-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 5/31/19 18:41, James H. H. Lampert wrote: > On 5/31/19, 3:34 AM, bernd.sch...@daimler.com wrote: >> You can run a small java program on your jvm to print out the >> supported And default protocols. Yet, I didn’t find a better >> way. >> >> e.g. ==> >> https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679 609085.html >> > >> > If I set the same JAVA_HOME as Tomcat was launched under, and > compile and run "Ciphers.java" from the above site, on the customer > box, I get: > >> Default Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SH * >> SSL_DHE_DSS_WITH_AES_128_CBC_SHA * >> SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 >> SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 * >> SSL_DHE_DSS_WITH_AES_256_CBC_SHA * >> SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 >> SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 SSL_DHE_DSS_WITH_DES_CBC_SHA >> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_128_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 >> SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 * >> SSL_DHE_RSA_WITH_AES_256_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 >> SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 SSL_DHE_RSA_WITH_DES_CBC_SHA >> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA >> SSL_DH_anon_WITH_AES_128_CBC_SHA >> SSL_DH_anon_WITH_AES_128_CBC_SHA256 >> SSL_DH_anon_WITH_AES_128_GCM_SHA256 >> SSL_DH_anon_WITH_AES_256_CBC_SHA >> SSL_DH_anon_WITH_AES_256_CBC_SHA256 >> SSL_DH_anon_WITH_AES_256_GCM_SHA384 SSL_DH_anon_WITH_DES_CBC_SHA >> * SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA * >> SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >> SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * >> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA * >> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >> SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >> SSL_ECDHE_ECDSA_WITH_NULL_SHA * >> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA * >> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >> SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * >> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA * >> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >> SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >> SSL_ECDHE_RSA_WITH_NULL_SHA * >> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA * >> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >> SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 * >> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA * >> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >> SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 >> SSL_ECDH_ECDSA_WITH_NULL_SHA * >> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA * >> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 >> SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 * >> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA * >> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384 >> SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 SSL_ECDH_RSA_WITH_NULL_SHA >> SSL_ECDH_anon_WITH_AES_128_CBC_SHA >> SSL_ECDH_anon_WITH_AES_256_CBC_SHA SSL_ECDH_anon_WITH_NULL_SHA >> SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5 >> SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA SSL_KRB5_WITH_DES_CBC_MD5 >> SSL_KRB5_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA >> SSL_RSA_FIPS_WITH_DES_CBC_SHA * >> SSL_RSA_WITH_AES_128_CBC_SHA * >> SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_RSA_WITH_AES_128_GCM_SHA256 * >> SSL_RSA_WITH_AES_256_CBC_SHA * >> SSL_RSA_WITH_AES_256_CBC_SHA256 SSL_RSA_WITH_AES_256_GCM_SHA384 >> SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_NULL_MD5 >> SSL_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA256 * >> TLS_EMPTY_RENEGOTIATION_INFO_SCSV Other than the fact that none of those start with TLS_ like all modern cipher suites do, the above looks okay. > FOR COMPARISON PURPOSES, what we get on our box is: >> Default Cipher * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * >> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA * >> SSL_DHE_DSS_WITH_AES_128_CBC_SHA * >> SSL_DHE_DSS_WITH_AES_256_CBC_SHA * >> SSL_DHE_DSS_WITH_DES_CBC_SHA * >> SSL_DHE_DSS_WITH_RC4_128_SHA * >> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * >> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_128_CBC_SHA * >> SSL_DHE_RSA_WITH_AES_256_CBC_SHA * >> SSL_DHE_RSA_WITH_DES_CBC_SHA >> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA >> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 >> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA >> SSL_DH_anon_WITH_AES_128_CBC_SHA >> SSL_DH_anon_WITH_AES_256_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA >> SSL_DH_anon_WITH_RC4_128_MD5 SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5 >> SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA >> SSL_KRB5_EXPORT_WITH_RC4_40_MD5 SSL_KRB5_EXPORT_WITH_RC4_40_SHA >> SSL_KRB5_WITH_3DES_EDE_CBC_MD5 SSL_KRB5_WITH_3DES_EDE_CBC_SHA >> SSL_KRB5_WITH_DES_CBC_MD5 SSL_KRB5_WITH_DES_CBC_SHA >> SSL_KRB5_WITH_RC4_128_MD5 SSL_KRB5_WITH_RC4_128_SHA * >> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA * >> SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 * >> SSL_RSA_EXPORT_WITH_RC4_40_MD5 * >> SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA * >> SSL_RSA_FIPS_WITH_DES_CBC_SHA * >> SSL_RSA_WITH_3DES_EDE_CBC_SHA * >> SSL_RSA_WITH_AES_128_CBC_SHA * >> SSL_RSA_WITH_AES_256_CBC_SHA * SSL_RSA_WITH_DES_CBC_SHA >> SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA * >> SSL_RSA_WITH_RC4_128_MD5 * SSL_RSA_WITH_RC4_128_SHA Almost all of the above cipher suites are useless. Anything starting with SSL_*_DSS uses DSS authentication which is used by exactly nobody. Same thing with KRB5 -- nobody is being KErberos for TLS/SSL. Everyone uses either RSA or Elliptic Curve certificates. Anything containing _anon_, EXPORT, FIPS, RC4, or MD5 should be eliminated as providing weak or actually-useless security. Anything containing NULL means that there is no encryption. Duh. So we are left with this list: > * SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * > SSL_DHE_RSA_WITH_AES_128_CBC_SHA * > SSL_DHE_RSA_WITH_AES_256_CBC_SHA * > SSL_DHE_RSA_WITH_DES_CBC_SHA * > SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA * > SSL_RSA_FIPS_WITH_DES_CBC_SHA * > SSL_RSA_WITH_3DES_EDE_CBC_SHA * SSL_RSA_WITH_AES_128_CBC_SHA > * SSL_RSA_WITH_AES_256_CBC_SHA * > SSL_RSA_WITH_DES_CBC_SHA All of those use SHA1 signatures which are no longer considered secure. That means that basically none of these cipher suites are acceptable for a modern security posture. Here's what we have enabled at $work for production: Supported Protocol Cipher Accepted TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 Accepted TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 Accepted TLSv1.2 TLS_RSA_WITH_AES_128_GCM_SHA256 Accepted TLSv1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Accepted TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Accepted TLSv1.1 TLS_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1.1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1.1 TLS_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1 TLS_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1 TLS_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA There are some cipher suites in there with _SHA at the end. Those are in there for ancient browsers that simply can't do modern protocols, and they are prioritized to the bottom of the list. But everything else is pretty good IMO. SSLLabs/Qualys still complains about every one of those except these two : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ... calling the others "weak". I think that's because they consider anytning that isn't using ECDHE+GCM to be "weak". Well, it's the best we can do right now without going up to TLSv1.3. Anyhow, if the client (or the server) is being run with any decent kind of TLS configuration, then the second list of supported cipher suites shown above will simply not be able to connect. Assuming that you are using the built-in Java JSSE provider, then the problem is that your Java version is just too old: you need a newer version of Java to get better cipher suites. You never said what version(s) of Java you are using. You also didn't mention whether or not you had installed the "Unlimited Strength Cipher" patch that you really should install for older versions of Java. You have to re-install that patch every time you upgrade Java (until you get to a recent version, where they removed that stupid cipher strength limitation). Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzxxyoACgkQHPApP6U8 pFhn8Q/9F/9bU3pTFeooxzR6oSCCy2J99jJWPP2gjtItszlA5qdimz8O+/kq9WiX mOEpmmzj1VvBODIcoaHW/p+nIFKuC2BuStWCrJo4VQ+7bL6ci4O5GkcifZLUKSuI Z6zAO22ZcbazmFW4spLZzpUVOtrZpYrWDG9Qwij/F8MGnFlUq1P0sTVbXwZ254cQ hRelsKxQMgd6yUrd4WLgJ81BZe4GPdLt1JjRTeF1j9wGUC++zNjNGsdJ/xYPh+ZN WbtpvklJ3N9o4F6S1FYr7c0IcQqsdk0cY6MizQyip9OrZBEfyKJ7y7kSfgIWZ8VR hCP6HHddOqR4mevaUXaCE4PFx8rzuDlroCrTwaiIkGoQkQfEkOWitZ+R8XQvUlt0 d4GKetbP0xokXCLv3akmjCMqtxOgwgv3W2go/GvEwv2pqZMPQ36GxMr9TcHoUSLc TaZOVvUtc+OaKTijKQGvM4wOBEtK72xtpK7Z993aORx9ZwWCFTuGeaq3PYNX9Hps H6tvpM/FoMb6mnmDnCvJ+qANKh/T7MCyWCd3KKISmuyH4UPJJlXiqg5ipIXojqYU xzGV34kuM18F+zmNtBjhCrK9ULNFkxmsyrFXAcdB7f5ezTlwb7RKP/EI6vaeElAp m48mnUps58dzMkd/Ejd6vWQ7gSr1P++4kBESVXAbybgEqRdlnLc= =UCiO -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
