AnsweredAssumed Answered

How to enable Forward secrecy using Apache 2.2/OpenSSL 1.0.1 and Firefox 10 ESR?

Question asked by j-mailor on Jul 31, 2013

Hi,

in our company for one particular server we are using Apache httpd with OpenSSL. For our in house made application we are also distributing Firefox portable to end-users. We have also customized browser settings and are distributing to end users completely locked down browser in full-screen like mode. So end-user can't change any browser settings like changing URL address bar or similar (address bar and menu bar etc are hidden, proxy settings set, language variable set and many other little settings). Accessing our in-house made application by our in-house made customized browser is the only way this application is working, so accessing web application with other browser and application will not be working. So I only need to make as secure as possible to work this single browser version with our web server.

 

I would like to enable Forward secrecy in SSL. According to my understanding this is done specifying ciphers suites and respecting the cipher order. I was trying several different settings, but can't figure it out which of the cipher suite should I specify to have Forward secrecy and also to not compromise BEAST attack (so getting A grade on ssllabs.com/ssltest).

 

Can you please write some suggestion how to set SSLCipherSuite to have enabled Forward secrecy in my case?

By the way, this web server is not very busy, so I can afford additional CPU cycles for forward secrecy.

 

Bellow are detailed info about my system.

 

<see attached>

 

 

Thanks a lot.

Attachments

Outcomes