Bug report: Default TLS version needs to be greater then 1.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug report: Default TLS version needs to be greater then 1.1

Aryeh Friedman
As of the latest upgrade of Safari Apple now gives a warning dialog if a
site uses https with TLS 1.0 or 1.1 (as per the NSA directive to
discontinue all use of said versions).

Tomcat 9.0.35 (the latest available via ports on FreeBSD) defaults to TLS
1.1 when SSLProtocol="TLS".   As per the above warning in Safari and the
reason for it shouldn't Tomcat default to 1.2+ (I fixed it by adding
sslEnabledProtocols="TLSv1.2" which as far I was able to determine is not
documented anywhere except for the following on StackOverflow:
https://stackoverflow.com/questions/9749339/does-tomcat-support-tls-v1-2)

--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Reply | Threaded
Open this post in threaded view
|

Re: Bug report: Default TLS version needs to be greater then 1.1

Christopher Schultz-2

Aryeh,

On 1/12/21 14:00, Aryeh Friedman wrote:
> As of the latest upgrade of Safari Apple now gives a warning dialog if a
> site uses https with TLS 1.0 or 1.1 (as per the NSA directive to
> discontinue all use of said versions).

No directive from the US NSA. It's a recommendation. Apple and other
browser vendors apply their own policies for this kind of thing. As of
March 2020 (last year!), Firefox *disabled* TLSv1 and TLSv1.1 by
default, then backed-off because apparently COVID-19 interferes with
TLSv1.2 handshakes. Google deprecated those protocols a few months
earlier and now they are disabled.

> Tomcat 9.0.35 (the latest available via ports on FreeBSD) defaults to TLS
> 1.1 when SSLProtocol="TLS".

No, it doesn't. The default is to support TLSv1, TLSv1.1, TLSv1.2, and
TLSv1.3.

> As per the above warning in Safari and the reason for it shouldn't
> Tomcat default to 1.2+ (I fixed it by adding
> sslEnabledProtocols="TLSv1.2" which as far I was able to determine
> is not documented anywhere except for the following on StackOverflow:
>  
> https://stackoverflow.com/questions/9749339/does-tomcat-support-tls-v1-2)
It might surprise you to know that it's documented in Tomcat's user guide:
http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

The sslEnabledProtocols attribute on a <Connector> was replaced a long
time ago by the "protocols" attribute on an <SSLHostConfig>. It shoudl
continue to work, but you are encouraged to use the new-style
configuration as it's much more flexible and more obvious what's happening.

Note that the client is in full control of the client "hello" portion of
the TLS handshake where it advertises the protocol versions it wants to
use. If it doesn't advertise "TLSv1.2" then you probably won't get that
protocol.

What you have done is disable versions below TLSv1.2, which is why
Safari doesn't complain. My guess is that Safari tries the lowest
protocol it understands first instead of trying to connect using the
latest version first, and you see this error.

To answer your question/statement about changing the default "protocols"
to be TLSv1.2 (and not include the other protocols) in Tomcat, this is a
choice for administrators to make. Changing the default may cause a lot
of damage downstream.

That said, we should probably change the default for Tomcat 10+ to be
"TLSv1.2". I'll raise that on the dev@ list.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]