Why doesn't the TLS protocol work without the SSLv3 ciphersuites?
While disabling SSLv3 from our
ssl.conffiles to overcome the Poodle vulnerability, I also disabled the SSLv3 ciphers using
!SSLv3. With the ciphers disabled, we were not able to access the website through Firefox and IE. The following was the error message from Firefox:
An error occurred during a connection to xxxx.example.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
So we went back and enabled the SSLv3 ciphersuite and it all started working fine. Right now, the SSLv3 protocol is disabled, but the SSLv3 ciphers are enabled.
- Am I assuming correctly that we got the error with one of the browsers because TLS ciphers were not available in the browser?
- Is it possible that the protocol used is TLSv3, but the ciphers are of SSLv3?
SSLProtocol all -SSLv2 -SSLv3 #SSLProtocol -all +SSLv3 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW
We can upgrade the browsers at our office, but can't do that on our customer's machines. Is having SSLv3 protocol disabled, but with the ciphers enabled a recommended setup? In other words, are we okay with connecting through TLS with SSLv3 ciphers?
I presume from your
ssl.confsetting that you are using the
mod_sslmodule from Apache web server. This module relies on OpenSSL to provide the cryptography engine.
From the documentation on OpenSSL, it states:
Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1
You can confirm the above by running the following command:
$ openssl ciphers -v 'TLSv1' | sort ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1 ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1 ...
This means that if your configuration file excludes ciphersuite SSLv3, you are effectively removing support for TLSv1.0 too! That leaves you with ciphersuite TLSv1.2 only since support for SSLv2 has also been removed:
$ openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv3' | sort AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 ...
From the above, it is not hard to see why you should NOT remove SSLv3 from the ciphersuite. Disabling SSLv3 protocol is more than sufficient to protect your clients from POODLE vulnerability.
The error message you are experiencing is likely because you are using older browsers such as Firefox < 27.0 or Internet Explorer < 11.0 as these versions do not support TLSv1.2 by default.