For apache (only 2.4, not 2.2), we'd like to be able to enable DHE-based ciphersuites for broader compatibility, like we do for nginx. Aside from tiny corner cases, this primarily affects Android 2.x and OpenSSL 0.9.8 clients (the latter being what a bunch of CLI tools on older linux installations might still be using). For services using 'compat' ciphersuites (virtually all of them), it would upgrade these clients to PFS. For those using 'mid' (just lists.wm.o so far, AFAIK), without DHE those clients can't actually connect at all.
Currently we universally disable the DHE suites for apache, though, for complex reasons:
- We don't want to turn them on without using a custom DH group instead of the static one (logjam, et al)
- Apache doesn't support custom DH groups until 2.4.7+ (so, jessie+ for us, which has 2.4.10)
- 2.4.7 introduced one ugly way to configure it: append the DH group to the server's certificate file
- 2.4.8 introduced a better way with an explicit config parameter (similar to nginx style), but the feature doesn't work unless apache is rebuilt against openssl-1.0.2, and jessie's stock apache isn't.
So there's two basic ways to go about fixing this:
- Similar to how we generate 'chained' certs in the sslcert module, also generate a copy of the cert with dhparams appended, e.g. /etc/ssl/localcerts/foo.plusdh.crt. Then go around to all the SSLCertificateFile directives in jessie-based public-facing apaches and switch them to that file reference, and set some new parameter in their ssl_ciphersuite() calls to allow DHE. Complex, and there's no good way to enforce that the former is in place when the latter is enabled.
- Re-build apache-2.4 for jessie-wikimedia using our existing openssl-1.0.2 package. Get the package upgraded on existing hosts. Then have ssl_ciphersuite assume DHE is ok on jessie+, and put the new directive into the file itself (as we do for nginx). Relatively painless on the puppet front, but means we have the pain of maintaining our own apache package for jessie forever (with no real diffs, just a dependency update for openssl-1.0.2).