Assuming you’ve enabled SSL/TLS support on your Apache 2.2.x server(incorporated mod_ssl), you may want to force it to use a server side ordered list of cipher suites.
By default, the way the client lists the cipher suites within its Client Hello will influence on Apache the selection of the cipher suite used between the client and server.
This may not be desirable from a couple of reasons like performance issues[1] or the old Camellia cipher on Gentoo issue. [2]
The SSLCipherSuite directive is used to specify the cipher suites enabled on the server. You cannot dictate the preferred cipher suite with just the SSLCipherSuite directive.
You need to enable the SSLHonorCipherOrder directive(note that this is not available for Apache 2), the original bug for this directive can be seen within [4].
Example:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:AES128-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DES-CBC3-SHA
Enables on the server(under both SSL 3.0 and TLS 1.0 –> if Apache is not FIPS mode or so), in this order:
| Cipher Suite |
Hex Code |
Apache Cipher Suite Value |
| TLS_RSA_WITH_RC4_128_SHA |
0x0005 |
RC4-SHA |
| TLS_RSA_WITH_AES_128_CBC_SHA |
0x002F |
AES128-SHA |
| TLS_RSA_WITH_AES_256_CBC_SHA |
0x0035 |
AES256-SHA |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
0x0033 |
DHE-RSA-AES128-SHA |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
0x0039 |
DHE-RSA-AES256-SHA |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA |
0x000A |
DES-CBC3-SHA |
So you end up with performance(an RC4 based cipher suite is used as the most preferred cipher suite), compatibility with various types of clients(either FIPS constrained ones, old clients not supporting AES based ciphers suites or prefect forward secrecy constrained clients).
Note that for the “average server” the use of RC4 is fine in terms of security.
For more Apache cipher suites values see [5], as described there what can you use depends on the OpenSSL version available on your system.
References
[1] Overclocking SSL
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
[2] www-client/mozilla-firefox-3 prefers the unproven Camellia cipher with Apache on Gentoo
http://bugs.gentoo.org/show_bug.cgi?id=238604
[3] SSLHonorCipherOrder Directive
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder
[4] mod_ssl ignores server cipher preferences
https://issues.apache.org/bugzilla/show_bug.cgi?id=28665
[5] Common browsers/libraries/servers and the associated cipher suites implemented
http://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_annex_a1_main.htm