Apache Httpd 无法使用 Cipher Suite Honor Order 设置启用 TLS1.0/1.1 支持

Question

My web server cannot open a TLSv1.0/1.1 connection. Due to the need to support older client versions. Accidentally found that no matter what settings are made, TLSv1.0/1.1 connections cannot be opened, and these two always disappear and appear at the same time.

The Apache2 version I'm using now is
Server version: Apache/2.4.55
Server built: 2023-01-20T06:45:57

The OpenSSL version I'm using now is
OpenSSL 1.1.1n 15 Mar 2022

When I try to remove all configuration about cipher suite, it can support TLS1.0/1.1/1.2/1.3 connection, like this： SSLEngine on
SSLCertificateFile "something.cer"
SSLCertificateKeyFile "something.key"

When I added the setting about SSL protocol, it also works fine.
SSLProtocol All -SSLv3 -SSLv2

At this point, my web server can provide eight TLS1.0/1.1 cipher suites, which are:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

At this time, it can also support three TLS1.3 cipher suites and about forty or fifty TLS1.2 cipher suites. When I check with Qualys SSL Labs it says "This server does not support Forward Secrecy with the reference browsers. Grade capped to B". Although supporting the old TLS protocol will also be downgraded to B, but I still try to fix the previous problem.

So I tried to add the following configuration items, then the problem came, my server no longer supports TLS1.0/1.1.

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA
SSLHonorCipherOrder On

I don't know why this happened, at first I thought it was part of the cipher suite I specified that didn't support TLS1.0. I checked one by one and found that in the TLS1.2 cipher suite list at this time, there are four of the previous eight.

Then I first tried to remove the last configuration, and my server supports TLS1.0/1.1 again. The cipher suites that appear are exactly the ones I found duplicated earlier. Then I tried to add this part again, but set SSLHonorCipherOrder off, it still works as before. I don't understand why my server cannot support TLS1.0/1.1 when the option of server preference is turned on.

Answer 1

The SSLHonorCipherOrder On setting means "ensure that the server's cipher preferences are followed instead of the client's". So if the client sends a mix of cipher sets, and the server list includes non-TLS1.0/1.1 sets earlier in the list, then it'll use these (and TLS1.2) in preference. Which actually is exactly what you're looking for: if the client supports a stronger protocol, it should use it.

You can use the openssl command line tool to quickly check if the server will accept a connection that supports only TLSv1.0:

openssl s_client -connect example.com:443 -tls1