This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 617d727578 Be more explicit about security considerations for
EncryptInterceptor
617d727578 is described below
commit 617d7275782bf58b45f6b7ea82c2edf16660e0b3
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jul 7 12:20:13 2026 +0100
Be more explicit about security considerations for EncryptInterceptor
---
webapps/docs/changelog.xml | 6 ++++++
webapps/docs/config/cluster-interceptor.xml | 14 +++++++++++---
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 34dbbe2c24..fe9a8b548a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,12 @@
<code>EncryptInterceptor</code> to <code>AES/GCM/NoPadding</code>. This
is a breaking change for the <code>EncryptInterceptor</code>. (markt)
</add>
+ <add>
+ Expand the documentation for the <code>EncryptInterceptor</code> to be
+ more explicit regarding the security weaknesses of some supported
+ algorithms. Also explicitly state that the replay protection is only
+ effective for non-malleable algorithms. (markt)
+ </add>
</changelog>
</subsection>
</section>
diff --git a/webapps/docs/config/cluster-interceptor.xml
b/webapps/docs/config/cluster-interceptor.xml
index d724f8331e..f9897d1863 100644
--- a/webapps/docs/config/cluster-interceptor.xml
+++ b/webapps/docs/config/cluster-interceptor.xml
@@ -241,8 +241,16 @@
<p>
The EncryptInterceptor uses the timestamp of the message to provide replay
protection. For this to be effective, clock skew between cluster nodes
- should be minimised. If not, it is likely a high proportion of valid
- messages will be rejected.
+ should be minimised. If the clock skew is not minimised, it is likely that
+ a high proportion of valid messages will be rejected.
+ </p>
+ <p>
+ The replay protection is only effective if the configured encryption
+ algorithm is not malleable. The default algorithm
+ (<code>AES/GCM/NoPadding</code>) is not malleable and replay protection
+ will be effective in the default configuration. Some supported algorithms
-
+ such as <code>AES/CBC/PKCS5Padding</code> - are malleable and the replay
+ protection will not be effective with such algoriths.
</p>
<attributes>
<attribute name="encryptionAlgorithm" required="false">
@@ -255,7 +263,7 @@
<p>The EncryptInterceptor currently supports the following standard
<a
href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation">block-cipher
modes</a>:
CBC, CFB, OFB and GCM. Of these, it is recommended that GCM is always
- used.</p>
+ used due to security weaknesses with the other block-cipher modes.</p>
<p>The length of the key will specify the flavor of the encryption
algorithm to be used, if applicable (e.g. AES-128 versus AES-256).</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]