Re: tcnative CVE-2015-4000 (Logjam)
On 06/15/2015 09:50 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Arthur,
On 6/13/15 8:42 PM, Arthur Ramsey wrote:
I have working binaries for Linux x64 and Windows x64 if anyone
needs them.
Thanks for offering, but:
1. Anyone running Linux should be able to trivially build their own.
True, but there may be other locked into an older version of tomcat like
me, which requires some modifications to the latest 1.1.x. Here's the patch.
jni/native/include/ssl_private.h
85,87c85
#define SSL_PROTOCOL_TLSV1_1(13)
#define SSL_PROTOCOL_TLSV1_2(14)
#define SSL_PROTOCOL_ALL
(SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
---
#define SSL_PROTOCOL_ALL
(SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
jni/native/src/sslcontext.c
71,89c71
if (protocol == SSL_PROTOCOL_TLSV1_2) {
#ifdef SSL_OP_NO_TLSv1_2
if (mode == SSL_MODE_CLIENT)
ctx = SSL_CTX_new(TLSv1_2_client_method());
else if (mode == SSL_MODE_SERVER)
ctx = SSL_CTX_new(TLSv1_2_server_method());
else
ctx = SSL_CTX_new(TLSv1_2_method());
#endif
} else if (protocol == SSL_PROTOCOL_TLSV1_1) {
#ifdef SSL_OP_NO_TLSv1_1
if (mode == SSL_MODE_CLIENT)
ctx = SSL_CTX_new(TLSv1_1_client_method());
else if (mode == SSL_MODE_SERVER)
ctx = SSL_CTX_new(TLSv1_1_server_method());
else
ctx = SSL_CTX_new(TLSv1_1_method());
#endif
} else if (protocol == SSL_PROTOCOL_TLSV1) {
---
if (protocol == SSL_PROTOCOL_TLSV1) {
163,170d144
#ifdef SSL_OP_NO_TLSv1_1
if (!(protocol SSL_PROTOCOL_TLSV1_1))
SSL_CTX_set_options(c-ctx, SSL_OP_NO_TLSv1_1);
#endif
#ifdef SSL_OP_NO_TLSv1_2
if (!(protocol SSL_PROTOCOL_TLSV1_2))
SSL_CTX_set_options(c-ctx, SSL_OP_NO_TLSv1_2);
#endif
2. Anyone wanting Arthur's binaries should be absolutely sure they
trust him.
(No offense to Arthur, but accepting binaries from someone on a
mailing list is always a big of a red flag.) :)
Agreed, I probably wouldn't trust some random binary :P, but
documentation is fairly lacking on building tcnative for windows x64 and
it requires commercial software. I've built it before and had some
trouble building it from the branch. Any estimate on when 1.1.34
binaries will be released?
It should still work with newer versions of tomcat 7 providing the
SSLProtocol is set to TLSv1?
SSLProtocol should be set to TLSv1+TLSv1.1+TLSv1.2, but on certain
older versions of Tomcat 7 this won't work. I can't remember exactly
when we implemented this, and then there was a bug in the
implementation, etc., so you should just upgrade to 7.0.current which
definitely works as documented.
Yeah, I use 7.0.55 and TLSv1+TLSv1.1+TLSv1.2 only enables TLSv1. We
should update tomcat, but we are migrating to Wildfly anyway.
The Windows binary has SSLv2 and SSLv3 disabled at compile time.
Good, though lots and lots of people still need to support SSLv3.
- -chris
On 6/13/2015 3:30 PM, Arthur Ramsey wrote:
Building the latest from svn branch 1.1.x seems to work. I had
to do some modifications to get TLSv1.1 and TLSv1.2 when using
|SSLProtocol=all |because I'm using tomcat 7.0.55.
Thanks for the help, Arthur
On 6/11/2015 3:34 PM, Arthur Ramsey wrote:
On 06/11/2015 02:35 PM, Christopher Schultz wrote:
Arthur,
On 6/11/15 2:14 PM, Arthur Ramsey wrote:
Is anyone aware of a way to mitigate the Logjam attack
with tomcat 7 and java 7?
Disable DHE_EXPORT on the server?
I believe I have, but Qualys SSL Server Test still fails me
on the Logjam check.
SSLCipherSuite=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA
- -AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES12
8-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES1
28-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES25
6-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DH
E-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES
256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
I use tcnative and openssl-1.0.2a both compiled from
source in production today, but I would be open to JSSE
too. I believe I need Java 8 to mitigate CVE-2015-4000
with JSSE.
Why?
See
http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-gr
oup-in-java-sslengine-to-prevent-logjam-attack
I don't see anyway to use a unique 2048-bit or greater DH
group with tcnative currently.
I believe you are correct; there is a bug in BZ:
https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
It looks like 1.1.34 will have this feature. You can build the
current trunk of the 1.1 branch and probably be okay.
Thanks, I'll give it a try. Scary to use in production, but
it may be my best answer.
I'm not sure
Re: tcnative CVE-2015-4000 (Logjam)
I haven't that would have helped a while back. Did that exist back when Heartbleed was discovered? On 06/15/2015 10:28 AM, Mark Thomas wrote: On 15/06/2015 16:22, Arthur Ramsey wrote: snip/ Agreed, I probably wouldn't trust some random binary :P, but documentation is fairly lacking on building tcnative for windows x64 and it requires commercial software. Have you seen this? http://wiki.apache.org/tomcat/BuildTcNativeWin Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Arthur Ramsey Systems Administrator Mediture arthur_ram...@mediture.com 952.400.0323 This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyoffi...@mediture.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
I have working binaries for Linux x64 and Windows x64 if anyone needs them. It should still work with newer versions of tomcat 7 providing the SSLProtocol is set to TLSv1? The Windows binary has SSLv2 and SSLv3 disabled at compile time. On 6/13/2015 3:30 PM, Arthur Ramsey wrote: Building the latest from svn branch 1.1.x seems to work. I had to do some modifications to get TLSv1.1 and TLSv1.2 when using |SSLProtocol=all |because I'm using tomcat 7.0.55. Thanks for the help, Arthur On 6/11/2015 3:34 PM, Arthur Ramsey wrote: On 06/11/2015 02:35 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arthur, On 6/11/15 2:14 PM, Arthur Ramsey wrote: Is anyone aware of a way to mitigate the Logjam attack with tomcat 7 and java 7? Disable DHE_EXPORT on the server? I believe I have, but Qualys SSL Server Test still fails me on the Logjam check. SSLCipherSuite=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK I use tcnative and openssl-1.0.2a both compiled from source in production today, but I would be open to JSSE too. I believe I need Java 8 to mitigate CVE-2015-4000 with JSSE. Why? See http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-group-in-java-sslengine-to-prevent-logjam-attack I don't see anyway to use a unique 2048-bit or greater DH group with tcnative currently. I believe you are correct; there is a bug in BZ: https://bz.apache.org/bugzilla/show_bug.cgi?id=56108 It looks like 1.1.34 will have this feature. You can build the current trunk of the 1.1 branch and probably be okay. Thanks, I'll give it a try. Scary to use in production, but it may be my best answer. I'm not sure if there is anything I can do at compile time. I'd rather not change the cipher suites as I want to maintain browser support. You should disable EXPORT certificates no matter what. Or were you talking about the DH parameters? I was talking about DH parameters. My server configuration passed the Qualys SSL Server Test with flying colors until Logjam, so I would be worried about regressions on other security fixes if I used JSSE. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg 8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/ rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0 MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3 OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA XkCixeOIXgynHCDcWYDc =Lycq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Thanks, Arthur
Re: tcnative CVE-2015-4000 (Logjam)
Building the latest from svn branch 1.1.x seems to work. I had to do some modifications to get TLSv1.1 and TLSv1.2 when using |SSLProtocol=all |because I'm using tomcat 7.0.55. Thanks for the help, Arthur On 6/11/2015 3:34 PM, Arthur Ramsey wrote: On 06/11/2015 02:35 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arthur, On 6/11/15 2:14 PM, Arthur Ramsey wrote: Is anyone aware of a way to mitigate the Logjam attack with tomcat 7 and java 7? Disable DHE_EXPORT on the server? I believe I have, but Qualys SSL Server Test still fails me on the Logjam check. SSLCipherSuite=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK I use tcnative and openssl-1.0.2a both compiled from source in production today, but I would be open to JSSE too. I believe I need Java 8 to mitigate CVE-2015-4000 with JSSE. Why? See http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-group-in-java-sslengine-to-prevent-logjam-attack I don't see anyway to use a unique 2048-bit or greater DH group with tcnative currently. I believe you are correct; there is a bug in BZ: https://bz.apache.org/bugzilla/show_bug.cgi?id=56108 It looks like 1.1.34 will have this feature. You can build the current trunk of the 1.1 branch and probably be okay. Thanks, I'll give it a try. Scary to use in production, but it may be my best answer. I'm not sure if there is anything I can do at compile time. I'd rather not change the cipher suites as I want to maintain browser support. You should disable EXPORT certificates no matter what. Or were you talking about the DH parameters? I was talking about DH parameters. My server configuration passed the Qualys SSL Server Test with flying colors until Logjam, so I would be worried about regressions on other security fixes if I used JSSE. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg 8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/ rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0 MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3 OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA XkCixeOIXgynHCDcWYDc =Lycq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Thanks, Arthur
tcnative CVE-2015-4000 (Logjam)
Is anyone aware of a way to mitigate the Logjam attack with tomcat 7 and java 7? I use tcnative and openssl-1.0.2a both compiled from source in production today, but I would be open to JSSE too. I believe I need Java 8 to mitigate CVE-2015-4000 with JSSE. I don't see anyway to use a unique 2048-bit or greater DH group with tcnative currently. I'm not sure if there is anything I can do at compile time. I'd rather not change the cipher suites as I want to maintain browser support. My server configuration passed the Qualys SSL Server Test with flying colors until Logjam, so I would be worried about regressions on other security fixes if I used JSSE. Thanks, Arthur - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
On 06/11/2015 02:35 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arthur, On 6/11/15 2:14 PM, Arthur Ramsey wrote: Is anyone aware of a way to mitigate the Logjam attack with tomcat 7 and java 7? Disable DHE_EXPORT on the server? I believe I have, but Qualys SSL Server Test still fails me on the Logjam check. SSLCipherSuite=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK I use tcnative and openssl-1.0.2a both compiled from source in production today, but I would be open to JSSE too. I believe I need Java 8 to mitigate CVE-2015-4000 with JSSE. Why? See http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-group-in-java-sslengine-to-prevent-logjam-attack I don't see anyway to use a unique 2048-bit or greater DH group with tcnative currently. I believe you are correct; there is a bug in BZ: https://bz.apache.org/bugzilla/show_bug.cgi?id=56108 It looks like 1.1.34 will have this feature. You can build the current trunk of the 1.1 branch and probably be okay. Thanks, I'll give it a try. Scary to use in production, but it may be my best answer. I'm not sure if there is anything I can do at compile time. I'd rather not change the cipher suites as I want to maintain browser support. You should disable EXPORT certificates no matter what. Or were you talking about the DH parameters? I was talking about DH parameters. My server configuration passed the Qualys SSL Server Test with flying colors until Logjam, so I would be worried about regressions on other security fixes if I used JSSE. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg 8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/ rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0 MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3 OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA XkCixeOIXgynHCDcWYDc =Lycq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Thanks, Arthur - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
