Re: configuring ciphers for SSL Labs server test

[logo]

Hi Baron,

Am 12.05.2018 05:36, schrieb Baron Fujimoto:
Hmm, I'm now getting an A grade using:

    <SSLHostConfig hostName="cas-dev.its.hawaii.edu"
                   protocols="TLSv1.1+TLSv1.2+TLS1.3"
                   certificateVerification="none"
                   honorCipherOrder="true"

ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK" >

If I'm sufficiently motivated next week, I'll see if I can sort out 
exactly what
the deal was. But for now, it's Friday and pau hana time...

(yes, tomcat 8.5.x and Java 1.8_x)

On Fri, May 11, 2018 at 07:39:25AM +0100, Mark Thomas wrote:
On 11/05/18 03:35, Baron Fujimoto wrote:
Yes, the host is behind an F5 load balacer, but AFAIK it should be 
passing
all the TLS/SSL directly to the real host to handle.

You don't say which Tomcat version is being used. I assume one of the
8.5.x versions since the 8.5.x docs are referenced.

8.5.x should get an A from SSLLabs with the default configuration:
https://wiki.apache.org/tomcat/Security/Ciphers

I recently updated that page but 8.5.x was getting a A two years ago 
as
well.

Are you sure Java 8 is being used?

Mark



On Thu, May 10, 2018 at 11:23:44PM +0000, Scott Hoenigman wrote:
Are you using a load balancer?



Sent from my T-Mobile 4G LTE Device


-------- Original message --------
From: David Wall <d.w...@computer.org>
Date: 5/10/18 6:15 PM (GMT-06:00)
To: users@tomcat.apache.org
Subject: Re: configuring ciphers for SSL Labs server test

We're doing good with this:

        <SSLHostConfig certificateVerification="none"
protocols="TLSv1.1, TLSv1.2" honorCipherOrder="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
        >


On 5/10/18 2:45 PM, Baron Fujimoto wrote:
I'm trying to improve our grade on SSL Labs SSL server test[1] for 
our
Tomcat configuraton. Currently, their report caps our grade at B 
because,
"This server does not support Authenticated encryption (AEAD) 
cipher
suites". They report that we support the following cipher suites:

# TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

# TLS 1.1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

I'm not sure why SSL Labs is seeing such a limited set of ciphers. 
We are
using Java 1.8.0_162, and I believe we have the Java Cryptography
Extension (JCE) properly installed. I have the following connector
defined (this version explicitly lists ciphers I think should 
satisfy the
AEAD cipher requirement[2]):

     <Connector 
protocol="org.apache.coyote.http11.Http11NioProtocol"
                address="0.0.0.0"
                port="8443"
                maxThreads="500"
                maxPostSize="100000"
                scheme="https" secure="true"
                defaultSSLHostConfigName="foo.example.edu"
                SSLEnabled="true" >
         <SSLHostConfig hostName="foo.example.edu"
                        protocols="TLSv1.1+TLSv1.2+TLS1.3"
                        certificateVerification="none"
                        honorCipherOrder="true"
                        
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
                                :!TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
                                :!TLS_DHE_RSA_WITH_AES_128_CBC_SHA
                                :!TLS_DHE_RSA_WITH_AES_256_CBC_SHA
                                
:!TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
                                
:!TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
                                
:!TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
                                
:!TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
                                :!TLS_RSA_WITH_AES_128_CBC_SHA
                                :!TLS_RSA_WITH_AES_256_CBC_SHA
                                :!TLS_RSA_WITH_AES_128_CBC_SHA256
                                :!TLS_RSA_WITH_AES_256_CBC_SHA256
                                :!TLS_RSA_WITH_AES_128_GCM_SHA256
                                :!TLS_RSA_WITH_AES_256_GCM_SHA384
                                
:!TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                                
:!TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
                                
:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
                                
:TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
                                
:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
                                
:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
                                
:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
                                
:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
                                
:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                                
:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
                                :TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
                                :TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
                                
:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
                                
:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
                                
:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
                                
:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
                                :TLS_DHE_RSA_WITH_AES_128_CBC_SHA
                                :TLS_DHE_RSA_WITH_AES_256_CBC_SHA
                                
:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
                                
:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" >
             <Certificate certificateKeystoreType="pkcs12"
                          
certificateKeystoreFile="/home/cas/keystore/foo.pkcs12.keystore" >
             </Certificate>
         </SSLHostConfig>
     </Connector>



You are >>mixing<< java- and openssl-cipher-names. To my knowledge and 
interpretation og [4] you may use either or. Plus you should avoid 
whitespace. Don't know how openssl handles whitespace between the ":", 
Java strings separated with "," are fault-tolerant.

Best regards
Peter

I've mapped the cipher suite names using the OpenSSL cipher suite 
name
list[3]. I originally started with
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK", but had 
the same
result, so subsequently tried adding the specific ciphers shown 
above. The
tomcat SSLHostConfig docs state that either the OpenSSL or JSSE 
cipher
names may be used[4].

Any suggestions on what I may be doing wrong or for further 
troubleshooting?

References:
[1] <https://www.ssllabs.com/ssltest/analyze.html>
[2] 
<https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites>
[3] 
<https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-SUITE-NAMES>
[4] 
<https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org