From users-return-267640-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Sat Jun 1 07:27:59 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 433CB18061A for ; Sat, 1 Jun 2019 09:27:59 +0200 (CEST) Received: (qmail 72954 invoked by uid 500); 1 Jun 2019 07:27:56 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 72943 invoked by uid 99); 1 Jun 2019 07:27:55 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 01 Jun 2019 07:27:55 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 634CB18106D for ; Sat, 1 Jun 2019 07:27:55 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.002 X-Spam-Level: ** X-Spam-Status: No, score=2.002 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id NQ9UCPAqu2lv for ; Sat, 1 Jun 2019 07:27:51 +0000 (UTC) Received: from mx2f0b.netcup.net (mx2f0b.netcup.net [188.68.47.11]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 429A55F25F for ; Sat, 1 Jun 2019 07:27:51 +0000 (UTC) Received: from [192.168.1.17] (p5DCC1505.dip0.t-ipconnect.de [93.204.21.5]) by mx2f0b.netcup.net (Postfix) with ESMTPSA id 3BE01120CBA; Sat, 1 Jun 2019 09:27:45 +0200 (CEST) Authentication-Results: mx2f0b; spf=pass (sender IP is 93.204.21.5) smtp.mailfrom=logo@kreuser.name smtp.helo=[192.168.1.17] Received-SPF: pass (mx2f0b: connection is authenticated) Content-Type: multipart/alternative; boundary=Apple-Mail-60C8F279-3DD1-4971-A535-AA88E7283316 Mime-Version: 1.0 (1.0) Subject: Re: AW: Outbound SSL? From: Peter Kreuser X-Mailer: iPhone Mail (16F203) In-Reply-To: <5b198f52-0904-1f13-4627-efc8cba2163a@christopherschultz.net> Date: Sat, 1 Jun 2019 09:27:44 +0200 Cc: "James H. H. Lampert" Content-Transfer-Encoding: 7bit Message-Id: <3198FF97-04F4-418A-9FB5-7F41E5890469@kreuser.name> References: <5CEED617.2000804@touchtonecorp.com> <834295A6-2CD1-4F5F-9BA2-F16D334B58F2@kreuser.name> <1d6e2a69d4f24bdb932156766dd8b4f7@DE36S004EXC1C.wp.corpintra.net> <5CF1ADB1.9030502@touchtonecorp.com> <5b198f52-0904-1f13-4627-efc8cba2163a@christopherschultz.net> To: Tomcat Users List X-PPP-Message-ID: <20190601072745.12087.35594@mx2f0b.netcup.net> X-PPP-Vhost: kreuser-online.de --Apple-Mail-60C8F279-3DD1-4971-A535-AA88E7283316 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Chris, James > Am 01.06.2019 um 02:30 schrieb Christopher Schultz : >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 >=20 > James, >=20 >> On 5/31/19 18:41, James H. H. Lampert wrote: >>> On 5/31/19, 3:34 AM, bernd.schatz@daimler.com wrote: >>> You can run a small java program on your jvm to print out the >>> supported And default protocols. Yet, I didn=E2=80=99t find a better >>> way. >>>=20 >>> e.g. =3D=3D>=20 >>> https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679 > 609085.html >>>=20 >>=20 >>>=20 >> If I set the same JAVA_HOME as Tomcat was launched under, and >> compile and run "Ciphers.java" from the above site, on the customer >> box, I get: >>=20 >>> Default Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SH * >>> SSL_DHE_DSS_WITH_AES_128_CBC_SHA * >>> SSL_DHE_DSS_WITH_AES_128_CBC_SHA256=20 >>> SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 * >>> SSL_DHE_DSS_WITH_AES_256_CBC_SHA * >>> SSL_DHE_DSS_WITH_AES_256_CBC_SHA256=20 >>> SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 SSL_DHE_DSS_WITH_DES_CBC_SHA=20 >>> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * >>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA * >>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA256=20 >>> SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 * >>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA * >>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA256=20 >>> SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 SSL_DHE_RSA_WITH_DES_CBC_SHA=20 >>> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA=20 >>> SSL_DH_anon_WITH_AES_128_CBC_SHA=20 >>> SSL_DH_anon_WITH_AES_128_CBC_SHA256=20 >>> SSL_DH_anon_WITH_AES_128_GCM_SHA256=20 >>> SSL_DH_anon_WITH_AES_256_CBC_SHA=20 >>> SSL_DH_anon_WITH_AES_256_CBC_SHA256=20 >>> SSL_DH_anon_WITH_AES_256_GCM_SHA384 SSL_DH_anon_WITH_DES_CBC_SHA=20 >>> * SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA * >>> SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256=20 >>> SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * >>> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA * >>> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384=20 >>> SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384=20 >>> SSL_ECDHE_ECDSA_WITH_NULL_SHA * >>> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA * >>> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256=20 >>> SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * >>> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA * >>> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384=20 >>> SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384=20 >>> SSL_ECDHE_RSA_WITH_NULL_SHA * >>> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA * >>> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256=20 >>> SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 * >>> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA * >>> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384=20 >>> SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384=20 >>> SSL_ECDH_ECDSA_WITH_NULL_SHA * >>> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA * >>> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256=20 >>> SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 * >>> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA * >>> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384=20 >>> SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 SSL_ECDH_RSA_WITH_NULL_SHA=20 >>> SSL_ECDH_anon_WITH_AES_128_CBC_SHA=20 >>> SSL_ECDH_anon_WITH_AES_256_CBC_SHA SSL_ECDH_anon_WITH_NULL_SHA >>> SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5=20 >>> SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA SSL_KRB5_WITH_DES_CBC_MD5=20 >>> SSL_KRB5_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA=20 >>> SSL_RSA_FIPS_WITH_DES_CBC_SHA * >>> SSL_RSA_WITH_AES_128_CBC_SHA * >>> SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_RSA_WITH_AES_128_GCM_SHA256 * >>> SSL_RSA_WITH_AES_256_CBC_SHA * >>> SSL_RSA_WITH_AES_256_CBC_SHA256 SSL_RSA_WITH_AES_256_GCM_SHA384=20 >>> SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_NULL_MD5=20 >>> SSL_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA256 * >>> TLS_EMPTY_RENEGOTIATION_INFO_SCSV >=20 > Other than the fact that none of those start with TLS_ like all modern > cipher suites do, the above looks okay. >=20 Crazy enough, but Google maps provides ciphers even for Java 6. https://www.ssllabs.com/ssltest/analyze.html?d=3Dmaps.google.com&s=3D216.58.= 195.78&latest So this would be the only strange but obvious difference. The list has EVEN E= CDH, GCM, AES 256. =20 >> FOR COMPARISON PURPOSES, what we get on our box is: >>> Default Cipher * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * >>> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA * >>> SSL_DHE_DSS_WITH_AES_128_CBC_SHA * >>> SSL_DHE_DSS_WITH_AES_256_CBC_SHA * >>> SSL_DHE_DSS_WITH_DES_CBC_SHA * >>> SSL_DHE_DSS_WITH_RC4_128_SHA * >>> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * >>> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * >>> SSL_DHE_RSA_WITH_AES_128_CBC_SHA * >>> SSL_DHE_RSA_WITH_AES_256_CBC_SHA * >>> SSL_DHE_RSA_WITH_DES_CBC_SHA=20 >>> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA=20 >>> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5=20 >>> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA=20 >>> SSL_DH_anon_WITH_AES_128_CBC_SHA=20 >>> SSL_DH_anon_WITH_AES_256_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA=20 >>> SSL_DH_anon_WITH_RC4_128_MD5 SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5=20 >>> SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA=20 >>> SSL_KRB5_EXPORT_WITH_RC4_40_MD5 SSL_KRB5_EXPORT_WITH_RC4_40_SHA=20 >>> SSL_KRB5_WITH_3DES_EDE_CBC_MD5 SSL_KRB5_WITH_3DES_EDE_CBC_SHA=20 >>> SSL_KRB5_WITH_DES_CBC_MD5 SSL_KRB5_WITH_DES_CBC_SHA=20 >>> SSL_KRB5_WITH_RC4_128_MD5 SSL_KRB5_WITH_RC4_128_SHA * >>> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA * >>> SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 * >>> SSL_RSA_EXPORT_WITH_RC4_40_MD5 * >>> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA * >>> SSL_RSA_FIPS_WITH_DES_CBC_SHA * >>> SSL_RSA_WITH_3DES_EDE_CBC_SHA * >>> SSL_RSA_WITH_AES_128_CBC_SHA * >>> SSL_RSA_WITH_AES_256_CBC_SHA * SSL_RSA_WITH_DES_CBC_SHA=20 >>> SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA * >>> SSL_RSA_WITH_RC4_128_MD5 * SSL_RSA_WITH_RC4_128_SHA >=20 > Almost all of the above cipher suites are useless. >=20 > Anything starting with SSL_*_DSS uses DSS authentication which is used > by exactly nobody. Same thing with KRB5 -- nobody is being KErberos > for TLS/SSL. Everyone uses either RSA or Elliptic Curve certificates. >=20 > Anything containing _anon_, EXPORT, FIPS, RC4, or MD5 should be > eliminated as providing weak or actually-useless security. >=20 > Anything containing NULL means that there is no encryption. Duh. >=20 > So we are left with this list: >=20 >> * SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_128_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_256_CBC_SHA * >> SSL_DHE_RSA_WITH_DES_CBC_SHA * >> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA * >> SSL_RSA_FIPS_WITH_DES_CBC_SHA * >> SSL_RSA_WITH_3DES_EDE_CBC_SHA * SSL_RSA_WITH_AES_128_CBC_SHA=20 >> * SSL_RSA_WITH_AES_256_CBC_SHA * >> SSL_RSA_WITH_DES_CBC_SHA >=20 > All of those use SHA1 signatures which are no longer considered > secure. That means that basically none of these cipher suites are > acceptable for a modern security posture. >=20 +1 however that=E2=80=99s not James=E2=80=99 problem, I think. Customer box i= s the first list of ciphers. > Here's what we have enabled at $work for production: >=20 > Supported Protocol Cipher > Accepted TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA > Accepted TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 > Accepted TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 > Accepted TLSv1.2 TLS_RSA_WITH_AES_128_GCM_SHA256 > Accepted TLSv1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 > Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > Accepted TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA > Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > Accepted TLSv1.1 TLS_RSA_WITH_AES_256_CBC_SHA > Accepted TLSv1.1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > Accepted TLSv1.1 TLS_RSA_WITH_AES_128_CBC_SHA > Accepted TLSv1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > Accepted TLSv1 TLS_RSA_WITH_AES_256_CBC_SHA > Accepted TLSv1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > Accepted TLSv1 TLS_RSA_WITH_AES_128_CBC_SHA > Accepted TLSv1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA >=20 > There are some cipher suites in there with _SHA at the end. Those are > in there for ancient browsers that simply can't do modern protocols, > and they are prioritized to the bottom of the list. >=20 > But everything else is pretty good IMO. >=20 > SSLLabs/Qualys still complains about every one of those except these two > : >=20 > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >=20 > ... calling the others "weak". I think that's because they consider > anytning that isn't using ECDHE+GCM to be "weak". Well, it's the best > we can do right now without going up to TLSv1.3. >=20 > Anyhow, if the client (or the server) is being run with any decent > kind of TLS configuration, then the second list of supported cipher > suites shown above will simply not be able to connect. >=20 > Assuming that you are using the built-in Java JSSE provider, then the > problem is that your Java version is just too old: you need a newer > version of Java to get better cipher suites. >=20 > You never said what version(s) of Java you are using. You also didn't > mention whether or not you had installed the "Unlimited Strength > Cipher" patch that you really should install for older versions of > Java. You have to re-install that patch every time you upgrade Java > (until you get to a recent version, where they removed that stupid > cipher strength limitation). >=20 James, the Java version would really help. Then, even if good ciphers provided by Java, are they used in the connection= ? If the setter does limit the cipher choice, or the protocol (IIRC that was= the error message), bam, your locked out. Are those parameters configurable= (in a settings file)? Peter > Hope that helps, > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ >=20 > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzxxyoACgkQHPApP6U8 > pFhn8Q/9F/9bU3pTFeooxzR6oSCCy2J99jJWPP2gjtItszlA5qdimz8O+/kq9WiX > mOEpmmzj1VvBODIcoaHW/p+nIFKuC2BuStWCrJo4VQ+7bL6ci4O5GkcifZLUKSuI > Z6zAO22ZcbazmFW4spLZzpUVOtrZpYrWDG9Qwij/F8MGnFlUq1P0sTVbXwZ254cQ > hRelsKxQMgd6yUrd4WLgJ81BZe4GPdLt1JjRTeF1j9wGUC++zNjNGsdJ/xYPh+ZN > WbtpvklJ3N9o4F6S1FYr7c0IcQqsdk0cY6MizQyip9OrZBEfyKJ7y7kSfgIWZ8VR > hCP6HHddOqR4mevaUXaCE4PFx8rzuDlroCrTwaiIkGoQkQfEkOWitZ+R8XQvUlt0 > d4GKetbP0xokXCLv3akmjCMqtxOgwgv3W2go/GvEwv2pqZMPQ36GxMr9TcHoUSLc > TaZOVvUtc+OaKTijKQGvM4wOBEtK72xtpK7Z993aORx9ZwWCFTuGeaq3PYNX9Hps > H6tvpM/FoMb6mnmDnCvJ+qANKh/T7MCyWCd3KKISmuyH4UPJJlXiqg5ipIXojqYU > xzGV34kuM18F+zmNtBjhCrK9ULNFkxmsyrFXAcdB7f5ezTlwb7RKP/EI6vaeElAp > m48mnUps58dzMkd/Ejd6vWQ7gSr1P++4kBESVXAbybgEqRdlnLc=3D > =3DUCiO > -----END PGP SIGNATURE----- >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org >=20 --Apple-Mail-60C8F279-3DD1-4971-A535-AA88E7283316--