Re: tcnative CVE-2015-4000 (Logjam)

Mon, 15 Jun 2015 08:23:54 -0700 

On 06/15/2015 09:50 AM, Christopher Schultz wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arthur,

On 6/13/15 8:42 PM, Arthur Ramsey wrote:

I have working binaries for Linux x64 and Windows x64 if anyone
needs them.

Thanks for offering, but:

1. Anyone running Linux should be able to trivially build their own.
True, but there may be other locked into an older version of tomcat like me, which requires some modifications to the latest 1.1.x. Here's the patch. 

jni/native/include/ssl_private.h

85,87c85
< #define SSL_PROTOCOL_TLSV1_1    (1<<3)
< #define SSL_PROTOCOL_TLSV1_2    (1<<4)
< #define SSL_PROTOCOL_ALL        
(SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
---

#define SSL_PROTOCOL_ALL        
(SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)


jni/native/src/sslcontext.c

71,89c71
<     if (protocol == SSL_PROTOCOL_TLSV1_2) {
< #ifdef SSL_OP_NO_TLSv1_2
<         if (mode == SSL_MODE_CLIENT)
<             ctx = SSL_CTX_new(TLSv1_2_client_method());
<         else if (mode == SSL_MODE_SERVER)
<             ctx = SSL_CTX_new(TLSv1_2_server_method());
<         else
<             ctx = SSL_CTX_new(TLSv1_2_method());
< #endif
<     } else if (protocol == SSL_PROTOCOL_TLSV1_1) {
< #ifdef SSL_OP_NO_TLSv1_1
<         if (mode == SSL_MODE_CLIENT)
<             ctx = SSL_CTX_new(TLSv1_1_client_method());
<         else if (mode == SSL_MODE_SERVER)
<             ctx = SSL_CTX_new(TLSv1_1_server_method());
<         else
<             ctx = SSL_CTX_new(TLSv1_1_method());
< #endif
<     } else if (protocol == SSL_PROTOCOL_TLSV1) {
---

    if (protocol == SSL_PROTOCOL_TLSV1) {

163,170d144
< #ifdef SSL_OP_NO_TLSv1_1
<     if (!(protocol & SSL_PROTOCOL_TLSV1_1))
<         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
< #endif
< #ifdef SSL_OP_NO_TLSv1_2
<     if (!(protocol & SSL_PROTOCOL_TLSV1_2))
<         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
< #endif



2. Anyone wanting Arthur's binaries should be absolutely sure they
trust him.

(No offense to Arthur, but accepting binaries from someone on a
mailing list is always a big of a red flag.) :)
Agreed, I probably wouldn't trust some random binary :P, but documentation is fairly lacking on building tcnative for windows x64 and it requires commercial software. I've built it before and had some trouble building it from the branch. Any estimate on when 1.1.34 binaries will be released? 


It should still work with newer versions of tomcat 7 providing the
SSLProtocol is set to TLSv1?

SSLProtocol should be set to "TLSv1+TLSv1.1+TLSv1.2", but on certain
older versions of Tomcat 7 this won't work. I can't remember exactly
when we implemented this, and then there was a bug in the
implementation, etc., so you should just upgrade to 7.0.current which
definitely works as documented.
Yeah, I use 7.0.55 and "TLSv1+TLSv1.1+TLSv1.2" only enables TLSv1. We should update tomcat, but we are migrating to Wildfly anyway. 


The Windows binary has SSLv2 and SSLv3 disabled at compile time.

Good, though lots and lots of people still need to support SSLv3.

- -chris


On 6/13/2015 3:30 PM, Arthur Ramsey wrote:

Building the latest from svn branch 1.1.x seems to work.  I had
to do some modifications to get TLSv1.1 and TLSv1.2 when using
|SSLProtocol="all" |because I'm using tomcat 7.0.55.

Thanks for the help, Arthur

On 6/11/2015 3:34 PM, Arthur Ramsey wrote:

On 06/11/2015 02:35 PM, Christopher Schultz wrote:

Arthur,

On 6/11/15 2:14 PM, Arthur Ramsey wrote:

Is anyone aware of a way to mitigate the Logjam attack
with tomcat 7 and java 7?

Disable DHE_EXPORT on the server?

I believe I have, but Qualys SSL Server Test still fails me
on the Logjam check.

SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-

SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA
- -AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES12
8-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES1
28-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES25
6-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DH
E-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES
256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK



I use tcnative and openssl-1.0.2a both compiled from
source in production today, but I would be open to JSSE
too.  I believe I need Java 8 to mitigate CVE-2015-4000
with JSSE.

Why?

See
http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-gr

oup-in-java-sslengine-to-prevent-logjam-attack

I don't see anyway to use a unique 2048-bit or greater DH
group with tcnative currently.

I believe you are correct; there is a bug in BZ:
https://bz.apache.org/bugzilla/show_bug.cgi?id=56108

It looks like 1.1.34 will have this feature. You can build the
current trunk of the 1.1 branch and probably be okay.

Thanks, I'll give it a try.  Scary to use in production, but
it may be my best answer.

I'm not sure if there is anything I can do at compile
time.  I'd rather not change the cipher suites as I want
to maintain browser support.

You should disable EXPORT certificates no matter what. Or were you
talking about the DH parameters?

I was talking about DH parameters.

My server configuration passed the Qualys SSL Server Test
with flying colors until Logjam, so I would be worried
about regressions on other security fixes if I used
JSSE.

-chris

-------------------------------------------------------------------

- --



To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail:
users-h...@tomcat.apache.org


Thanks, Arthur




-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVfuZHAAoJEBzwKT+lPKRYrkAP/0LsRarD3oy3Gu/eT1qRazKq
XDZD2ebdpdMnEdaYgNu8xv1T26PerAZSpHStcd+UN+fcjxTeXuIxcRVIHBJ+8Ctu
QMZc1Xb3dVUt8f2717m+zd0ACEA2Uzkcl1TDzkrmvSGpEE8/iOltskxnaRxV7nAm
ojBp8ksdxfdIrKUviC+lLOqBZfE23BQdL5BA09KqFEPMoMWcDc28aUNAB3Heh05A
NEWVgD1WFXV7XLQggv869wF453+vberSpCfDP64UxdwPLpsSH/B0hPfuJg1ap86t
g5cUnEmcATIxEtnbkh+kBwjDqvyLzPSG1BUvvZNVUiMCdGjs+WGUX6Indfj4+Fpx
nMAMRfbLqR4jJ3HWNkZ70iRzLsmd2XTaVFklgqHGCScjrrqtAQCIq1nGY0ro5MIq
dXoJkaQuV0Vw4767r4JuhWewt+OEhSsvrmcMyVrFQtamkVt+Pngr3ufwk+HuVjhB
l2+54YVSHAs7wj310vuz8ymI2rQ07AGLEXAHkVKiIB/VoQOVoQjLkMNHTB4Mda0T
w+9f9d0op4SOdLhqDyeJd8Hn8cAaEVxk88vFaOo6orFVHGs0BsS1R3PWrx4xj//q
IXgJ8Cp0Y1sbZ/8kPtpyLsmg0250BmBj1icRla3EZiVidbVRSlnPQPT+KEAWc8hZ
qzgsCk2dvMHi8FFQvK1Y
=b2wW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ram...@mediture.com
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including 
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or 
disclosure of this information is STRICTLY PROHIBITED; you are requested to 
delete this e-mail and any attachments, notify the sender immediately, and 
notify the Mediture Privacy Officer at privacyoffi...@mediture.com.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to