This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 617d727578 Be more explicit about security considerations for 
EncryptInterceptor
617d727578 is described below

commit 617d7275782bf58b45f6b7ea82c2edf16660e0b3
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jul 7 12:20:13 2026 +0100

    Be more explicit about security considerations for EncryptInterceptor
---
 webapps/docs/changelog.xml                  |  6 ++++++
 webapps/docs/config/cluster-interceptor.xml | 14 +++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 34dbbe2c24..fe9a8b548a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,12 @@
         <code>EncryptInterceptor</code> to <code>AES/GCM/NoPadding</code>. This
         is a breaking change for the <code>EncryptInterceptor</code>. (markt)
       </add>
+      <add>
+        Expand the documentation for the <code>EncryptInterceptor</code> to be
+        more explicit regarding the security weaknesses of some supported
+        algorithms. Also explicitly state that the replay protection is only
+        effective for non-malleable algorithms. (markt)
+      </add>
     </changelog>
   </subsection>
 </section>
diff --git a/webapps/docs/config/cluster-interceptor.xml 
b/webapps/docs/config/cluster-interceptor.xml
index d724f8331e..f9897d1863 100644
--- a/webapps/docs/config/cluster-interceptor.xml
+++ b/webapps/docs/config/cluster-interceptor.xml
@@ -241,8 +241,16 @@
    <p>
      The EncryptInterceptor uses the timestamp of the message to provide replay
      protection. For this to be effective, clock skew between cluster nodes
-     should be minimised. If not, it is likely a high proportion of valid
-     messages will be rejected.
+     should be minimised. If the clock skew is not minimised, it is likely that
+     a high proportion of valid messages will be rejected.
+   </p>
+   <p>
+     The replay protection is only effective if the configured encryption
+     algorithm is not malleable. The default algorithm
+     (<code>AES/GCM/NoPadding</code>) is not malleable and replay protection
+     will be effective in the default configuration. Some supported algorithms 
-
+     such as <code>AES/CBC/PKCS5Padding</code> - are malleable and the replay
+     protection will not be effective with such algoriths.
    </p>
    <attributes>
      <attribute name="encryptionAlgorithm" required="false">
@@ -255,7 +263,7 @@
        <p>The EncryptInterceptor currently supports the following standard
        <a 
href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation";>block-cipher
 modes</a>:
        CBC, CFB, OFB and GCM. Of these, it is recommended that GCM is always
-       used.</p>
+       used due to security weaknesses with the other block-cipher modes.</p>
 
        <p>The length of the key will specify the flavor of the encryption
        algorithm to be used, if applicable (e.g. AES-128 versus AES-256).</p>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to