tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Kreuser <l...@kreuser.name>
Subject Re: AW: Outbound SSL?
Date Sat, 01 Jun 2019 07:27:44 GMT
Chris, James

> Am 01.06.2019 um 02:30 schrieb Christopher Schultz <chris@christopherschultz.net>:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> James,
> 
>> On 5/31/19 18:41, James H. H. Lampert wrote:
>>> On 5/31/19, 3:34 AM, bernd.schatz@daimler.com wrote:
>>> You can run a small java program on your jvm to print out the
>>> supported And default protocols. Yet, I didn’t find a better
>>> way.
>>> 
>>> e.g. ==> 
>>> https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679
> 609085.html
>>> 
>> 
>>> 
>> If I set the same JAVA_HOME as Tomcat was launched under, and
>> compile and run "Ciphers.java" from the above site, on the customer
>> box, I get:
>> 
>>> Default Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SH *
>>> SSL_DHE_DSS_WITH_AES_128_CBC_SHA *
>>> SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 
>>> SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 *
>>> SSL_DHE_DSS_WITH_AES_256_CBC_SHA *
>>> SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 
>>> SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 SSL_DHE_DSS_WITH_DES_CBC_SHA 
>>> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA *
>>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA *
>>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 
>>> SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 *
>>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA *
>>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 
>>> SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 SSL_DHE_RSA_WITH_DES_CBC_SHA 
>>> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 
>>> SSL_DH_anon_WITH_AES_128_CBC_SHA 
>>> SSL_DH_anon_WITH_AES_128_CBC_SHA256 
>>> SSL_DH_anon_WITH_AES_128_GCM_SHA256 
>>> SSL_DH_anon_WITH_AES_256_CBC_SHA 
>>> SSL_DH_anon_WITH_AES_256_CBC_SHA256 
>>> SSL_DH_anon_WITH_AES_256_GCM_SHA384 SSL_DH_anon_WITH_DES_CBC_SHA 
>>> *       SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA *
>>> SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
>>> SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 *
>>> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA *
>>> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
>>> SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
>>> SSL_ECDHE_ECDSA_WITH_NULL_SHA *
>>> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA *
>>> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
>>> SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 *
>>> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA *
>>> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
>>> SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
>>> SSL_ECDHE_RSA_WITH_NULL_SHA *
>>> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA *
>>> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
>>> SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 *
>>> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA *
>>> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
>>> SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
>>> SSL_ECDH_ECDSA_WITH_NULL_SHA *
>>> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA *
>>> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 
>>> SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 *
>>> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA *
>>> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384 
>>> SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 SSL_ECDH_RSA_WITH_NULL_SHA 
>>> SSL_ECDH_anon_WITH_AES_128_CBC_SHA 
>>> SSL_ECDH_anon_WITH_AES_256_CBC_SHA SSL_ECDH_anon_WITH_NULL_SHA
>>> SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5 
>>> SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA SSL_KRB5_WITH_DES_CBC_MD5 
>>> SSL_KRB5_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 
>>> SSL_RSA_FIPS_WITH_DES_CBC_SHA *
>>> SSL_RSA_WITH_AES_128_CBC_SHA *
>>> SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_RSA_WITH_AES_128_GCM_SHA256 *
>>> SSL_RSA_WITH_AES_256_CBC_SHA *
>>> SSL_RSA_WITH_AES_256_CBC_SHA256 SSL_RSA_WITH_AES_256_GCM_SHA384 
>>> SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_NULL_MD5 
>>> SSL_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA256 *
>>> TLS_EMPTY_RENEGOTIATION_INFO_SCSV
> 
> Other than the fact that none of those start with TLS_ like all modern
> cipher suites do, the above looks okay.
> 

Crazy enough, but Google maps provides ciphers even for Java 6.

https://www.ssllabs.com/ssltest/analyze.html?d=maps.google.com&s=216.58.195.78&latest

So this would be the only strange but obvious difference. The list has EVEN ECDH, GCM, AES
256.

 
>> FOR COMPARISON PURPOSES, what we get on our box is:
>>> Default Cipher *       SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA *
>>> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA *
>>> SSL_DHE_DSS_WITH_AES_128_CBC_SHA *
>>> SSL_DHE_DSS_WITH_AES_256_CBC_SHA *
>>> SSL_DHE_DSS_WITH_DES_CBC_SHA *
>>> SSL_DHE_DSS_WITH_RC4_128_SHA *
>>> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA *
>>> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA *
>>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA *
>>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA *
>>> SSL_DHE_RSA_WITH_DES_CBC_SHA 
>>> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 
>>> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 
>>> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA 
>>> SSL_DH_anon_WITH_AES_128_CBC_SHA 
>>> SSL_DH_anon_WITH_AES_256_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA 
>>> SSL_DH_anon_WITH_RC4_128_MD5 SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5 
>>> SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA 
>>> SSL_KRB5_EXPORT_WITH_RC4_40_MD5 SSL_KRB5_EXPORT_WITH_RC4_40_SHA 
>>> SSL_KRB5_WITH_3DES_EDE_CBC_MD5 SSL_KRB5_WITH_3DES_EDE_CBC_SHA 
>>> SSL_KRB5_WITH_DES_CBC_MD5 SSL_KRB5_WITH_DES_CBC_SHA 
>>> SSL_KRB5_WITH_RC4_128_MD5 SSL_KRB5_WITH_RC4_128_SHA *
>>> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA *
>>> SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 *
>>> SSL_RSA_EXPORT_WITH_RC4_40_MD5 *
>>> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA *
>>> SSL_RSA_FIPS_WITH_DES_CBC_SHA *
>>> SSL_RSA_WITH_3DES_EDE_CBC_SHA *
>>> SSL_RSA_WITH_AES_128_CBC_SHA *
>>> SSL_RSA_WITH_AES_256_CBC_SHA *       SSL_RSA_WITH_DES_CBC_SHA 
>>> SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA *
>>> SSL_RSA_WITH_RC4_128_MD5 *       SSL_RSA_WITH_RC4_128_SHA
> 
> Almost all of the above cipher suites are useless.
> 
> Anything starting with SSL_*_DSS uses DSS authentication which is used
> by exactly nobody. Same thing with KRB5 -- nobody is being KErberos
> for TLS/SSL. Everyone uses either RSA or Elliptic Curve certificates.
> 
> Anything containing _anon_, EXPORT, FIPS, RC4, or MD5 should be
> eliminated as providing weak or actually-useless security.
> 
> Anything containing NULL means that there is no encryption. Duh.
> 
> So we are left with this list:
> 
>> *       SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA *
>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA *
>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA *
>> SSL_DHE_RSA_WITH_DES_CBC_SHA *
>> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA *
>> SSL_RSA_FIPS_WITH_DES_CBC_SHA *
>> SSL_RSA_WITH_3DES_EDE_CBC_SHA *       SSL_RSA_WITH_AES_128_CBC_SHA 
>> *       SSL_RSA_WITH_AES_256_CBC_SHA *
>> SSL_RSA_WITH_DES_CBC_SHA
> 
> All of those use SHA1 signatures which are no longer considered
> secure. That means that basically none of these cipher suites are
> acceptable for a modern security posture.
> 

+1 however that’s not James’ problem, I think. Customer box is the first list of ciphers.

> Here's what we have enabled at $work for production:
> 
> Supported Protocol Cipher
> Accepted  TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA
> Accepted  TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA256
> Accepted  TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA256
> Accepted  TLSv1.2 TLS_RSA_WITH_AES_128_GCM_SHA256
> Accepted  TLSv1.2 TLS_RSA_WITH_AES_256_GCM_SHA384
> Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Accepted  TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA
> Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> Accepted  TLSv1.1 TLS_RSA_WITH_AES_256_CBC_SHA
> Accepted  TLSv1.1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> Accepted  TLSv1.1 TLS_RSA_WITH_AES_128_CBC_SHA
> Accepted  TLSv1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Accepted    TLSv1 TLS_RSA_WITH_AES_256_CBC_SHA
> Accepted    TLSv1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> Accepted    TLSv1 TLS_RSA_WITH_AES_128_CBC_SHA
> Accepted    TLSv1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> 
> There are some cipher suites in there with _SHA at the end. Those are
> in there for ancient browsers that simply can't do modern protocols,
> and they are prioritized to the bottom of the list.
> 
> But everything else is pretty good IMO.
> 
> SSLLabs/Qualys still complains about every one of those except these two
> :
> 
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> 
> ... calling the others "weak". I think that's because they consider
> anytning that isn't using ECDHE+GCM to be "weak". Well, it's the best
> we can do right now without going up to TLSv1.3.
> 
> Anyhow, if the client (or the server) is being run with any decent
> kind of TLS configuration, then the second list of supported cipher
> suites shown above will simply not be able to connect.
> 
> Assuming that you are using the built-in Java JSSE provider, then the
> problem is that your Java version is just too old: you need a newer
> version of Java to get better cipher suites.
> 
> You never said what version(s) of Java you are using. You also didn't
> mention whether or not you had installed the "Unlimited Strength
> Cipher" patch that you really should install for older versions of
> Java. You have to re-install that patch every time you upgrade Java
> (until you get to a recent version, where they removed that stupid
> cipher strength limitation).
> 

James, the Java version would really help.

Then, even if good ciphers provided by Java, are they used in the connection? If the setter
does limit the cipher choice, or the protocol (IIRC that was the error message), bam, your
locked out. Are those parameters configurable (in a settings file)?

Peter

> Hope that helps,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzxxyoACgkQHPApP6U8
> pFhn8Q/9F/9bU3pTFeooxzR6oSCCy2J99jJWPP2gjtItszlA5qdimz8O+/kq9WiX
> mOEpmmzj1VvBODIcoaHW/p+nIFKuC2BuStWCrJo4VQ+7bL6ci4O5GkcifZLUKSuI
> Z6zAO22ZcbazmFW4spLZzpUVOtrZpYrWDG9Qwij/F8MGnFlUq1P0sTVbXwZ254cQ
> hRelsKxQMgd6yUrd4WLgJ81BZe4GPdLt1JjRTeF1j9wGUC++zNjNGsdJ/xYPh+ZN
> WbtpvklJ3N9o4F6S1FYr7c0IcQqsdk0cY6MizQyip9OrZBEfyKJ7y7kSfgIWZ8VR
> hCP6HHddOqR4mevaUXaCE4PFx8rzuDlroCrTwaiIkGoQkQfEkOWitZ+R8XQvUlt0
> d4GKetbP0xokXCLv3akmjCMqtxOgwgv3W2go/GvEwv2pqZMPQ36GxMr9TcHoUSLc
> TaZOVvUtc+OaKTijKQGvM4wOBEtK72xtpK7Z993aORx9ZwWCFTuGeaq3PYNX9Hps
> H6tvpM/FoMb6mnmDnCvJ+qANKh/T7MCyWCd3KKISmuyH4UPJJlXiqg5ipIXojqYU
> xzGV34kuM18F+zmNtBjhCrK9ULNFkxmsyrFXAcdB7f5ezTlwb7RKP/EI6vaeElAp
> m48mnUps58dzMkd/Ejd6vWQ7gSr1P++4kBESVXAbybgEqRdlnLc=
> =UCiO
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message