18, 2016 at 14:50
  • OpenSSL s_client --> OpenSSL s_client: SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Commented Dec 18, 2016 at 15:03
  • @EasyPeasy oke, so the Kex is ECDHE, but the certificate was generated with an RSA keypair. You should generate a EC keypair (ecparam) then convert the CSR into a CRT via the CA and you're good to go with an ECDSA. Commented Dec 18, 2016 at 15:05
  • 1
    @YorickdeWid: of course it is possible to combine ECDHE key exchange with RSA certificates. In fact this is probably the most common configuration for all sites which use PFS since ECDSA certificates are not that universally supported yet. While you need RSA certificate for RSA key exchange you can have ECDHE and DHE key exchanges with both RSA and ECDSA certificates. Commented Dec 18, 2016 at 15:31

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.