Re: TLS+SSLv3 but no SSLv2
Chris, thanks for all your help, everyting is up and running. I settled for 'ALL:!EXP:!LOW:!SSLv2' which is exaclty what I need. You should take a look at this guy's tool, here: http://www.unspecific.com/2009/02/16/ssl-cipher-check this looks helpful, unfortunately the script (not the page) seems to be 404 :( regards from Berlin Jens Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz ch...@christopherschultz.net 01/22/2010 07:47 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:51 PM, Jens Neu wrote: Christopher, maybe that was a bit premature, running with SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2: openssl s_client -ssl2 -connect server:8443 CONNECTED(0003) --- SSL handshake has read 1135 bytes and written 236 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher: DES-CBC3-MD5 Session-ID: 21D7302FAF313F61DF24661249FCF7FD Session-ID-ctx: Master-Key: 3CAC5F9B8889222FFF7E1106232BFE34FC7A2CBD078833E0 Key-Arg : 448CA2E3F880EF06 Start Time: 1264182312 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- :( --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 In my environment, openssl reports: $ openssl ciphers 'SSLv2'| sed -e 's/:/\n/g' DES-CBC3-MD5 - you got this one DES-CBC-MD5 EXP-RC2-CBC-MD5 RC2-CBC-MD5 EXP-RC4-MD5 RC4-MD5 Looks like all those are the same ones, meaning that 100% of the openssl SSLv2 ciphers are available from Tomcat. Stupid question: did you re-start Tomcat after making the SSLCipher change? Again, here's what I get for the cipher string we've been trying: $ openssl ciphers 'ALL:!SSLv2:+HIGH:+MEDIUM'| sed -e 's/:/\n/g' ADH-DES-CBC-SHA EXP-ADH-DES-CBC-SHA EXP-ADH-RC4-MD5 EDH-RSA-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC4-MD5 ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA ADH-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA ADH-RC4-MD5 RC4-SHA RC4-MD5 I don't see any of the SSLv2 ciphers in there except for RC4-MD5, which I suppose would still allow you to connect. One thing I noticed is that your cipher string is not valid: $ openssl ciphers '-ALL:+HIGH:+MEDIUM:!SSLv2'| sed -e 's/:/\n/g' Error in cipher list 16374:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1185: You have to have something without - or + prefixing it. Apparently, you have to start with a list before you start modifying it :) Try the string I have above and see if that works. RC4-MD5 might still work, though. You should take a look at this guy's tool, here: http://www.unspecific.com/2009/02/16/ssl-cipher-check Our production server's httpd is configured to use HIGH:MEDIUM:-SSLv2 and the results of the above script confirm that only decent ciphers are available: $ ./ssl-cipher-check.pl [mysite] Testing [mysite]:443 SSLv3:RC4-MD5 - ENABLED - STRONG 128 bits SSLv3:EDH-RSA-DES-CBC3-SHA - ENABLED - STRONG 168 bits SSLv3:DHE-RSA-AES128-SHA - ENABLED - STRONG 128 bits SSLv3:DES-CBC3-SHA - ENABLED - STRONG 168 bits SSLv3:RC4-SHA - ENABLED - STRONG 128 bits SSLv3:DHE-RSA-AES256-SHA - ENABLED - STRONG 256 bits SSLv3:AES128-SHA - ENABLED - STRONG 128 bits SSLv3:AES256-SHA - ENABLED - STRONG 256 bits TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits TLSv1:EDH-RSA-DES-CBC3-SHA - ENABLED - STRONG 168 bits TLSv1:DHE-RSA-AES128-SHA - ENABLED - STRONG 128 bits TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits TLSv1:RC4-SHA - ENABLED - STRONG 128 bits TLSv1:DHE-RSA-AES256-SHA - ENABLED - STRONG 256 bits TLSv1:AES128-SHA - ENABLED - STRONG 128 bits TLSv1:AES256-SHA - ENABLED - STRONG 256 bits *WARNING* 6 WEAK Ciphers Enabled. Total Ciphers Enabled: 22 I was unable to verify that any WEAK ciphers were enabled, and I cound 16 enabled ciphers, not 22. So, maybe this script isn't the greatest thing around :) With HIGH:MEDIUM:-SSLv2, I cannot connect using openssl s_client - -ssl2, which is a good thing. Try a different/better cipher string. Always check against openssl cipher to make sure that it's kosher before enabling it in your server. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ8nkACgkQ9CaO5/Lv0PBLDwCfa3ESeJCygI42yQ2jGQ0YUoZO IPsAnju+4lL4lNWuF6TnG6B5cW8EzPNe =9+YO -END PGP SIGNATURE
Re: TLS+SSLv3 but no SSLv2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/25/2010 8:16 AM, Jens Neu wrote: Chris, thanks for all your help, everyting is up and running. I settled for 'ALL:!EXP:!LOW:!SSLv2' which is exaclty what I need. You should take a look at this guy's tool, here: http://www.unspecific.com/2009/02/16/ssl-cipher-check this looks helpful, unfortunately the script (not the page) seems to be 404 :( Yup, which was a complaint mentioned (and fixed) in the comments. Again, the script itself yields some dubious results. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktd7vsACgkQ9CaO5/Lv0PDLnQCfSZhQO4a+jLAkfUwavIvj7Bq4 icMAn0oZgUY5kW4Xwicz55p0g8tj98vA =DLCY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
TLS+SSLv3 but no SSLv2
Dear all, on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the SSLProtocol: Protocol which may be used for communicating with clients. The default is all, with other acceptable values being SSLv2, SSLv3, TLSv1, and SSLv2+SSLv3. Does this really mean that I can not allow a TLSv1+SSLv3 setting while forbidding SSLv2? It seems so to me, since setting SSLProtocol to this obvioulsy defaults to ALL :-( regards Jens Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document.
RE: TLS+SSLv3 but no SSLv2
From: Jens Neu [mailto:jens@biotronik.com] Subject: TLS+SSLv3 but no SSLv2 Does this really mean that I can not allow a TLSv1+SSLv3 setting while forbidding SSLv2? I was under the impression that specifying TLSv1 would include SSLv3, since there are provisions within TLS to handle SSLv3. Note that TLSv1.0 - TLVv1.2 and SSLv3 all have the same major version number. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TLS+SSLv3 but no SSLv2
unfortunately the behaviour for SSLProtocol=TLSv1 is: j...@eluveitie:~ openssl s_client -ssl3 -connect server:8443 CONNECTED(0003) 9167:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40 9167:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: while openssl s_client -tls1 -connect server:8443 works just fine. On top I also could not get IE 6.x to work with this, even with checking the TLS 1.0 setting in the Internet Options. -Jens Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Caldarale, Charles R chuck.caldar...@unisys.com 01/22/2010 05:42 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject RE: TLS+SSLv3 but no SSLv2 From: Jens Neu [mailto:jens@biotronik.com] Subject: TLS+SSLv3 but no SSLv2 Does this really mean that I can not allow a TLSv1+SSLv3 setting while forbidding SSLv2? I was under the impression that specifying TLSv1 would include SSLv3, since there are provisions within TLS to handle SSLv3. Note that TLSv1.0 - TLVv1.2 and SSLv3 all have the same major version number. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document.
Re: TLS+SSLv3 but no SSLv2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 11:10 AM, Jens Neu wrote: on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the SSLProtocol: Protocol which may be used for communicating with clients. The default is all, with other acceptable values being SSLv2, SSLv3, TLSv1, and SSLv2+SSLv3. Does this really mean that I can not allow a TLSv1+SSLv3 setting while forbidding SSLv2? It seems so to me, since setting SSLProtocol to this obvioulsy defaults to ALL :-( I agree with Chuck: TLSv1 ~= SSLv3. Although the protocol attribute has a limited set of values you can choose, you can always set the ciphers you will allow using the ciphers attribute. This will allow you to pick and choose the ciphers regardless of the overall protocol that you choose. The ciphers available depend upon your environment, but these are the ones I can see in mine: java version 1.6.0_12 Java(TM) SE Runtime Environment (build 1.6.0_12-b04) Java HotSpot(TM) Server VM (build 11.2-b01, mixed mode) Default Cipher * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA * SSL_DHE_DSS_WITH_DES_CBC_SHA * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_RC4_128_MD5 * SSL_RSA_EXPORT_WITH_DES40_CBC_SHA * SSL_RSA_EXPORT_WITH_RC4_40_MD5 * SSL_RSA_WITH_3DES_EDE_CBC_SHA * SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA * SSL_RSA_WITH_RC4_128_MD5 * SSL_RSA_WITH_RC4_128_SHA * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_RC4_128_SHA * TLS_RSA_WITH_AES_128_CBC_SHA Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ2ncACgkQ9CaO5/Lv0PCMJACfTyFfj8zJS7tkGRewU0h2gkct fxkAn320dKYKKYrJ/jPyXOtMXy0I9fGE =NL0x -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TLS+SSLv3 but no SSLv2
Christopher, my Problem is that I have a requirement that SSLv2 shall be forbidden, but not SSLv3 and TLS. On top, also forbidden are ciphers =128bit. I was hoping to tackle this with SSLProtocol=TLSv1+SSLv3 SSLCipher=-ALL:+HIGH:+MEDIUM without manually selecting all ciphers. Since I'm on apr/openssl, I assume that my available ciphers are what gives me openssl ciphers? So this leaves me with no other option than crawling through all the ciphers? Certainly looking forward to it ;-) regards Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz ch...@christopherschultz.net 01/22/2010 06:05 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 11:10 AM, Jens Neu wrote: on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the SSLProtocol: Protocol which may be used for communicating with clients. The default is all, with other acceptable values being SSLv2, SSLv3, TLSv1, and SSLv2+SSLv3. Does this really mean that I can not allow a TLSv1+SSLv3 setting while forbidding SSLv2? It seems so to me, since setting SSLProtocol to this obvioulsy defaults to ALL :-( I agree with Chuck: TLSv1 ~= SSLv3. Although the protocol attribute has a limited set of values you can choose, you can always set the ciphers you will allow using the ciphers attribute. This will allow you to pick and choose the ciphers regardless of the overall protocol that you choose. The ciphers available depend upon your environment, but these are the ones I can see in mine: java version 1.6.0_12 Java(TM) SE Runtime Environment (build 1.6.0_12-b04) Java HotSpot(TM) Server VM (build 11.2-b01, mixed mode) Default Cipher * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA * SSL_DHE_DSS_WITH_DES_CBC_SHA * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_RC4_128_MD5 * SSL_RSA_EXPORT_WITH_DES40_CBC_SHA * SSL_RSA_EXPORT_WITH_RC4_40_MD5 * SSL_RSA_WITH_3DES_EDE_CBC_SHA * SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA * SSL_RSA_WITH_RC4_128_MD5 * SSL_RSA_WITH_RC4_128_SHA * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_RC4_128_SHA * TLS_RSA_WITH_AES_128_CBC_SHA Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ2ncACgkQ9CaO5/Lv0PCMJACfTyFfj8zJS7tkGRewU0h2gkct fxkAn320dKYKKYrJ/jPyXOtMXy0I9fGE =NL0x -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document.
Re: TLS+SSLv3 but no SSLv2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:30 PM, Jens Neu wrote: Christopher, my Problem is that I have a requirement that SSLv2 shall be forbidden, but not SSLv3 and TLS. On top, also forbidden are ciphers =128bit. I was hoping to tackle this with SSLProtocol=TLSv1+SSLv3 SSLCipher=-ALL:+HIGH:+MEDIUM without manually selecting all ciphers. Since I'm on apr/openssl, I assume that my available ciphers are what gives me openssl ciphers? So this leaves me with no other option than crawling through all the ciphers? Certainly looking forward to it ;-) How about SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2? The APR documentation points you to the openssl documentation for reference. The above SSLCipher yields: $ openssl ciphers '-ALL:HIGH:MEDIUM:!SSLv2'| sed -e 's/:/\n/g' ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA ADH-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA ADH-RC4-MD5 RC4-SHA RC4-MD5 Are those acceptable? You don't have to list all the ciphers if you don't want to. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ4coACgkQ9CaO5/Lv0PC3xwCcDtuaednrMBZRcZmUOneFoE/M Wy8AoIQ3w/Zctnw8tTU2kHdW4Y7xynkM =mFDc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TLS+SSLv3 but no SSLv2
Christopher, yes, thats it! Merci bien :-) I was reading http://www.openssl.org/docs/apps/ciphers.html for reference, thats where I got scared that I had to check all of them for 128bit. Didn't know that SSLCipher= is actually understood by openssl. Its Friday finally :) Jens Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz ch...@christopherschultz.net 01/22/2010 06:36 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:30 PM, Jens Neu wrote: Christopher, my Problem is that I have a requirement that SSLv2 shall be forbidden, but not SSLv3 and TLS. On top, also forbidden are ciphers =128bit. I was hoping to tackle this with SSLProtocol=TLSv1+SSLv3 SSLCipher=-ALL:+HIGH:+MEDIUM without manually selecting all ciphers. Since I'm on apr/openssl, I assume that my available ciphers are what gives me openssl ciphers? So this leaves me with no other option than crawling through all the ciphers? Certainly looking forward to it ;-) How about SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2? The APR documentation points you to the openssl documentation for reference. The above SSLCipher yields: $ openssl ciphers '-ALL:HIGH:MEDIUM:!SSLv2'| sed -e 's/:/\n/g' ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA ADH-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA ADH-RC4-MD5 RC4-SHA RC4-MD5 Are those acceptable? You don't have to list all the ciphers if you don't want to. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ4coACgkQ9CaO5/Lv0PC3xwCcDtuaednrMBZRcZmUOneFoE/M Wy8AoIQ3w/Zctnw8tTU2kHdW4Y7xynkM =mFDc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document.
Re: TLS+SSLv3 but no SSLv2
Christopher, maybe that was a bit premature, running with SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2: openssl s_client -ssl2 -connect server:8443 CONNECTED(0003) ... --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 --- SSL handshake has read 1135 bytes and written 236 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher: DES-CBC3-MD5 Session-ID: 21D7302FAF313F61DF24661249FCF7FD Session-ID-ctx: Master-Key: 3CAC5F9B8889222FFF7E1106232BFE34FC7A2CBD078833E0 Key-Arg : 448CA2E3F880EF06 Start Time: 1264182312 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document.
Re: TLS+SSLv3 but no SSLv2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:51 PM, Jens Neu wrote: Christopher, maybe that was a bit premature, running with SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2: openssl s_client -ssl2 -connect server:8443 CONNECTED(0003) --- SSL handshake has read 1135 bytes and written 236 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher: DES-CBC3-MD5 Session-ID: 21D7302FAF313F61DF24661249FCF7FD Session-ID-ctx: Master-Key: 3CAC5F9B8889222FFF7E1106232BFE34FC7A2CBD078833E0 Key-Arg : 448CA2E3F880EF06 Start Time: 1264182312 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- :( --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 In my environment, openssl reports: $ openssl ciphers 'SSLv2'| sed -e 's/:/\n/g' DES-CBC3-MD5 - you got this one DES-CBC-MD5 EXP-RC2-CBC-MD5 RC2-CBC-MD5 EXP-RC4-MD5 RC4-MD5 Looks like all those are the same ones, meaning that 100% of the openssl SSLv2 ciphers are available from Tomcat. Stupid question: did you re-start Tomcat after making the SSLCipher change? Again, here's what I get for the cipher string we've been trying: $ openssl ciphers 'ALL:!SSLv2:+HIGH:+MEDIUM'| sed -e 's/:/\n/g' ADH-DES-CBC-SHA EXP-ADH-DES-CBC-SHA EXP-ADH-RC4-MD5 EDH-RSA-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC4-MD5 ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA ADH-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA ADH-RC4-MD5 RC4-SHA RC4-MD5 I don't see any of the SSLv2 ciphers in there except for RC4-MD5, which I suppose would still allow you to connect. One thing I noticed is that your cipher string is not valid: $ openssl ciphers '-ALL:+HIGH:+MEDIUM:!SSLv2'| sed -e 's/:/\n/g' Error in cipher list 16374:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1185: You have to have something without - or + prefixing it. Apparently, you have to start with a list before you start modifying it :) Try the string I have above and see if that works. RC4-MD5 might still work, though. You should take a look at this guy's tool, here: http://www.unspecific.com/2009/02/16/ssl-cipher-check Our production server's httpd is configured to use HIGH:MEDIUM:-SSLv2 and the results of the above script confirm that only decent ciphers are available: $ ./ssl-cipher-check.pl [mysite] Testing [mysite]:443 SSLv3:RC4-MD5 - ENABLED - STRONG 128 bits SSLv3:EDH-RSA-DES-CBC3-SHA - ENABLED - STRONG 168 bits SSLv3:DHE-RSA-AES128-SHA - ENABLED - STRONG 128 bits SSLv3:DES-CBC3-SHA - ENABLED - STRONG 168 bits SSLv3:RC4-SHA - ENABLED - STRONG 128 bits SSLv3:DHE-RSA-AES256-SHA - ENABLED - STRONG 256 bits SSLv3:AES128-SHA - ENABLED - STRONG 128 bits SSLv3:AES256-SHA - ENABLED - STRONG 256 bits TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits TLSv1:EDH-RSA-DES-CBC3-SHA - ENABLED - STRONG 168 bits TLSv1:DHE-RSA-AES128-SHA - ENABLED - STRONG 128 bits TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits TLSv1:RC4-SHA - ENABLED - STRONG 128 bits TLSv1:DHE-RSA-AES256-SHA - ENABLED - STRONG 256 bits TLSv1:AES128-SHA - ENABLED - STRONG 128 bits TLSv1:AES256-SHA - ENABLED - STRONG 256 bits *WARNING* 6 WEAK Ciphers Enabled. Total Ciphers Enabled: 22 I was unable to verify that any WEAK ciphers were enabled, and I cound 16 enabled ciphers, not 22. So, maybe this script isn't the greatest thing around :) With HIGH:MEDIUM:-SSLv2, I cannot connect using openssl s_client - -ssl2, which is a good thing. Try a different/better cipher string. Always check against openssl cipher to make sure that it's kosher before enabling it in your server. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ8nkACgkQ9CaO5/Lv0PBLDwCfa3ESeJCygI42yQ2jGQ0YUoZO IPsAnju+4lL4lNWuF6TnG6B5cW8EzPNe =9+YO -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org