I been trying to create a key and certificate for apache web server than contains an https site. I been using Openssl (version 1.0.1f,g,h,i,q,t), and I can't create a certificate using cipher suite ECDHE-RSA-AES128-GCM-SHA256.
I use the folliwing code to setting up the cipher list:
openssl ciphers -v 'kEECDH+ECDSA kEDH +RSA !aNULL !eNULL !LOW !3DES !DES !RC2 !RC4 !EXP !DSS !IDEA !SRP !kECDH !MD5 !SEED !PSK !CAMELLIA'
And it's the result:
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
After that I been using the following commands to generate the certificate:
Step 1
openssl genpkey -algorithm RSA -outform PEM -out my-site.pem -pkeyopt rsa_keygen_bits:2048
Step 2
openssl req -new -sha256 -key my-site.pem -out my-site.csr
Step 3
openssl x509 -req -sha256 -days 1825 -in my-site.csr -signkey my-site.pem -out my-site.crt
When I install all files on apache, restart the server, and then chek out the results using Mozilla, I get the following result:
Encrypted connection(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
I'm confused about this because I have made many tests and read lots of information without getting a different result.
I appreciate any guidance!!
