Re: (tomcat) branch main updated: Warn for insecure PEM file encryption

Wed, 13 May 2026 12:48:04 -0700 

On 13/05/2026 18:42, Christopher Schultz wrote:

Mark,

AES is insecure?
AES is. It is the CBC that was flagegd as a potential issue. It does depend who you ask and exacty what question you ask. I've seen different answers fromn different sources so erred on the side of caution.
If we are convinced some of the warnings are unnecessary, we can remove them. 

Mark



-chris

On 5/13/26 10:03 AM, [email protected] wrote:

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
      new ba67ad1e87 Warn for insecure PEM file encryption
ba67ad1e87 is described below

commit ba67ad1e87231e57185776d54df911033b36d392
Author: Mark Thomas <[email protected]>
AuthorDate: Wed May 13 14:59:42 2026 +0100

     Warn for insecure PEM file encryption
---
  java/org/apache/tomcat/util/net/jsse/LocalStrings.properties | 2 ++
  java/org/apache/tomcat/util/net/jsse/PEMFile.java            | 7 +++ ++++ 
  webapps/docs/changelog.xml                                   | 4 ++++
  3 files changed, 13 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/jsse/ LocalStrings.properties b/java/org/apache/tomcat/util/net/jsse/ LocalStrings.properties 
index ef16a01b9e..10f6d8e301 100644
--- a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
@@ -20,6 +20,8 @@ jsseUtil.excludeProtocol=The SSL protocol [{0}] which is supported in this JRE w   jsseUtil.noDefaultProtocols=Unable to determine a default for sslEnabledProtocols. Set an explicit value to ensure the connector can start.   jsseUtil.opensslconf.present=A connector is configured to use a JSSE TLS implementation with OpenSSL specific OpenSSLConf configuration elements. The OpenSSLConf configuration elements will be ignored. +pemFile.encryption.broken=The PEM file [{0}] is using [{1}] which is considered broken because a brute force attack is trivial with current hardware +pemFile.encryption.insecure=The PEM file [{0}] is using [{1}] which is considered insecure as it is vulnerable to a brute-force attack   pemFile.noMultiPrimes=The PKCS#1 certificate is in multi-prime format and Java does not provide an API for constructing an RSA private key object from that format 
  pemFile.noPassword=A password is required to decrypt the private key
  pemFile.notPbkdf2=The OID [{0}] is not the correct OID for PKBDF2 which is the only permitted KDF for PBES2 diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/ org/apache/tomcat/util/net/jsse/PEMFile.java 
index fa52b75232..be8c690f42 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -51,6 +51,8 @@ import javax.crypto.spec.IvParameterSpec;
  import javax.crypto.spec.PBEKeySpec;
  import javax.crypto.spec.SecretKeySpec;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
  import org.apache.tomcat.util.buf.Asn1Parser;
  import org.apache.tomcat.util.buf.Asn1Writer;
  import org.apache.tomcat.util.buf.HexUtils;
@@ -64,6 +66,7 @@ import org.ietf.jgss.Oid;
   */
  public class PEMFile {
+    private static final Log log = LogFactory.getLog(PEMFile.class);
      private static final StringManager sm = StringManager.getManager(PEMFile.class); 
      private static final byte[] OID_EC_PUBLIC_KEY =
@@ -370,18 +373,21 @@ public class PEMFile {
                              secretKeyAlgorithm = "DES";
                              cipherTransformation = "DES/CBC/ PKCS5Padding"; 
                              keyLength = 8;
+ log.error(sm.getString("pemFile.encryption.broken", filename, algorithm)); 
                              break;
                          }
                          case "DES-EDE3-CBC": {
                              secretKeyAlgorithm = "DESede";
                              cipherTransformation = "DESede/CBC/ PKCS5Padding"; 
                              keyLength = 24;
+ log.warn(sm.getString("pemFile.encryption.insecure", filename, algorithm)); 
                              break;
                          }
                          case "AES-256-CBC": {
                              secretKeyAlgorithm = "AES";
                              cipherTransformation = "AES/CBC/ PKCS5Padding"; 
                              keyLength = 32;
+ log.warn(sm.getString("pemFile.encryption.insecure", filename, algorithm)); 
                              break;
                          }
                          default:
@@ -501,6 +507,7 @@ public class PEMFile {
                          throw new NoSuchAlgorithmException(
sm.getString("pemFile.unknownEncryptionAlgorithm", toDottedOidString(oidCipher))); 
                      }
+ log.warn(sm.getString("pemFile.encryption.insecure", filename, algorithm)); 
                      byte[] iv = p.parseOctetString();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9efb014883..2e590fed2d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -258,6 +258,10 @@
          Remove support for HTTP 0.9. (markt)
        </update>
        <!-- Entries for backport and removal before 12.0.0-M1 below this line --> 
+      <add>
+        Log a suitable warning if an encrypted PEM file is detected using an 
+        insecure form for encryption. (markt)
+      </add>
      </changelog>
    </subsection>
    <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to