Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Subject: Re: logjam attacks in tomcat 7
To: Tomcat Users List <users@tomcat.apache.org>
References: <BAY178-W14AE010A799863F16E2C37AC4C0@phx.gbl>
 <CAOUabB3Me6NCbfLS4D_nj3Zs-7HVv5JCT3y_xBoU=K6JxhwQSQ@mail.gmail.com>
 <BAY178-W40D2A639D73C0BDDDD6D9CAC4C0@phx.gbl> <560CD9D3.9080009@apache.org>
 <BAY178-W142119461F6D51E7E89ED8AC4C0@phx.gbl>
From: Christopher Schultz <chris@christopherschultz.net>
Message-id: <560D4476.70301@christopherschultz.net>
Date: Thu, 01 Oct 2015 10:34:30 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0)
 Gecko/20100101 Thunderbird/38.3.0
MIME-version: 1.0
In-reply-to: <BAY178-W142119461F6D51E7E89ED8AC4C0@phx.gbl>
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Rahul,

On 10/1/15 6:22 AM, Rahul Singh wrote:
> Ok Thanks for your quick response. Could you please tell me the
> size of cipher key mentioned below is it stronger than 1024?

> ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, 
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, 
> TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA"

Each one of the above is a separate cipher suite. You can Google for
each one of them to find out what they are, how many bits of
encryption the provide, etc.

Java itself is the source of the EDH/DHE ephemeral key. The way that
crypto works is that RSA is used for authentication (to verify that
the server's certificate is in fact signed by an appropriate CA, etc.)
but then an "ephemeral" (temporary) key is generated as part of the
handshake, and that key is not tied to the RSA key that is used for
the certificate. This is what provides "perfect forward secrecy"
because breaking the server's private (RSA) key does not automatically
unlock all recorded conversations that used that particular key for
the handshake.

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Certain versions of Java use weak keys using 1024-bit DH. Basically,
you need to upgrade to Java 8 in order for your encryption to use an
appropriate strength.

https://dzone.com/articles/wso2-products-resolving-err-ssl-weak-ephemera
l-dh

Use Java 8 and specify -Djdk.tls.ephemeralDHKeySize=2048 to get the
strongest EDH keys Java currently supports.

Now, having said that... you are only using ECDHE (Elliptic-curve EDH)
ciphers in your specified suites. These offer better
protection-per-key-bit than the non-EC EDH cipher suites. I actually
don't know why Chrome is complaining about the above configuration:
there are no non-EC EDH suites configured.

As a personal critique, I would say that your above cipher suites have
the following problems:

1. You have two cipher suites using the RC4 cipher. Remove these
unless you absolutely need to support old broken clients like MSIE6 on
Windows XP. ECDHE + RC4 is entirely unnecessary, since there are no
clients who support ECDHE but nothing better than RC4. Remove that at
once.

2. Prioritize the suites with higher key bit counts and larger hashes
(move them towards the front), unless performance is a significant
concern for you.

3. Consider adding cipher suites based upon 3DES for some variety.

- -chris

>> Subject: Re: logjam attacks in tomcat 7 To:
>> users@tomcat.apache.org From: markt@apache.org Date: Thu, 1 Oct
>> 2015 08:59:31 +0200
>> 
>> On 01/10/2015 07:08, Rahul Singh wrote:
>>> Yes i know this fix, i just want to know, waht is deafult
>>> cipher deatil, in my existing server.xml no cipher parameter
>>> value is mentioned.So please help me to understand the same.
>> 
>> To quote the documentation:
>> 
>> <quote> By default, the default ciphers for the JVM will be used.
>> Note that this usually means that the weak export grade ciphers
>> will be included in the list of available ciphers. </quote>
>> 
>> If you want to know what that means for the JVM you are using
>> then I strongly recommend this site:
>> 
>> https://www.ssllabs.com/ssltest/
>> 
>> Mark
>> 
>> 
>>> 
>>> 
>>> 
>>> 
>>>> Date: Thu, 1 Oct 2015 10:26:43 +0530 Subject: Re: logjam
>>>> attacks in tomcat 7 From: srikanth.hugar@gmail.com To:
>>>> users@tomcat.apache.org
>>>> 
>>>> Configuration like mentioned below should be able to resolve
>>>> your issue:
>>>> 
>>>> <Connector port="{{ https_port }}" 
>>>> protocol="org.apache.coyote.http11.Http11Protocol"
>>>> SSLEnabled="true" maxThreads="150" scheme="https"
>>>> secure="true" keystoreType="JKS"
>>>> keystoreFile="{{path_to_keystore}}" keystorePass="{{
>>>> keystore_password }}" clientAuth="false"
>>>> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" 
>>>> ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_A
ES_128_CBC_SHA,
>>>>
>>>> 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
>>>> TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RS
A_WITH_AES_256_CBC_SHA256,
>>>>
>>>> 
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
>>>> 
>>>> Srikanth Hugar www.gharki.com
>>>> 
>>>> 
>>>> 
>>>> On Thu, Oct 1, 2015 at 10:22 AM, Rahul Singh
>>>> <rksingh98@hotmail.com> wrote:
>>>> 
>>>>> Dear Tomcat Support Team,Thanks for your continuous
>>>>> support. In our Application Tomcat V 7.0.54 is used. We are
>>>>> facing the problem of "Server has a weak, ephemeral
>>>>> Diffie-Hellman public key 
>>>>> ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" In chrome browser. 
>>>>> Tomcat server .xml have following configuration, which does
>>>>> not contain chipher, it means it used default cipher. 
>>>>> ================================================================<C
onnector
>>>>>
>>>>> 
port="8585" minSpareThreads="5"                    enableLookups="true"
>>>>> redirectPort="8282"                    acceptCount="32" 
>>>>> connectionTimeout="60000"/> <Connector port="8282"
>>>>> minSpareThreads="5" SSLEnabled="true"
>>>>> enableLookups="true" acceptCount="32"  scheme="https"
>>>>> secure="true" clientAuth="false"
>>>>> sslEnabledProtocols="TLSv1.2" 
>>>>> algorithm="SunX509"/>=============================================
===================
>>>>>
>>>>> 
Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86_64
>>>>> u79-b14) So could ypu please assist me to understand the
>>>>> following things. 1- What value of default cipher is using
>>>>> in My application.2- Does it require to update for working
>>>>> with lates Browser chrome and fixing the "Diffie-Hellman"
>>>>> security issue. Regards,Rahul kumar Singh
>>> 
>>> 
>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDUR2AAoJEBzwKT+lPKRYrSAQAIuucIToOBYmzeRMh9RrdLD4
cKB7mGsLPsHpRXn2uXKx1ZAkxfl1gOeuwrUKJLYN4TbIiQ90rsOJo5yeyV68ukhQ
jMEMzBFaVcqh25ofH7VRMmj2EY6xrrjDkYjeOBF/crLDklrsdrFOjT7WdR0eW+BW
XJf/+Ytu9Oq/6RLZAjFfHPaV2+lCvsuLa2BsvbjdEl9Yahgu/oDlXWdYLDZFZs62
Q8guChEt5ZinPSkN2xTS7oM5KklT6lc76pkUnLsRn/FAlp7Nkf36ydAep/qcQVmN
SEZFyFEEUIaeBk9+KmTaKPYGVw5dFtSWf28yqUG+zb15A2mRqQzNeUzps7+gp3Dt
Anjbz52BfnIWO2aDdPHp0ctV8m0o9bZhUN53ehjvb6iNDOXIK3dG0pcvSddpSROH
1Ufnwhi+QqZUpoCc1ASoTy6iyMzeNGD+IQbvZ6W4B2YsAXItIX0ibdSyumSftfH0
mjCS7qPm7v4SZAb/JzqtvPNY39N9dx022CLJvgBBY/g2lKnBj4mDG8n4U66AIa+c
vflAVhOXHc31XO2Ba2Ep59hc+2tW0XZuoYeISJNhndr1p6mwjiiPmArn2t70qD3u
tLk5DNnUPn9mAReZTHsMtPXmacrmYR2V8EpLc/KBfiHbYNcMEcF14uqLUmgjrOEA
8EzMoU//XVokaqky3Vkx
=3Uu7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org