tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Baron Fujimoto <ba...@hawaii.edu>
Subject Re: Restricting ciphers
Date Wed, 09 Jan 2013 22:22:27 GMT
On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko wrote:
>2013/1/9 Baron Fujimoto <baron@hawaii.edu>:
>> I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
>> My understanding is that the attack applies only to CBC ciphers, and that
>> RC4 ciphers are not vulnerable, so I am attempting to restrict the set of
>> ciphers that Tomcat uses with the following config for a connector:
>>
>>   <Connector protocol="HTTP/1.1" SSLEnabled="true"
>>              address="0.0.0.0"
>>              port="8443"
>>              maxThreads="150" scheme="https" secure="true"
>>              keystoreFile="/path/to/keystore"
>>              keystoreType="pkcs12"
>>              ciphers="TLS_RSA_WITH_RC4_128_SHA,
>>                       TLS_RSA_WITH_RC4_128_MD5,
>>                       SSL_CK_RC4_128_WITH_MD5"
>>              clientAuth="false" sslProtocol="TLS" />
>>
>> However, when I test this by attempting connections with a script[*] that
>> iterates through the set of ciphers available to openssl, it appears to
>> successfully connect with the following set of ciphers:
>>
>> AES128-SHA
>> DES-CBC-SHA
>> DES-CBC3-SHA
>> DHE-RSA-AES128-SHA
>> EDH-RSA-DES-CBC-SHA
>> EDH-RSA-DES-CBC3-SHA
>> EXP-DES-CBC-SHA
>> EXP-EDH-RSA-DES-CBC-SHA
>> EXP-RC4-MD5
>> EXP-RC4-MD5
>> RC4-MD5
>> RC4-MD5
>> RC4-SHA
>>
>> [*] The script basically parses the output of the following command:
>>     openssl s_client -cipher "$cipher" -connect $SERVER
>>
>> Am I misunderstanding the use of the "ciphers" parameter? Or is there
>> perhaps something in my testing methodology that accounts for these
>> unexpected results?  Any advice would be appreciated.
>>
>
>As can be seen from your usage of "keystoreType" attribute, you are
>using Java implementation of the Connector,  not openssl/APR one.
>
>You should look into Java documentation for their cipher names.
>
>See this thread from October 2009:
>http://markmail.org/message/zn4namfhypyxum23

Ahh, that was it! It did not occur to me that OpenSSL and Java might
name the ciphers differently.  If I restrict the ciphers to those
from the (differently named) set used by Java, it works as expected.
Mahalo!

  ciphers="SSL_RSA_WITH_RC4_128_MD5,
           SSL_RSA_WITH_RC4_128_SHA,
           TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
           TLS_ECDHE_RSA_WITH_RC4_128_SHA,
           TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
           TLS_ECDH_RSA_WITH_RC4_128_SHA"

-baron
-- 
Baron Fujimoto <baron@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message