> -----Original Message----- > From: Mark Eggers [mailto:its_toas...@yahoo.com.INVALID] > Sent: Wednesday, October 15, 2014 11:57 AM > To: Tomcat Users List > Subject: Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining > support for TLS 1.1 and TLS 1.2 > > John, > > > > On Wednesday, October 15, 2014 6:20 AM, John Blaut > <john.bl...@gmail.com> wrote: > > > When SSLv3 is enabled, it seems TLS1.1 and TLS 1.2 are supported > however. > > It seems strange that the SSLv3 option controls the availability of TLS1.1 > > and TLS1.2. > > > > Now that SSLv3 is considered insecure and more people start to disable it, > > I suppose many on APR/Native will encounter the same issue. > > Is there any way to preserve TLS1.1 & TLS1.2 whilst disabling SSLv3? > > > > Regards > > > > John > > > > From the Google blog post: > > Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to > mitigate this issue, but presents significant compatibility problems, even > today. > I run Apache HTTPD in front of Tomcat servers, so I think it will be possible > to > disable the second (CBC-mode ciphers with SSL 3.0). I haven't really read the > APR/Native SSL configuration carefully enough to know if this is possible with > Tomcat. > > As an aside, for the last 500K hits I've seen 37 requests that have used CBC- > mode ciphers with SSLv3. At least for the sites I am concerned with disabling > this does not seem to have 'significant compatibility problems'. > > >
Mark, The APR connector does allow us to specify the list of supported ciphers with the SSLCipherSuite parameter and also allows us to specify that the list is in a preferred order with the SSLHonorCipherOrder parameter. The list I am currently using comes from the Mozilla Wiki (https://wiki.mozilla.org/Security/Server_Side_TLS) which offers 3 different lists based on the browser compatibility that one requires. You should be able to disable the CBC ciphers in the list that you choose. However, according to OpenSSL's own research (https://www.openssl.org/~bodo/ssl-poodle.pdf), this attack really leaves us with no secure cipher suites for SSL 3.0, so disabling SSLv3 is the way to go. The problem arises in the implementation of the APR connector in Tomcat. While the native library supports and implements all versions of TLS when the "all" setting is used, there is no way to specify that you only want all the TLS protocols. If you specify TLSv1, you will only get TLSv1.0, and not the two newer protocols, and if you try to use the usual "TLSv1+TLSv1.1+TLSv1.2" you get an error. And on top of this, if you utilize the "intermediate" list found on the Mozilla Wiki, you end up with a list of TLS-only ciphers, but tools like Qualys will still ding you for having SSLv3.0 turned on at all, at not look at the list of ciphers. Jeff
