ECDHE Cipher not being displayed

Question

I am trying to fully support forward secrecy on my FreeBSD Apache 2.4.16 server. I am using the correct cipher suite as the same cipher order works correctly on a different FreeBSD server. However, when I attempt to SSL test the server, the ECDHE cipher suites do not appear, even though running openssl ciphers shows that they exist.

What could be the cause for this?

The configured ciphers are these:

SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

@StackzOfZtuff I just confirmed that it is an issue with Apache or Openssl, and not virtualhost specific. I installed a different certificate on a different subdomain, and the issue persists. — ashin999
– ashin999, Commented Mar 15, 2016 at 8:00

ashin999 · Accepted Answer · 2016-03-16 19:14:16Z

The root of the issue seems to occur with the mod_security2 2.9.0 module that I was using. It doesn't like ECDHE so it doesn't allow it.

Stack Exchange Network

ECDHE Cipher not being displayed

1 Answer 1

You must log in to answer this question.

Hot Network Questions

ECDHE Cipher not being displayed

1 Answer 1

You must log in to answer this question.

Related

Hot Network Questions