subject:"RE\: \[EXTERNAL\] Re\: Can Tomcat 9 be FIPS compliant without OpenSSL\?"

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-09 Thread Amit Pande

Thank you George for letting us know on 
-Dorg.bouncycastle.rsa.allow_multi_use=true" JVM option. Will explore this 
further and update the document 
(https://github.com/amitlpande/tomcat-9-fips/blob/master/README.md) 
appropriately. 

Albeit reluctantly, we have given in to use BCFIPS (over PKCS12) for our key 
stores as it is the only format meeting our FIPS requirements.

Thanks,
Amit

-Original Message-
From: George Stanchev  
Sent: Saturday, December 5, 2020 11:17 AM
To: Tomcat Users List 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Chris

-Original Message-
From: Christopher Schultz 
Sent: Friday, December 04, 2020 1:20 PM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?



> With the pluggability of Java's crypto interface, I seriously doubt 
> Oracle is going to certify a JCE module in the future, esp. with free 
> 3rd party solutions such as BCFIPS.

Is BC actually certified? It seems unlikely to me that a group of volunteers 
from Australia are going to bother to go through that module-certification 
process.

GS: While the project is open sourced they had a company (Crypto Workshop) that 
earned a living through paid support and consulting. They were recently 
acquired 
(https://www.prnewswire.com/news-releases/primekey-acquires-crypto-workshop-300988188.html).
 And yes they are certified 
(https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2768)
 and currently working on the next certification, expected out next year.




> I found it non-trivial and the toolsets to be very specific, and even 
> after following all instructions from several wikis and web pages I 
> kept running into issues resulting in overall failure.

Yes, the build process for OpenSSL is horrible. I have no idea why they decided 
to use Perl as their build system. On Windows? I have only tried to build the 
OpenSSL binary, not the FIPS-compliant module. Having done it on Linux (where 
it's "easy") I can say I'm glad I'm not responsible for doing it on Windows.

GS: Sadly, OpenSSL and the FIPS module built just fine. I forgot the details 
but it was the ARP or the tcnative itself that failed me. There is also a bug 
in OpenSSL or tomcat's glue code that if cacerts contain more than a certain 
number of certificates to fail the handshake with timeout 
(http://tomcat.10.x6.nabble.com/Client-Cert-TLS-issue-td5090609.html)

> Also, keep in mind that OpenSSL 1.0.1 is EOLed and the FIPS module is 
> only available for that version line. OpenSSL still produces security 
> fixes to paid support subscribers (we are) but they are not available 
> for the general public. OpenSSL 3.0 will have a refreshed re-certified 
> FIPS module but it is not due until later next year, so for now 
> general public is left hanging with the last public version of 
> 1.0.1+FIPS.

:(

This is why we can't have nice things.



> The workaround could be to use a different password based key 
> derivation function - PBKDF2. However, there is nothing in the PKCS12 
> spec that allows to encode another algorithm OID in MacData. In 
> essence, you cannot use any other algorithm other than the one defined 
> in spec which is not FIPS compliant.

And something which is ironically FIPS-compliant is to use a PEM file with no 
protection whatsoever.

GS: Well, the keys in the PEM files are still encrypted but you're right no 
protection of the overall container like in BCFKS or PKCS12

George

B CB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P X ]
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[ X ]
 \X K ܙ B 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-05 Thread George Stanchev

Chris

-Original Message-
From: Christopher Schultz  
Sent: Friday, December 04, 2020 1:20 PM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

> With the pluggability of Java's crypto interface, I seriously doubt 
> Oracle is going to certify a JCE module in the future, esp. with free 
> 3rd party solutions such as BCFIPS.

Is BC actually certified? It seems unlikely to me that a group of volunteers 
from Australia are going to bother to go through that module-certification 
process.

GS: While the project is open sourced they had a company (Crypto Workshop) that 
earned a living through paid support and consulting. They were recently 
acquired 
(https://www.prnewswire.com/news-releases/primekey-acquires-crypto-workshop-300988188.html).
 And yes they are certified 
(https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2768)
 and currently working on the next certification, expected out next year.

> I found it non-trivial and the toolsets to be very specific, and even 
> after following all instructions from several wikis and web pages I 
> kept running into issues resulting in overall failure.

Yes, the build process for OpenSSL is horrible. I have no idea why they decided 
to use Perl as their build system. On Windows? I have only tried to build the 
OpenSSL binary, not the FIPS-compliant module. Having done it on Linux (where 
it's "easy") I can say I'm glad I'm not responsible for doing it on Windows.

GS: Sadly, OpenSSL and the FIPS module built just fine. I forgot the details 
but it was the ARP or the tcnative itself that failed me. There is also a bug 
in OpenSSL or tomcat's glue code that if cacerts contain more than a certain 
number of certificates to fail the handshake with timeout 
(http://tomcat.10.x6.nabble.com/Client-Cert-TLS-issue-td5090609.html)

> Also, keep in mind that OpenSSL 1.0.1 is EOLed and the FIPS module is 
> only available for that version line. OpenSSL still produces security 
> fixes to paid support subscribers (we are) but they are not available 
> for the general public. OpenSSL 3.0 will have a refreshed re-certified 
> FIPS module but it is not due until later next year, so for now 
> general public is left hanging with the last public version of 
> 1.0.1+FIPS.

:(

This is why we can't have nice things.

> The workaround could be to use a different password based key 
> derivation function - PBKDF2. However, there is nothing in the PKCS12 
> spec that allows to encode another algorithm OID in MacData. In 
> essence, you cannot use any other algorithm other than the one defined 
> in spec which is not FIPS compliant.

And something which is ironically FIPS-compliant is to use a PEM file with no 
protection whatsoever.

GS: Well, the keys in the PEM files are still encrypted but you're right no 
protection of the overall container like in BCFKS or PKCS12

George

Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-04 Thread Christopher Schultz

George,

On 12/4/20 14:22, George Stanchev wrote:

-Original Message-
From: Christopher Schultz 
Sent: Friday, December 04, 2020 10:58 AM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

George,

On 12/3/20 21:59, George Stanchev wrote:

Java's FIPS mode is "expirmental" feature that was removed in later
Java versions. It was never certified (AFAIK).
I've always found conflicting information about whether or not 
Java's crypto module was FIPS-certified or not. Sun/Oracle have

documentation which suggests that, at least under some
configurations, it IS certified, but there is precious little
information about it.

I suspect you can pay Oracle to give you the magic that makes it
certified. I've never cared enough about it to actually try to find it
out. I find FIPS to be a useless requirement that doesn't add any
security beyond what usual best-practices would give you.

But I don't do work in intelligence or military applications, so I'm
allowed to thumb my nose at such things.

GS: IBM's JCE is FIPS-certified but not Oracle's. Also, we should
make a distinction between "certified" and "compliant".

Yes, thanks for pointing that out.

Certification is obtained by a long and laborious process by NIST.
Compliancy is mainly self reporting. Look here
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8217911 for
Oracle removing the "compliant" mode in Java 13. If you read through
the task, you will see it states "Legacy applications might have used
the experimental mode...". Me and you can have our opinions about
FIPS, but the reality is that if you want to sell to government
entities (and even some commercial entities) you really need FIPS
support in your product.

Sadly, yes.

With the pluggability of Java's crypto interface, I seriously doubt
Oracle is going to certify a JCE module in the future, esp. with free
3rd party solutions such as BCFIPS.

Is BC actually certified? It seems unlikely to me that a group of 
volunteers from Australia are going to bother to go through that 
module-certification process.

To me the only two viable options are via APR+OpenSSL 1.0.1/FIPS and BCFIPS.

NIO+JSSE/OpenSSL ought to be okay, theoretically. The 
"AprLifecycleListener" is a misnomer; it really should be the 
"TcnativeLivecycleListener". You can use it to configure OpenSSL

into FIPS mode and still use NIO+OpenSSL as your connector. >

>

GS: You are right, I might have misspoken by saying "APR". What I
really meant is you need to have OpenSSL as in tcnative. The problem
I faced back in the days was that the prebuilt binaries come with
regular, non-FIPS OpenSSL and despite my long efforts I was never
able to build it successfully and fully on Windows x64.
Oh. You're on Windows. You're right, that will suck. The binaries 
packaged by ASF are definitely not going to be FIPS-certified. You'll 
have to build your own and then dynamically-link it to tcnative during 
the build.

I found it non-trivial and the toolsets to be very specific, and even
after following all instructions from several wikis and web pages I
kept running into issues resulting in overall failure.
Yes, the build process for OpenSSL is horrible. I have no idea why they 
decided to use Perl as their build system. On Windows? I have only tried 
to build the OpenSSL binary, not the FIPS-compliant module. Having done 
it on Linux (where it's "easy") I can say I'm glad I'm not responsible 
for doing it on Windows.

Also, keep in mind that OpenSSL 1.0.1 is EOLed and the FIPS module 
is only available for that version line. OpenSSL still produces

security fixes to paid support subscribers (we are) but they are not
available for the general public. OpenSSL 3.0 will have a refreshed
re-certified FIPS module but it is not due until later next year, so
for now general public is left hanging with the last public version
of 1.0.1+FIPS.

:(

This is why we can't have nice things.

We have implemented the later and have ran into issues with RSA keys.
First the C# BCPROV doesn't support 4096 bit RSA keys

What? It's like the most popular configuration in the world right now.

I know you can read more about it here: 
https://github.com/bcgit/bc-java/issues/616

See... this is why I say that FIPS is sometimes bad: they specifically 
disallow large keys. And that's ... more secure? *Sigh*

(I know weird, but our config app is C# and we use BCFIPS/C# there)
but that's OK, you can use Windows CNG or CAPI but of course you have
to put the whole Windows in FIPS which is not prarctical all the time.

  >

But second, and most important BCFIPS implements stricter FIPS
requirement that an RSA key cannot be used for both encipherment and
signature and BCFIPS really tracks the usage.

That's appropriate, actually. What's the problem, there?

GS: See my next comment with a link to technical exp

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-04 Thread George Stanchev

-Original Message-
From: Christopher Schultz  
Sent: Friday, December 04, 2020 10:58 AM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

George,

On 12/3/20 21:59, George Stanchev wrote:
> Java's FIPS mode is "expirmental" feature that was removed in later 
> Java versions. It was never certified (AFAIK).
I've always found conflicting information about whether or not Java's crypto 
module was FIPS-certified or not. Sun/Oracle have documentation which suggests 
that, at least under some configurations, it IS certified, but there is 
precious little information about it.

I suspect you can pay Oracle to give you the magic that makes it certified. 
I've never cared enough about it to actually try to find it out. I find FIPS to 
be a useless requirement that doesn't add any security beyond what usual 
best-practices would give you.

But I don't do work in intelligence or military applications, so I'm allowed to 
thumb my nose at such things.

GS: IBM's JCE is FIPS-certified but not Oracle's. Also, we should make a 
distinction between "certified" and "compliant". Certification is obtained by a 
long and laborious process by NIST. Compliancy is mainly self reporting. Look 
here https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8217911 for Oracle 
removing the "compliant" mode in Java 13. If you read through the task, you 
will see it states "Legacy applications might have used the experimental 
mode...". Me and you can have our opinions about FIPS, but the reality is that 
if you want to sell to government entities (and even some commercial entities) 
you really need FIPS support in your product. With the pluggability of Java's 
crypto interface, I seriously doubt Oracle is going to certify a JCE module in 
the future, esp. with free 3rd party solutions such as BCFIPS.

> To me the only two viable options are via APR+OpenSSL 1.0.1/FIPS and BCFIPS.

NIO+JSSE/OpenSSL ought to be okay, theoretically. The
"AprLifecycleListener" is a misnomer; it really should be the 
"TcnativeLivecycleListener". You can use it to configure OpenSSL into FIPS mode 
and still use NIO+OpenSSL as your connector.

GS: You are right, I might have misspoken by saying "APR". What I really meant 
is you need to have OpenSSL as in tcnative. The problem I faced back in the 
days was that the prebuilt binaries come with regular, non-FIPS OpenSSL and 
despite my long efforts I was never able to build it successfully and fully on 
Windows x64. I found it non-trivial and the toolsets to be very specific, and 
even after following all instructions from several wikis and web pages I kept 
running into issues resulting in overall failure.  Also, keep in mind that 
OpenSSL 1.0.1 is EOLed and the FIPS module is only available for that version 
line. OpenSSL still produces security fixes to paid support subscribers (we 
are) but they are not available for the general public. OpenSSL 3.0 will have a 
refreshed re-certified FIPS module but it is not due until later next year, so 
for now general public is left hanging with the last public version of 
1.0.1+FIPS.

> We have implemented the later and have ran into issues with RSA keys.
> First the C# BCPROV doesn't support 4096 bit RSA keys
What? It's like the most popular configuration in the world right now.

I know you can read more about it here: 
https://github.com/bcgit/bc-java/issues/616

> (I know weird, but our config app is C# and we use BCFIPS/C# there) 
> but that's OK, you can use Windows CNG or CAPI but of course you have 
> to put the whole Windows in FIPS which is not prarctical all the time. 
> >
 >
> But second, and most important BCFIPS implements stricter FIPS 
> requirement that an RSA key cannot be used for both encipherment and 
> signature and BCFIPS really tracks the usage.

That's appropriate, actually. What's the problem, there?

GS: See my next comment with a link to technical explanation

> This, combined with the fact that Tomcat (8.5.someting about an year
> ago) doesn't really support multiple keys for SSL that can be 
> dynamically selected really leaves you with only DSA key.

I'm curious what version that is, because Tomcat will definitely select the 
appropriate certificate from a set of RSA/DSA/ECDSA-based certs.

GS: 
http://mail-archives.apache.org/mod_mbox/tomcat-users/201911.mbox/%3caa01aac6-fa82-a100-3d37-26b3521cb...@apache.org%3E
GS: I never had a time to formalize the patch, to submit a BZ and attach it, 
which is a shame. I should perhaps do this

> Now, BC does support a system property to disable this FIPS 
> requirement but now you are not FIPS compliant, strictly speaking.
Well... FIPS is all about strictness. You can certainly use the OpenSSL FIPS 
module without entering FIPS mode, but, well, then you aren't actually using 
the FIPS module,

Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-04 Thread Christopher Schultz


George,

On 12/3/20 21:59, George Stanchev wrote:

Java's FIPS mode is "expirmental" feature that was removed in later
Java versions. It was never certified (AFAIK).
I've always found conflicting information about whether or not Java's 
crypto module was FIPS-certified or not. Sun/Oracle have documentation 
which suggests that, at least under some configurations, it IS 
certified, but there is precious little information about it.


I suspect you can pay Oracle to give you the magic that makes it 
certified. I've never cared enough about it to actually try to find it 
out. I find FIPS to be a useless requirement that doesn't add any 
security beyond what usual best-practices would give you.


But I don't do work in intelligence or military applications, so I'm 
allowed to thumb my nose at such things.



To me the only two viable options are via APR+OpenSSL 1.0.1/FIPS and BCFIPS.


NIO+JSSE/OpenSSL ought to be okay, theoretically. The 
"AprLifecycleListener" is a misnomer; it really should be the 
"TcnativeLivecycleListener". You can use it to configure OpenSSL into 
FIPS mode and still use NIO+OpenSSL as your connector.



We have implemented the later and have ran into issues with RSA keys.
First the C# BCPROV doesn't support 4096 bit RSA keys

What? It's like the most popular configuration in the world right now.


(I know weird, but our config app is C# and we use BCFIPS/C# there)
but that's OK, you can use Windows CNG or CAPI but of course you have
to put the whole Windows in FIPS which is not prarctical all the
time. >

>

But second, and most important BCFIPS implements stricter FIPS
requirement that an RSA key cannot be used for both encipherment and
signature and BCFIPS really tracks the usage.

That's appropriate, actually. What's the problem, there?


This, combined with the fact that Tomcat (8.5.someting about an year
ago) doesn't really support multiple keys for SSL that can be
dynamically selected really leaves you with only DSA key.
I'm curious what version that is, because Tomcat will definitely select 
the appropriate certificate from a set of RSA/DSA/ECDSA-based certs.



Now, BC does support a system property to disable this FIPS
requirement but now you are not FIPS compliant, strictly speaking.
Well... FIPS is all about strictness. You can certainly use the OpenSSL 
FIPS module without entering FIPS mode, but, well, then you aren't 
actually using the FIPS module, then, are you.


"
Man: We have the most sophisticated door-locks money can buy!
Woman: Who has access to the keys?
Man: It's super secure! Nobody has access to the the keys because we 
never engage the locks!

"


Which, as FIPS-compliancy goes, might or might not be a problem as it
is really a self-reporting. Also, no way to get PKCS12 keystores in
FIPS mode so you're stuck with BCKFS or PEMs.

I didn't realize tat PKCS12 doesn't work in FIPS mode. Why not?

Thanks,
-chris


-Original Message-
From: Amit Pande 
Sent: Tuesday, November 24, 2020 9:31 AM
To: Tomcat Users List ; Avik Ray 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

Did you happen to try out the steps in README 
https://github.com/amitlpande/tomcat-9-fips here? I am looking for feedback 
from the community before I could add these steps (and some more) on Tomcat 
Security FAQ page. So, really appreciate your (and others') feedback.

The steps above rely purely on JSSE and JCA/JCE providers, no OpenSSL use.

These steps will enable a plain vanilla Tomcat to run in FIPS compliant mode. 
And as Chris mentioned below, we need to ensure any web app deployed within the 
Tomcat use FIPS compliant constructs.

Thanks,
Amit

-Original Message-
From: Christopher Schultz 
Sent: Friday, November 6, 2020 3:40 PM
To: Tomcat Users List ; Avik Ray 
Subject: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

On 11/6/20 14:50, Avik Ray wrote:

Thanks a lot Anil for the detailed readme, and Martin for pointing me to it.

We have done most of these configs. Are these steps sufficient to
ensure that all incoming and outgoing TLS connections are FIPS compliant?


This isn't something that the Tomcat community can really comment on. If you 
have a requirement to be FIPS-compliant, then you will need to evaluate whether 
of not you have met that requirement yourself.


Or is there also a need to compile an APR connector with an underlying
implementation of openssl?


You do not NEED to do this, but it is a possibility that will allow you to definitely put 
the crypto engine into "FIPS mode".


Is the APR approach just an alternative to the JSSE approach covered
in Anil's readme, and both hold equally good to be FIPS compliant?


Theoretically, yes.

It's also possible, I believe, to make The Sun/Oracle JSSE provider FIPS 
compliant. Hmm maybe not: https://stackoverflow.com/a/5047855/276232
(FYI Stephen Colebourne tends to know what h

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-03 Thread George Stanchev

You can add this to your guide and perhaps a little explanation:

Add this to your JAVA_OPTS: -Dorg.bouncycastle.rsa.allow_multi_use=true

Otherwise you're doomed to run into weird random and failures depending on what 
cipher suite your browser and server agree on which believe me, combined with 
the BCFIPS's atrocious logging levels can be quite hard to troubleshoot. But if 
you enable that...well technically you break out of FIPS compliance. The other 
option is to remove all RSA-based suites from your server's list so you don't 
run into the issue or always run with DSA keys

George

-Original Message-
From: George Stanchev
Sent: Thursday, December 03, 2020 7:59 PM
To: Tomcat Users List ; Avik Ray 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Java's FIPS mode is "expirmental" feature that was removed in later Java 
versions. It was never certified (AFAIK). To me the only two viable options are 
via APR+OpenSSL 1.0.1/FIPS and BCFIPS. We have implemented the later and have 
ran into issues with RSA keys. First the C# BCPROV doesn't support 4096 bit RSA 
keys (I know weird, but our config app is C# and we use BCFIPS/C# there) but 
that's OK, you can use Windows CNG or CAPI but of course you have to put the 
whole Windows in FIPS which is not prarctical all the time. But second, and 
most important BCFIPS implements stricter FIPS requirement that an RSA key 
cannot be used for both encipherment and signature and BCFIPS really tracks the 
usage. This, combined with the fact that Tomcat (8.5.someting about an year 
ago) doesn't really support multiple keys for SSL that can be dynamically 
selected really leaves you with only DSA key. Now, BC does support a system 
property to disable this FIPS requirement but now you are not FIPS compliant, 
strictly speaking. Which, as FIPS-compliancy goes, might or might not be a 
problem as it is really a self-reporting. Also, no way to get PKCS12 keystores 
in FIPS mode so you're stuck with BCKFS or PEMs.

George

-Original Message-
From: Amit Pande 
Sent: Tuesday, November 24, 2020 9:31 AM
To: Tomcat Users List ; Avik Ray 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

Did you happen to try out the steps in README 
https://github.com/amitlpande/tomcat-9-fips here? I am looking for feedback 
from the community before I could add these steps (and some more) on Tomcat 
Security FAQ page. So, really appreciate your (and others') feedback.

The steps above rely purely on JSSE and JCA/JCE providers, no OpenSSL use.

These steps will enable a plain vanilla Tomcat to run in FIPS compliant mode. 
And as Chris mentioned below, we need to ensure any web app deployed within the 
Tomcat use FIPS compliant constructs.

Thanks,
Amit

-Original Message-
From: Christopher Schultz 
Sent: Friday, November 6, 2020 3:40 PM
To: Tomcat Users List ; Avik Ray 
Subject: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

On 11/6/20 14:50, Avik Ray wrote:
> Thanks a lot Anil for the detailed readme, and Martin for pointing me to it.
> 
> We have done most of these configs. Are these steps sufficient to 
> ensure that all incoming and outgoing TLS connections are FIPS compliant?

This isn't something that the Tomcat community can really comment on. If you 
have a requirement to be FIPS-compliant, then you will need to evaluate whether 
of not you have met that requirement yourself.

> Or is there also a need to compile an APR connector with an underlying 
> implementation of openssl?

You do not NEED to do this, but it is a possibility that will allow you to 
definitely put the crypto engine into "FIPS mode".

> Is the APR approach just an alternative to the JSSE approach covered 
> in Anil's readme, and both hold equally good to be FIPS compliant?

Theoretically, yes.

It's also possible, I believe, to make The Sun/Oracle JSSE provider FIPS 
compliant. Hmm maybe not: https://stackoverflow.com/a/5047855/276232
(FYI Stephen Colebourne tends to know what he's talking about.) It's a little 
unclear to me whether or not this is possible, while OpenSSL has very good 
documentation for how to build a FIPS-compliant binary library and then put it 
in the right mode.

How FIPS-compliant do you actually need to be? It's pretty trivial to make sure 
that you support certain algorithms, etc. and that you disable other ones. 
FIPS, however, technically requires that you enable certain algorithms that 
really should no longer be used. These days, strict FIPS compliance is IMHO a 
risk to be avoided.

-chris

> On Fri, 6 Nov, 2020, 12:51 Martin Grigorov,  wrote:
> 
>> Hi,
>>
>> On Fri, Nov 6, 2020 at 8:57 AM Avik Ray  wrote:
>>
>>> Dear team,
>>> Sending this query again after subscribing to the mailing list. Sent 
>>> it originally 3 days back, but just saw an error response in the 
>&g

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-03 Thread George Stanchev

You can add this to your guide and perhaps a little explanation:

Add this to your JAVA_OPTS: -Dorg.bouncycastle.rsa.allow_multi_use=true

Otherwise you're doomed to run into weird random and failures depending on what 
cipher suite your browser and server agree on which believe me, combined with 
the BCFIPS's atrocious logging levels can be quite hard to troubleshoot. But if 
you enable that...well technically you break out of FIPS compliance. The other 
option is to remove all RSA-based suites from your server's list so you don't 
run into the issue or always run with DSA keys

George

-Original Message-
From: George Stanchev 
Sent: Thursday, December 03, 2020 7:59 PM
To: Tomcat Users List ; Avik Ray 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Java's FIPS mode is "expirmental" feature that was removed in later Java 
versions. It was never certified (AFAIK). To me the only two viable options are 
via APR+OpenSSL 1.0.1/FIPS and BCFIPS. We have implemented the later and have 
ran into issues with RSA keys. First the C# BCPROV doesn't support 4096 bit RSA 
keys (I know weird, but our config app is C# and we use BCFIPS/C# there) but 
that's OK, you can use Windows CNG or CAPI but of course you have to put the 
whole Windows in FIPS which is not prarctical all the time. But second, and 
most important BCFIPS implements stricter FIPS requirement that an RSA key 
cannot be used for both encipherment and signature and BCFIPS really tracks the 
usage. This, combined with the fact that Tomcat (8.5.someting about an year 
ago) doesn't really support multiple keys for SSL that can be dynamically 
selected really leaves you with only DSA key. Now, BC does support a system 
property to disable this FIPS requirement but now you are not FIPS compliant, 
strictly speaking. Which, as FIPS-compliancy goes, might or might not be a 
problem as it is really a self-reporting. Also, no way to get PKCS12 keystores 
in FIPS mode so you're stuck with BCKFS or PEMs.

George

-Original Message-
From: Amit Pande 
Sent: Tuesday, November 24, 2020 9:31 AM
To: Tomcat Users List ; Avik Ray 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

Did you happen to try out the steps in README 
https://github.com/amitlpande/tomcat-9-fips here? I am looking for feedback 
from the community before I could add these steps (and some more) on Tomcat 
Security FAQ page. So, really appreciate your (and others') feedback.

The steps above rely purely on JSSE and JCA/JCE providers, no OpenSSL use.

These steps will enable a plain vanilla Tomcat to run in FIPS compliant mode. 
And as Chris mentioned below, we need to ensure any web app deployed within the 
Tomcat use FIPS compliant constructs.

Thanks,
Amit

-Original Message-
From: Christopher Schultz 
Sent: Friday, November 6, 2020 3:40 PM
To: Tomcat Users List ; Avik Ray 
Subject: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

On 11/6/20 14:50, Avik Ray wrote:
> Thanks a lot Anil for the detailed readme, and Martin for pointing me to it.
> 
> We have done most of these configs. Are these steps sufficient to 
> ensure that all incoming and outgoing TLS connections are FIPS compliant?

This isn't something that the Tomcat community can really comment on. If you 
have a requirement to be FIPS-compliant, then you will need to evaluate whether 
of not you have met that requirement yourself.

> Or is there also a need to compile an APR connector with an underlying 
> implementation of openssl?

You do not NEED to do this, but it is a possibility that will allow you to 
definitely put the crypto engine into "FIPS mode".

> Is the APR approach just an alternative to the JSSE approach covered 
> in Anil's readme, and both hold equally good to be FIPS compliant?

Theoretically, yes.

It's also possible, I believe, to make The Sun/Oracle JSSE provider FIPS 
compliant. Hmm maybe not: https://stackoverflow.com/a/5047855/276232
(FYI Stephen Colebourne tends to know what he's talking about.) It's a little 
unclear to me whether or not this is possible, while OpenSSL has very good 
documentation for how to build a FIPS-compliant binary library and then put it 
in the right mode.

How FIPS-compliant do you actually need to be? It's pretty trivial to make sure 
that you support certain algorithms, etc. and that you disable other ones. 
FIPS, however, technically requires that you enable certain algorithms that 
really should no longer be used. These days, strict FIPS compliance is IMHO a 
risk to be avoided.

-chris

> On Fri, 6 Nov, 2020, 12:51 Martin Grigorov,  wrote:
> 
>> Hi,
>>
>> On Fri, Nov 6, 2020 at 8:57 AM Avik Ray  wrote:
>>
>>> Dear team,
>>> Sending this query again after subscribing to the mailing list. Sent 
>>> it originally 3 days back, but just saw an error response in the 
>&g

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-12-03 Thread George Stanchev

Java's FIPS mode is "expirmental" feature that was removed in later Java 
versions. It was never certified (AFAIK). To me the only two viable options are 
via APR+OpenSSL 1.0.1/FIPS and BCFIPS. We have implemented the later and have 
ran into issues with RSA keys. First the C# BCPROV doesn't support 4096 bit RSA 
keys (I know weird, but our config app is C# and we use BCFIPS/C# there) but 
that's OK, you can use Windows CNG or CAPI but of course you have to put the 
whole Windows in FIPS which is not prarctical all the time. But second, and 
most important BCFIPS implements stricter FIPS requirement that an RSA key 
cannot be used for both encipherment and signature and BCFIPS really tracks the 
usage. This, combined with the fact that Tomcat (8.5.someting about an year 
ago) doesn't really support multiple keys for SSL that can be dynamically 
selected really leaves you with only DSA key. Now, BC does support a system 
property to disable this FIPS requirement but now you are not FIPS compliant, 
strictly speaking. Which, as FIPS-compliancy goes, might or might not be a 
problem as it is really a self-reporting. Also, no way to get PKCS12 keystores 
in FIPS mode so you're stuck with BCKFS or PEMs.

George

-Original Message-
From: Amit Pande  
Sent: Tuesday, November 24, 2020 9:31 AM
To: Tomcat Users List ; Avik Ray 
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

Did you happen to try out the steps in README 
https://github.com/amitlpande/tomcat-9-fips here? I am looking for feedback 
from the community before I could add these steps (and some more) on Tomcat 
Security FAQ page. So, really appreciate your (and others') feedback.

The steps above rely purely on JSSE and JCA/JCE providers, no OpenSSL use.

These steps will enable a plain vanilla Tomcat to run in FIPS compliant mode. 
And as Chris mentioned below, we need to ensure any web app deployed within the 
Tomcat use FIPS compliant constructs.

Thanks,
Amit

-Original Message-
From: Christopher Schultz 
Sent: Friday, November 6, 2020 3:40 PM
To: Tomcat Users List ; Avik Ray 
Subject: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

On 11/6/20 14:50, Avik Ray wrote:
> Thanks a lot Anil for the detailed readme, and Martin for pointing me to it.
> 
> We have done most of these configs. Are these steps sufficient to 
> ensure that all incoming and outgoing TLS connections are FIPS compliant?

This isn't something that the Tomcat community can really comment on. If you 
have a requirement to be FIPS-compliant, then you will need to evaluate whether 
of not you have met that requirement yourself.

> Or is there also a need to compile an APR connector with an underlying 
> implementation of openssl?

You do not NEED to do this, but it is a possibility that will allow you to 
definitely put the crypto engine into "FIPS mode".

> Is the APR approach just an alternative to the JSSE approach covered 
> in Anil's readme, and both hold equally good to be FIPS compliant?

Theoretically, yes.

It's also possible, I believe, to make The Sun/Oracle JSSE provider FIPS 
compliant. Hmm maybe not: https://stackoverflow.com/a/5047855/276232
(FYI Stephen Colebourne tends to know what he's talking about.) It's a little 
unclear to me whether or not this is possible, while OpenSSL has very good 
documentation for how to build a FIPS-compliant binary library and then put it 
in the right mode.

How FIPS-compliant do you actually need to be? It's pretty trivial to make sure 
that you support certain algorithms, etc. and that you disable other ones. 
FIPS, however, technically requires that you enable certain algorithms that 
really should no longer be used. These days, strict FIPS compliance is IMHO a 
risk to be avoided.

-chris

> On Fri, 6 Nov, 2020, 12:51 Martin Grigorov,  wrote:
> 
>> Hi,
>>
>> On Fri, Nov 6, 2020 at 8:57 AM Avik Ray  wrote:
>>
>>> Dear team,
>>> Sending this query again after subscribing to the mailing list. Sent 
>>> it originally 3 days back, but just saw an error response in the 
>>> spam folder asking to subscribe first.
>>>
>>> We are using Tomcat 9.0.37 x64 on Windows Server 2016 OS and the NIO 
>>> connector with JSSE, without an underlying OpenSSL.
>>>
>>> As per Tomcat 9 docs, the only mention of FIPS compliant operation I 
>>> see is in the config of APR lifecycle listener, with the expectation 
>>> of an underlying OpenSSL implementation that can be set to FIPS 
>>> enabled mode. Ref:
>>> https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html
>>>
>>> Is it possible to be FIPS compliant with the usage of Tomcat, 
>>> without the above setting? We were thinking of using BouncyCastle 
>>> FIPS as the underlying Java crypto provider ins

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

2020-11-24 Thread Amit Pande

Avik,

Did you happen to try out the steps in README 
https://github.com/amitlpande/tomcat-9-fips here? I am looking for feedback 
from the community before I could add these steps (and some more) on Tomcat 
Security FAQ page. So, really appreciate your (and others') feedback.

The steps above rely purely on JSSE and JCA/JCE providers, no OpenSSL use.

These steps will enable a plain vanilla Tomcat to run in FIPS compliant mode. 
And as Chris mentioned below, we need to ensure any web app deployed within the 
Tomcat use FIPS compliant constructs.

Thanks,
Amit

-Original Message-
From: Christopher Schultz  
Sent: Friday, November 6, 2020 3:40 PM
To: Tomcat Users List ; Avik Ray 
Subject: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

On 11/6/20 14:50, Avik Ray wrote:
> Thanks a lot Anil for the detailed readme, and Martin for pointing me to it.
> 
> We have done most of these configs. Are these steps sufficient to 
> ensure that all incoming and outgoing TLS connections are FIPS compliant?

This isn't something that the Tomcat community can really comment on. If you 
have a requirement to be FIPS-compliant, then you will need to evaluate whether 
of not you have met that requirement yourself.

> Or is there also a need to compile an APR connector with an underlying 
> implementation of openssl?

You do not NEED to do this, but it is a possibility that will allow you to 
definitely put the crypto engine into "FIPS mode".

> Is the APR approach just an alternative to the JSSE approach covered 
> in Anil's readme, and both hold equally good to be FIPS compliant?

Theoretically, yes.

It's also possible, I believe, to make The Sun/Oracle JSSE provider FIPS 
compliant. Hmm maybe not: https://stackoverflow.com/a/5047855/276232
(FYI Stephen Colebourne tends to know what he's talking about.) It's a little 
unclear to me whether or not this is possible, while OpenSSL has very good 
documentation for how to build a FIPS-compliant binary library and then put it 
in the right mode.

How FIPS-compliant do you actually need to be? It's pretty trivial to make sure 
that you support certain algorithms, etc. and that you disable other ones. 
FIPS, however, technically requires that you enable certain algorithms that 
really should no longer be used. These days, strict FIPS compliance is IMHO a 
risk to be avoided.

-chris

> On Fri, 6 Nov, 2020, 12:51 Martin Grigorov,  wrote:
> 
>> Hi,
>>
>> On Fri, Nov 6, 2020 at 8:57 AM Avik Ray  wrote:
>>
>>> Dear team,
>>> Sending this query again after subscribing to the mailing list. Sent 
>>> it originally 3 days back, but just saw an error response in the 
>>> spam folder asking to subscribe first.
>>>
>>> We are using Tomcat 9.0.37 x64 on Windows Server 2016 OS and the NIO 
>>> connector with JSSE, without an underlying OpenSSL.
>>>
>>> As per Tomcat 9 docs, the only mention of FIPS compliant operation I 
>>> see is in the config of APR lifecycle listener, with the expectation 
>>> of an underlying OpenSSL implementation that can be set to FIPS 
>>> enabled mode. Ref:
>>> https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html
>>>
>>> Is it possible to be FIPS compliant with the usage of Tomcat, 
>>> without the above setting? We were thinking of using BouncyCastle 
>>> FIPS as the underlying Java crypto provider instead of OpenSSL for 
>>> multiple reasons.
>>>
>>> Are there any other dependencies Tomcat has on the underlying stack, 
>>> besides that provided by a Java crypto provider like BC-FIPS, having 
>>> a bearing on FIPS compliance?
>>>
>>> Please advise, as this is urgent for a FIPS compliance decision.
>>>
>>
>> Please check the README of this project - 
>> https://github.com/amitlpande/tomcat-9-fips
>> Amit Pande recently shared it here at users@.
>>
>> Regards,
>> Martin
>>
>>
>>>
>>> Thanks,
>>> Avik Ray
>>>
>>> 
>>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

9 matches

Site Navigation

Mail list logo

Footer information