tomcat 8.5 TLS cipher strings

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

tomcat 8.5 TLS cipher strings

Baron Fujimoto
We're running Tomcat 8.5, currently configured with the following OpenSSL cipher strings in our SSLHostConfig:

ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK"

However, SSLLabs' server test reports that the following available ciphers are weak:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Is there a cipher string that concisely includes these *_RSA_WITH_AES_*_CBC_SHA* ciphers that may be used to disallow them in the SSLHostConfig ciphers parameter? I didn't see one in the OpenSSL ciphers reference.

SSLLabs reports only the following available ciphers as non-weak:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Our ciphers are provided via Oracle's JDK 8.

--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: tomcat 8.5 TLS cipher strings

markt
On 14/11/2020 00:41, Baron Fujimoto wrote:

> We're running Tomcat 8.5, currently configured with the following
> OpenSSL cipher strings in our SSLHostConfig:
>
> ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK"
>
> However, SSLLabs' server test reports that the following available
> ciphers are weak:
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
>
> Is there a cipher string that concisely includes these
> *_RSA_WITH_AES_*_CBC_SHA* ciphers that may be used to disallow them in
> the SSLHostConfig ciphers parameter? I didn't see one in the OpenSSL
> ciphers reference.

Have you tried adding ":-AES:+AESGCM" to the cipher string you are
already using?

Mark


>
> SSLLabs reports only the following available ciphers as non-weak:
>
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> Our ciphers are provided via Oracle's JDK 8.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: tomcat 8.5 TLS cipher strings

Baron Fujimoto
On Mon, Nov 16, 2020 at 09:47:03AM +0000, Mark Thomas wrote:

>On 14/11/2020 00:41, Baron Fujimoto wrote:
>> We're running Tomcat 8.5, currently configured with the following
>> OpenSSL cipher strings in our SSLHostConfig:
>>
>> ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK"
>>
>> However, SSLLabs' server test reports that the following available
>> ciphers are weak:
>>
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
>>
>> Is there a cipher string that concisely includes these
>> *_RSA_WITH_AES_*_CBC_SHA* ciphers that may be used to disallow them in
>> the SSLHostConfig ciphers parameter? I didn't see one in the OpenSSL
>> ciphers reference.
>
>Have you tried adding ":-AES:+AESGCM" to the cipher string you are
>already using?

I hadn't (did I miss where these were documented somewhere?). However it seems like once I add "":-AES", tomcat fails to start with the following error:

17-Nov-2020 16:54:01.095 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
         org.apache.catalina.LifecycleException: Protocol handler initialization failed
                 at org.apache.catalina.connector.Connector.initInternal(Connector.java:1077)
                 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                 at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
                 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                 at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:848)
                 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                 at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
                 at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                 at java.lang.reflect.Method.invoke(Method.java:498)
                 at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
                 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
         Caused by: java.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : [[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_
CAMELLIA_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CAMELLI
A_256_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_CAMELL
IA_256_CBC_SHA, TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, TLS_
DHE_DSS_WITH_ARIA_128_GCM_SHA256, TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS
_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256]]
                 at org.apache.tomcat.util.net.SSLUtilBase.getEnabled(SSLUtilBase.java:149)
                 at org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:123)
                 at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:113)
                 at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:108)
                 at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(JSSEImplementation.java:50)
                 at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:89)
                 at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
                 at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:246)
                 at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1118)
                 at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
                 at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:587)
                 at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
                 at org.apache.catalina.connector.Connector.initInternal(Connector.java:1075)
                 ... 13 more

With just +AESGCM it starts up ok but seems to leave it with the original set of ciphers. It seems like -AES may be removing all ciphers and causing it to fail before +AESGCM restores the GCM subset of AES ciphers (if I understand the intent of those strings).

>
>Mark
>
>
>>
>> SSLLabs reports only the following available ciphers as non-weak:
>>
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>>
>> Our ciphers are provided via Oracle's JDK 8.

--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: tomcat 8.5 TLS cipher strings

markt
On 18/11/2020 03:07, Baron Fujimoto wrote:
> On Mon, Nov 16, 2020 at 09:47:03AM +0000, Mark Thomas wrote:

<snip/>

>> Have you tried adding ":-AES:+AESGCM" to the cipher string you are
>> already using?
>
> I hadn't (did I miss where these were documented somewhere?). However it
> seems like once I add "":-AES", tomcat fails to start with the following
> error:

Sorry, wrong information on my part. Try appending:

":-AES:AESGCM"

See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html

Tomcat aims to support the same set of options as the latest stable
OpenSSl release and to return the same set of ciphers for the same input.

Note that due to different defaults in different versions of OpenSSL as
well as support for ciphers being added/removed in some versions we only
aim to replicate the behaviour of the latest stable OpenSSL release
(currently 1.1.1h).

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: tomcat 8.5 TLS cipher strings

Baron Fujimoto
On Wed, Nov 18, 2020 at 04:45:05PM +0000, Mark Thomas wrote:

>On 18/11/2020 03:07, Baron Fujimoto wrote:
>> On Mon, Nov 16, 2020 at 09:47:03AM +0000, Mark Thomas wrote:
>
><snip/>
>
>>> Have you tried adding ":-AES:+AESGCM" to the cipher string you are
>>> already using?
>>
>> I hadn't (did I miss where these were documented somewhere?). However it
>> seems like once I add "":-AES", tomcat fails to start with the following
>> error:
>
>Sorry, wrong information on my part. Try appending:
>
>":-AES:AESGCM"
>
>See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
>
>Tomcat aims to support the same set of options as the latest stable
>OpenSSl release and to return the same set of ciphers for the same input.
>
>Note that due to different defaults in different versions of OpenSSL as
>well as support for ciphers being added/removed in some versions we only
>aim to replicate the behaviour of the latest stable OpenSSL release
>(currently 1.1.1h).

Mahalo, that did the trick!

--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]