tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <p...@jbgb.com>
Subject Re: refusing low-grade SSL connections
Date Mon, 22 Aug 2005 14:09:59 GMT
Mark Thomas wrote:

> Set the ciphers attribute on the connector. See 
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html

I knew of this attribute, but I didn't know which
strong ciphers were supported by Tomcat 5.5, but
thanks to serversniff.de, the answer (empirically)
seems to be

  EDH-RSA-DES-CBC3-SHA - 168 bit
  DES-CBC3-SHA - 168 bit
  DHE-RSA-AES128-SHA - 128 bit
  AES128-SHA - 128 bit
  RC4-SHA - 128 bit
  RC4-MD5 - 128 bit
  EDH-RSA-DES-CBC-SHA - 56 bit (!)
  DES-CBC-SHA - 56 bit (!)
  EXP-EDH-RSA-DES-CBC-SHA - 40 bit (!)
  EXP-DES-CBC-SHA - 40 bit (!)
  EXP-RC4-MD5 - 40 bit (!)

(the exclamation marks are serversniff's :-)

so I am proposing to add a Connector attribute

ciphers="EDH-RSA-DES-CBC3-SHA,DES-CBC3-SHA,DHE-RSA-AES128-SHA,AES128-SHA,RC4-SHA,RC4-MD5"

and hope that every legitimate client supports at least one
of these?

> Paul Singleton wrote:

>> According to the OWASP Web Application Penetration Checklist
>> (available from www.owasp.org), a secure application server
>> should:
>>
>>  * Ensure that supported SSL versions do not have
>>    cryptographic weaknesses. Typically, this means
>>    supporting SSL 3 and TLS 1.0 only.

Does a Connector attribute of

   sslProtocol="TLS"

force the use of TLS 1.0 only?  Or TLS 1.0 and SSL 3.0?

>>  * Ensure that the web server does not allow anonymous
>>    key exchange methods. Typically ADH Anonymous
>>    Diffie-Hellman.

Is is the case that

  EDH-RSA-DES-CBC3-SHA
  DHE-RSA-AES128-SHA

use ephemeral Diffie-Hellmann key exchange (as in "EDH" and
"DHE") etc., and that

  DES-CBC3-SHA - 168 bit
  AES128-SHA - 128 bit
  RC4-SHA - 128 bit
  RC4-MD5 - 128 bit

use RSA (by default)?

>>  * Ensure that weak algorithms are not available.
>>    Typically, algorithms such as RC2 and DES.

I can't see any RC2 algorithms in the list above, so I
guess we're OK there.  Both strong and weak DES algorithms
exist, so this requirement is a bit vague...

>>  * Ensure the web site uses an appropriate length key.
>>    Most web sites should enforce 128 bit encryption.

Would the ciphers attribute above guarantee this?

cheers

Paul Singleton


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date: 19/Aug/2005


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message