This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new eda27e3b5 [security] update list of preferred TLS ciphers
eda27e3b5 is described below
commit eda27e3b5d768f10c9fd809d790df919d08bcfdc
Author: Alexey Serbin <[email protected]>
AuthorDate: Tue Aug 23 18:19:39 2022 -0700
[security] update list of preferred TLS ciphers
After revising the list of preferred TLS ciphers for Kudu in [1],
it turned out that some FIPS 140-2 environments using custom JSSE
providers (e.g., particular versions of BouncyCastle and CaseLogic)
lack AES-GCM ciphers, so Kudu Java client applications could not
establish a TLS connection to Kudu servers since the AES-CBC ciphers
were intentionally removed from the list due to their inferior
performance compared with AES-GCM counterparts.
This patch addresses the issue, appending AES-CCM and AES-CBC ciphers
to the list of preferred ones. The CBC counterparts of the AES-GCM
ciphers are known to be much less performant on modern x86_64 CPUs,
but at least there should be a shared cipher to establish a connection
using TLSv1.2 protocol in such environments.
This is a follow-up to [1].
[1]
https://github.com/apache/kudu/commit/a8fb42dc34e8f1f876db5b26fc3f5eb3196ce854
Change-Id: I2f8e251acd34fc4ede367b030cd16841527042bc
Reviewed-on: http://gerrit.cloudera.org:8080/18900
Reviewed-by: Attila Bukor <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
---
.../src/main/java/org/apache/kudu/client/Negotiator.java | 8 ++++++++
src/kudu/security/security_flags.cc | 11 +++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git
a/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
b/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
index 0e3c3618e..5fe628598 100644
--- a/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
+++ b/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
@@ -138,6 +138,14 @@ public class Negotiator extends
SimpleChannelInboundHandler<CallResponse> {
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", // TLSv1.2: Java 8
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // TLSv1.2: Java 12
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", // TLSv1.2: Java 12
+ // The following AES CBC ciphers are present to be around when no AES GCM
+ // ciphers are available (that's so for some FIPS 140-2 environments).
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", // TLSv1.2: custom JSSE
providers
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", // TLSv1.2: custom JSSE
providers
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",// TLSv1.2: Java 7
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", // TLSv1.2: Java 7
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",// TLSv1.2: Java 7
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", // TLSv1.2: Java 7
};
/**
diff --git a/src/kudu/security/security_flags.cc
b/src/kudu/security/security_flags.cc
index ae7e36c59..c337cdd22 100644
--- a/src/kudu/security/security_flags.cc
+++ b/src/kudu/security/security_flags.cc
@@ -26,11 +26,18 @@ namespace security {
// This is TLSv1.2-related section from the "intermediate compatibility" cipher
// list of the Mozilla Security Server Side TLS recommendations without the
// DH AES ciphers: they are not included since we are not configured to use
-// the DH key agreement.
+// the DH key agreement. In addition, for compatibility with certain
+// FIPS 140-2 environments where AES-GCM ciphers are not available at the
+// client side (e.g. due to custom JSSE providers lacking AES-GCM ciphers),
+// the AES-CCM and AES-CBC ciphers are added to be the ciphers of the least
+// priority (with CCM prefered over CBC).
const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCiphers =
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
- "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305";
+ "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"
+ "ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:"
+ "ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:"
+ "ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
// This is the "modern compatibility" TLSv1.3 cipher list of the Mozilla
// Security Server Side TLS recommendations, accessed March 2021.
