tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Restricting ciphers
Date Thu, 10 Jan 2013 15:05:48 GMT

 terminology :
the X509 standard defines certificates, and RSA and DSA are two of the public key algorithms
that can be used in those certificates;
certificates are used to hold public keys, and never private keys.
PKCS#12 is a standard for a container which holds an X509 client certificates and  private
keys So, if you're examining a PKCS#12 file (typically .p12 extension or a .pfx extension),
then you already know:
It contains at least one X509 client certificate and
corresponding private keys.
All you don't know is whether those certificate & private key are RSA or DSA algorithms

You can check this by extracting the certificate(s), and then examine them:openssl pkcs12
-in mycert.p12 -clcerts -nokeys -out mycert.crt

openssl x509 -in mycert.crt -text
The text output of the openssl x509 command should include a Subject Public Key section, which
will include fields that let 

you see if it's an RSA or DSA key (along with the key size). http://stackoverflow.com/questions/1722181/determine-certificate-type
PublicKey Generation:
to generate a public-key from PKCS12 privateKeyAndX509Cert use openssl openssl pkcs12 -in
myFile.p12 -out myPublicKey.pem -clcerts -nokeys
https://ca.cern.ch/ca/Help/?kbid=023010 KeyAlgorithms:
KeyAlgorithms are categorised to their cipher-groups symmetric ciphers, public-key 
ciphers, and one-way hashing to list available ciphers within AES algorithm use openssl e.g.
openssl ciphers -v 'AES+HIGH'

cipherGroup is categorised by keysize within cipher-groups (usually a 4digit number which
is a power  of 2 e.g. 1024 and 2048)
http://www.gnupg.org/gph/en/manual.html#AEN185 each permutation of cipherGroup-KeySize is
further categorised according to implemented ModeOfOperation
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation 

ECB, CBC and PCBC are the usual choices for the optional ModeOfOperation parameter Determining
the ALGO-CIPHER supported by your key so we can see that public keys contain a algorithm-cipher
combination but how to determine the algo-cipher supported by your key:

keytool -list -v -keystore fubar.pfx -storetype PKCS12 Here is output:
Certificate fingerprints:
         MD5:           SHA1:          Signature algorithm name: SHA1withRSA Providers (SUN,
SunJCE, SunJSSE,SunRsaSign, IBMJSSE, bcprov-jdkNN-MMM) Lets stick with SunJSSE as our provider
supported ciphers will be those ciphers which match SHA1 with RSA from this list:
http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html so what you
are asking Tomcat Connector to do is

1)export contents of supplied keystoreFile key of keystoreType PKCS12

2)determine Signature algorithm name

3)aggregate cipherSuite by determining Signature specific supported ciphers from Signature
algorithm name from 
http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html
4)reference ciphers attribute from Tomcat <Connector

5)determine SignatureSpecificSupportedCiphers from 3) and implement ONLY those ciphers which
match exactly 
to the ciphers listed in Tomcat Connector 5)

(i have not seen this currently implemented)
Martin 
______________________________________________ 
do not alter or disrupt this transmission
 > Date: Thu, 10 Jan 2013 11:44:49 +0400
> Subject: Re: Restricting ciphers
> From: knst.kolinko@gmail.com
> To: users@tomcat.apache.org
> 
> 2013/1/10 Baron Fujimoto <baron@hawaii.edu>:
> > On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko wrote:
> >>2013/1/9 Baron Fujimoto <baron@hawaii.edu>:
> >>> I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
> >>> My understanding is that the attack applies only to CBC ciphers, and that
> >>> RC4 ciphers are not vulnerable, so I am attempting to restrict the set of
> >>> ciphers that Tomcat uses with the following config for a connector:
> >>>
> >>>   <Connector protocol="HTTP/1.1" SSLEnabled="true"
> >>>              address="0.0.0.0"
> >>>              port="8443"
> >>>              maxThreads="150" scheme="https" secure="true"
> >>>              keystoreFile="/path/to/keystore"
> >>>              keystoreType="pkcs12"
> >>>              ciphers="TLS_RSA_WITH_RC4_128_SHA,
> >>>                       TLS_RSA_WITH_RC4_128_MD5,
> >>>                       SSL_CK_RC4_128_WITH_MD5"
> >>>              clientAuth="false" sslProtocol="TLS" />
> >>>(...)
> >>>
> >>
> >>As can be seen from your usage of "keystoreType" attribute, you are
> >>using Java implementation of the Connector,  not openssl/APR one.
> >>
> >>You should look into Java documentation for their cipher names.
> >>
> >>See this thread from October 2009:
> >>http://markmail.org/message/zn4namfhypyxum23
> >
> > Ahh, that was it! It did not occur to me that OpenSSL and Java might
> > name the ciphers differently.  If I restrict the ciphers to those
> > from the (differently named) set used by Java, it works as expected.
> > Mahalo!
> >
> >   ciphers="SSL_RSA_WITH_RC4_128_MD5,
> >            SSL_RSA_WITH_RC4_128_SHA,
> >            TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> >            TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> >            TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> >            TLS_ECDH_RSA_WITH_RC4_128_SHA"
> >
> 
> Good.
> 
> I used your example to create a FAQ page,
> http://wiki.apache.org/tomcat/HowTo/SSLCiphers
> 
> Best regards,
> Konstantin Kolinko
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message