This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new d7721e41d1 Be more explicit about security considerations for 
EncryptInterceptor
d7721e41d1 is described below

commit d7721e41d196b0ba8fa899a09373376bc511ece0
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jul 7 12:20:13 2026 +0100

    Be more explicit about security considerations for EncryptInterceptor
---
 webapps/docs/changelog.xml                  |  6 ++++++
 webapps/docs/config/cluster-interceptor.xml | 14 +++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 06b1344576..95ad3033dd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -318,6 +318,12 @@
         <code>AES/GCM/NoPadding</code>. (markt)
       </scode>
       <!-- Entries for backport and removal before 12.0.0-M1 below this line 
-->
+      <add>
+        Expand the documentation for the <code>EncryptInterceptor</code> to be
+        more explicit regarding the security weaknesses of some supported
+        algorithms. Also explicitly state that the replay protection is only
+        effective for non-malleable algorithms. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="WebSocket">
diff --git a/webapps/docs/config/cluster-interceptor.xml 
b/webapps/docs/config/cluster-interceptor.xml
index 12191fdeef..f3bbd22504 100644
--- a/webapps/docs/config/cluster-interceptor.xml
+++ b/webapps/docs/config/cluster-interceptor.xml
@@ -241,8 +241,16 @@
    <p>
      The EncryptInterceptor uses the timestamp of the message to provide replay
      protection. For this to be effective, clock skew between cluster nodes
-     should be minimised. If not, it is likely a high proportion of valid
-     messages will be rejected.
+     should be minimised. If the clock skew is not minimised, it is likely that
+     a high proportion of valid messages will be rejected.
+   </p>
+   <p>
+     The replay protection is only effective if the configured encryption
+     algorithm is not malleable. The default algorithm
+     (<code>AES/GCM/NoPadding</code>) is not malleable and replay protection
+     will be effective in the default configuration. Some supported algorithms 
-
+     such as <code>AES/CBC/PKCS5Padding</code> - are malleable and the replay
+     protection will not be effective with such algoriths.
    </p>
    <attributes>
      <attribute name="encryptionAlgorithm" required="false">
@@ -255,7 +263,7 @@
        <p>The EncryptInterceptor currently supports the following standard
        <a 
href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation";>block-cipher
 modes</a>:
        CBC, CFB, OFB and GCM. Of these, it is recommended that GCM is always
-       used.</p>
+       used due to security weaknesses with the other block-cipher modes.</p>
 
        <p>The length of the key will specify the flavor of the encryption
        algorithm to be used, if applicable (e.g. AES-128 versus AES-256).</p>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to