Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Fri, 04 Dec 2020 09:58:29 -0800 

George,

On 12/3/20 21:59, George Stanchev wrote:

Java's FIPS mode is "expirmental" feature that was removed in later
Java versions. It was never certified (AFAIK).
I've always found conflicting information about whether or not Java's crypto module was FIPS-certified or not. Sun/Oracle have documentation which suggests that, at least under some configurations, it IS certified, but there is precious little information about it. 


I suspect you can pay Oracle to give you the magic that makes it 
certified. I've never cared enough about it to actually try to find it 
out. I find FIPS to be a useless requirement that doesn't add any 
security beyond what usual best-practices would give you.



But I don't do work in intelligence or military applications, so I'm 
allowed to thumb my nose at such things.



To me the only two viable options are via APR+OpenSSL 1.0.1/FIPS and BCFIPS.



NIO+JSSE/OpenSSL ought to be okay, theoretically. The 
"AprLifecycleListener" is a misnomer; it really should be the 
"TcnativeLivecycleListener". You can use it to configure OpenSSL into 
FIPS mode and still use NIO+OpenSSL as your connector.



We have implemented the later and have ran into issues with RSA keys.
First the C# BCPROV doesn't support 4096 bit RSA keys

What? It's like the most popular configuration in the world right now.


(I know weird, but our config app is C# and we use BCFIPS/C# there)
but that's OK, you can use Windows CNG or CAPI but of course you have
to put the whole Windows in FIPS which is not prarctical all the
time. >

>

But second, and most important BCFIPS implements stricter FIPS
requirement that an RSA key cannot be used for both encipherment and
signature and BCFIPS really tracks the usage.

That's appropriate, actually. What's the problem, there?


This, combined with the fact that Tomcat (8.5.someting about an year
ago) doesn't really support multiple keys for SSL that can be
dynamically selected really leaves you with only DSA key.

I'm curious what version that is, because Tomcat will definitely select 
the appropriate certificate from a set of RSA/DSA/ECDSA-based certs.



Now, BC does support a system property to disable this FIPS
requirement but now you are not FIPS compliant, strictly speaking.

Well... FIPS is all about strictness. You can certainly use the OpenSSL 
FIPS module without entering FIPS mode, but, well, then you aren't 
actually using the FIPS module, then, are you.


"
Man: We have the most sophisticated door-locks money can buy!
Woman: Who has access to the keys?

Man: It's super secure! Nobody has access to the the keys because we 
never engage the locks!

"


Which, as FIPS-compliancy goes, might or might not be a problem as it
is really a self-reporting. Also, no way to get PKCS12 keystores in
FIPS mode so you're stuck with BCKFS or PEMs.

I didn't realize tat PKCS12 doesn't work in FIPS mode. Why not?

Thanks,
-chris


-----Original Message-----
From: Amit Pande <amit.pa...@veritas.com>
Sent: Tuesday, November 24, 2020 9:31 AM
To: Tomcat Users List <users@tomcat.apache.org>; Avik Ray <avikra...@gmail.com>
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

Did you happen to try out the steps in README 
https://github.com/amitlpande/tomcat-9-fips here? I am looking for feedback 
from the community before I could add these steps (and some more) on Tomcat 
Security FAQ page. So, really appreciate your (and others') feedback.

The steps above rely purely on JSSE and JCA/JCE providers, no OpenSSL use.

These steps will enable a plain vanilla Tomcat to run in FIPS compliant mode. 
And as Chris mentioned below, we need to ensure any web app deployed within the 
Tomcat use FIPS compliant constructs.

Thanks,
Amit

-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Friday, November 6, 2020 3:40 PM
To: Tomcat Users List <users@tomcat.apache.org>; Avik Ray <avikra...@gmail.com>
Subject: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Avik,

On 11/6/20 14:50, Avik Ray wrote:

Thanks a lot Anil for the detailed readme, and Martin for pointing me to it.

We have done most of these configs. Are these steps sufficient to
ensure that all incoming and outgoing TLS connections are FIPS compliant?


This isn't something that the Tomcat community can really comment on. If you 
have a requirement to be FIPS-compliant, then you will need to evaluate whether 
of not you have met that requirement yourself.


Or is there also a need to compile an APR connector with an underlying
implementation of openssl?


You do not NEED to do this, but it is a possibility that will allow you to definitely put 
the crypto engine into "FIPS mode".


Is the APR approach just an alternative to the JSSE approach covered
in Anil's readme, and both hold equally good to be FIPS compliant?


Theoretically, yes.

It's also possible, I believe, to make The Sun/Oracle JSSE provider FIPS 
compliant. Hmm maybe not: https://stackoverflow.com/a/5047855/276232
(FYI Stephen Colebourne tends to know what he's talking about.) It's a little 
unclear to me whether or not this is possible, while OpenSSL has very good 
documentation for how to build a FIPS-compliant binary library and then put it 
in the right mode.

How FIPS-compliant do you actually need to be? It's pretty trivial to make sure 
that you support certain algorithms, etc. and that you disable other ones. 
FIPS, however, technically requires that you enable certain algorithms that 
really should no longer be used. These days, strict FIPS compliance is IMHO a 
risk to be avoided.

-chris


On Fri, 6 Nov, 2020, 12:51 Martin Grigorov, <mgrigo...@apache.org> wrote:


Hi,

On Fri, Nov 6, 2020 at 8:57 AM Avik Ray <avikra...@gmail.com> wrote:


Dear team,
Sending this query again after subscribing to the mailing list. Sent
it originally 3 days back, but just saw an error response in the
spam folder asking to subscribe first.

We are using Tomcat 9.0.37 x64 on Windows Server 2016 OS and the NIO
connector with JSSE, without an underlying OpenSSL.

As per Tomcat 9 docs, the only mention of FIPS compliant operation I
see is in the config of APR lifecycle listener, with the expectation
of an underlying OpenSSL implementation that can be set to FIPS
enabled mode. Ref:
https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html

Is it possible to be FIPS compliant with the usage of Tomcat,
without the above setting? We were thinking of using BouncyCastle
FIPS as the underlying Java crypto provider instead of OpenSSL for
multiple reasons.

Are there any other dependencies Tomcat has on the underlying stack,
besides that provided by a Java crypto provider like BC-FIPS, having
a bearing on FIPS compliance?

Please advise, as this is urgent for a FIPS compliance decision.



Please check the README of this project -
https://github.com/amitlpande/tomcat-9-fips
Amit Pande recently shared it here at users@.

Regards,
Martin




Thanks,
Avik Ray

--------------------------------------------------------------------
- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  
X  ܚX KK[XZ[
  \ \  ][  X  ܚX P X ]
  \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
  \ \  Z[ X ]
  \X K ܙ B

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to