Thanks Chris,
My debugging procedure started with listing all the ciphers in tomcat
explicitly, then I tried winnowing down the list until it worked. I
did use an extension in FF that let me disable certain ciphers
completely. It's possible that the preference order is different and
your browser chose something else. I might try again with the
APR/OpenSSL implementation and see if that is any more effective. Of
course, it might be an FF bug so I'll double check that as well.
I'll definitely remove the insecure ciphers.
Mark
On Wed, Nov 25, 2015 at 8:24 AM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> Mark,
>
> On 11/24/15 1:56 PM, Mark Robinson wrote:
>> My config is pretty vanilla.
>>
>> <Connector
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> port="8443" maxThreads="200"
>> ciphers="TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_EMPTY_RENEGOTIATION_INFO_
> SCSV,TLS_DH_anon_WITH_AES_128_GCM_SHA256,TLS_DH_anon_WITH_AES_128_CBC_SHA256,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_DES_CBC_SHA,TLS_KRB5_WITH_DES_CBC_MD5,TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
>> scheme="https" secure="true" SSLEnabled="true"
>> keystoreFile="conf/keystore.jks" keystorePass="changeit"
>> clientAuth="false" sslProtocol="TLS"/>
>>
>> This fails, because of the three problematic ciphers.
>
>
> I'm just going to list the ciphers you have in order here and make some
> comments.
>
> TLS_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> So the top 3 are giving you problems with ff and Chrome. I have ff using
> the second of those ciphers right now with a site I control, but SSL is
> being terminated by AWS ELB (likely some variant of haproxy).
>
> I just configured Tomcat 9 with sslProtocol="TLS" and I was able to
> connect using OpenSSL s_client -tls1_2 but not with other options. I was
> also unable to connect with Firefox 42, but Chrome 46 and Safari 9 can
> connect. I didn't try any versions of MSIE.
>
> Note that the TLS_RSA_WITH_AES_128_GCM_SHA256 algorithm is defined by
> TLSv1.2 and not before, thus only a TLSv1.2 handshake should be able to
> negotiate them.
>
> I added SSL_RSA_WITH_3DES_EDE_CBC_SHA, a cipher defined in TLSv1
> (arbitrarily-chosen), and now all browsers can connect. Strange that
> Firefox doesn't want to negotiate with only TLSv1.2 ciphers...
>
> When Firefox connects, it negotiates the 3DES cipher instead of the
> higher-security TLS_* ciphers. I wonder if Firefox doesn't support the
> RSA version of these ciphers, and I have an RSA key and no DHE key for
> my test server. Thus, Firefox can't negotiate until I supply a cipher
> that it does support.
>
> I can see that Chrome is using the DHE_RSA flavor when it handshakes. I
> think this is truly an issue of Firefox simply not supporting the
> ciphers you have chosen.
>
> Let's look at the rest of the list:
>
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_RSA_WITH_AES_128_CBC_SHA256
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> TLS_RSA_WITH_AES_128_CBC_SHA
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
> SSL_RSA_WITH_3DES_EDE_CBC_SHA !
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA !
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA !
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV
>
> Those listed above which I've annotated with a ! are somewhat low on
> security, as defined as having only 112 bits. Everything below this line
> should never be used unless you (a) don't actually care about security
> or (b) have other controls in place to mitigate the problems with those
> ciphers.
>
> The problems with the following ciphers are, in no particular order:
>
> 1. No authentication of the server ("anon")
> 2. No actual encryption is being used ("NULL")
> 3. Encryption is intentionally weak ("EXPORT")
> 4. Use of MD5 hash algorithm ("MD5")
> 5. Use of SHA1 hash algorhtm ("SHA")
>
> As for the list above... I'm not entirely sure why Firefox and Chrome
> would have a problem with them. I'll have to re-configure my test server
> and see what happens. Obviously, for me, adding the
> SSL_RSA_WITH_3DES_EDE_CBC_SHA already allowed Firefox to connect, so
> something else must be wrong with your configuration (or client).
>
> TLS_DH_anon_WITH_AES_128_GCM_SHA256 !
> TLS_DH_anon_WITH_AES_128_CBC_SHA256 !
> TLS_ECDH_anon_WITH_AES_128_CBC_SHA !
> TLS_DH_anon_WITH_AES_128_CBC_SHA !
> TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA !
> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA !
> SSL_RSA_WITH_DES_CBC_SHA !
> SSL_DHE_RSA_WITH_DES_CBC_SHA !
> SSL_DHE_DSS_WITH_DES_CBC_SHA !
> SSL_DH_anon_WITH_DES_CBC_SHA !
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA !
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA !
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA !
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA !
> TLS_RSA_WITH_NULL_SHA256 !
> TLS_ECDHE_ECDSA_WITH_NULL_SHA !
> TLS_ECDHE_RSA_WITH_NULL_SHA !
> SSL_RSA_WITH_NULL_SHA !
> TLS_ECDH_ECDSA_WITH_NULL_SHA !
> TLS_ECDH_RSA_WITH_NULL_SHA !
> TLS_ECDH_anon_WITH_NULL_SHA !
> SSL_RSA_WITH_NULL_MD5 !
> TLS_KRB5_WITH_3DES_EDE_CBC_SHA !
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5 !
> TLS_KRB5_WITH_DES_CBC_SHA !
> TLS_KRB5_WITH_DES_CBC_MD5 !
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA !
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 !
>
> -chris
>
>> As far as I know I'm not using any system properties to control JSSE.
>>
>> On Tue, Nov 24, 2015 at 10:16 AM, Christopher Schultz
>> <ch...@christopherschultz.net> wrote:
>>> Mark,
>>>
>>> On 11/24/15 12:36 PM, Mark Robinson wrote:
>>>> I'm having this problem with TLS in Firefox and Chrome. Some of my
>>>> requests are failing with an SSL MAC Bad Read error. I'm using Tomcat
>>>> 8.0.24 on Java 8.0_u66 / Ubuntu 14.04. So it works fine with IE, and
>>>> if I disable some ciphers then it works.
>>>>
>>>> If I disable these ciphers TLS_RSA_WITH_AES_128_GCM_SHA256,
>>>> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, then it works just fine.
>>>>
>>>> I've tried installing the Unlimited policy file.
>>>>
>>>> Has anyone else experienced this? Is there a known problem with these
>>>> ciphers?
>>>
>>> When your config isn't working, what does your <Connector> configuration
>>> look like? Remember to sanitize the config to remove any secrets.
>>>
>>> Also, are you using any related system properties to control JSSE, etc.?
>>>
>>> -chris
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
