Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 5/26/14, 5:43 PM, Tim Whittington wrote: On 27/05/2014, at 6:09 am, Christopher Schultz ch...@christopherschultz.net wrote: snip If you run the code I referenced elsewhere in this thread, you'll see that some of the components are available, just not in the combinations you have above: $ java -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' java version 1.7.0_55 Java(TM) SE Runtime Environment (build 1.7.0_55-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode) Supported SSL Protocols: TLSv1 (SunJSSE) TLSv1.1 (SunJSSE) TLSv1.2 (SunJSSE) DefaultCipher Name * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_NULL_SHA256 So, you can get ECDHE_(ECDSA|RSA)_AES, but not with a 256-bit cipher. You can get a 128-bit cipher and a 256-bit hash, but not higher-bit hash functions. Oracle Java 7 has no GCM support (AIX does I think, but from memory the cipher suite names are different), and some of the cipher-suites don’t exist (see below). GCM was originally targeted for JDK 7 (which is why the cipher suite names and AEAD APIs in the JCE are there) but the implementation didn’t show up until JDK 8. I find no ciphers with 384-bit hashes in Oracle Java 8, but there are 256-bit ones -- at least in the Mac OS X build: Do you have the unrestricted crypto policy files installed? I have never hacked my own Java installation, so likely no. Without those, 128 bit security ciphers (== 256 bit hashes) are suppressed. Hmm. I'll look into that. Yep, installing the updated policy files unlocks a bunch of additional ciphers. Thanks! Cipher suites with SHA384 are definitely available on both JDK 7 and JDK 8 on OS X. Yeah, I saw those listed on Sun's site, but figured that they were just lies or something :) That's why I always Trust But Verify. If the code won't do it, the documentation's assertion that it /will/ do it is kind of irrelevant. I’m using the interactive mode of https://github.com/timw/groktls to dump these. Cool. I was just using the SSLInfo class and grep, obviously :) I've been thinking that the way Tomcat does JSSE cipher suites is a bit ... verbose. It would be nice to roll something like what groktls/OpenSSL can do into Tomcat. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJThLGCAAoJEBzwKT+lPKRYEnEQAJUV4pgN8ozx6Sivbm0c+TEh fodo5X7NDQMoNDfdPQoPugibcEbnxDEtfcgj1LPTwEviOUFg47BoVbl8W0i4uvGS JBUW/9strJNZ9nqZ3goLjWwgxMn5NY5tJMziooRFRoLCXxFVp3+3E0uO0l7getzI TUAsBbaAyrYwMTFlHMaP8HcGTOJeixRqQpXwHqMp88UukylT9uu5/cb4khMgmea4 lFlQx2ZII2FAUR3fHgVLSl9C9PddhYC2Y5QvNi9YLBlXNlrXXk88yZzVXkmDdEF0 7MNrLKHaE3hZrhdJK/HXkZc6EnQ7VXezQ4ARSBidOvBZZnYcnZ6Z+7mSkyHQCpPo KmwaF6Szm6nxT2h0PNrlziFhKJ9JHdD7Gbhi/tabeM7ffn91GkU1Atsqq0NGE4JF bcqHHSa3+xW2B/dSCcYQc+Ec7ZRoJumkM//U3xd+iXTPis2L/vPVRveDDGtMavVu 1pU41Q3GlJhwu9pwJ1RnLWm9kMLEbLUFuzUBPK9rkzTt45fudLVXFGpdGH+izPgb X8E7v2X1z+kVaaR9HWMCgiHyZjEoVCXLnJaBfBYmMSNc3bJoEPCrMpXSyzPCH7cJ RclVEw4sOh5ZyK+UsdkPeYW1Ft01UJ3nvczpYM7OxgwDJhdpo/E3glv0BihAC7ax kbk5g4EG77rZ7c9s1CEf =xJ/g -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
Documentation aside, none of these cipher-suites are supported in Oracle Java 7. The AES_CBC ciphers I had there are supported in Java 7. I have already concluded as much regarding the AES_x_GCM. Using Java 8 one have access to these higher GCM ciphers, but only very few obscure browsers supports them. Therefore neither AES_256_GCM nor SHA384 can be used yet. Also because of the the JSSE cipher ordering it will always choose AES_x_CBC instead over AES_x_GCM if both are in the Connector cipher list. See table: Default Enabled Cipher Suites http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Same ordering you get from getDefaultCipherSuites(); SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); String[] cipherSuites = factory.getDefaultCipherSuites(); for (String cipher : cipherSuites) { if ((cipher.startsWith(TLS_ECDHE) || cipher.startsWith(TLS_DHE)) !cipher.contains(ECDSA) //Need Elliptic Curve Certificates for this !cipher.contains(RC4) !cipher.contains(DES) !cipher.contains(DSS) !cipher.contains(NULL)) { System.out.println(cipher); } } TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 From one of my previous post where I listed the available ciphers that Chromium supports, only these can be used: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 But Tomcat will never choose a GCM cipher because they are last in the list. 2014-05-26 3:34 GMT+02:00 Tim Whittington t...@apache.org: On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote: snip ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / Documentation aside, none of these cipher-suites are supported in Oracle Java 7. Oracle Java 7 has no GCM support (AIX does I think, but from memory the cipher suite names are different), and some of the cipher-suites don’t exist (see below). GCM was originally targeted for JDK 7 (which is why the cipher suite names and AEAD APIs in the JCE are there) but the implementation didn’t show up until JDK 8. I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites This is not true for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265 or TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 in Java 7 or 8 (only SHA/ SHA384 or AES_128 variants of these are listed in the docs and reported by the JRE). i.e. for whatever reason, SHA384 and SHA are coupled with AES_256, and SHA256 and SHA are coupled with AES_128. The email trail Christopher linked should help you discover what’s available on the system you’re running on. cheers tim For the record, these are the ECDHE cipher suites supported in Oracle Java 7, excluding those that use SHA(1): Cipher Kx Au EncMode Key Str MacSize Unsafe TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHEECDSAAESCBC 256 (256) SHA384 384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHERSA AESCBC 256 (256) SHA384 384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHEECDSAAESCBC 128 (128) SHA256 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256ECDHERSA AESCBC 128 (128) SHA256 256 Oracle Java 8 adds the following ECDHE + GCM cipher suites (again not including SHA(1)) to the list above: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHEECDSAAESGCM 256 (256) SHA384 384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHEECDSAAESGCM 128 (128) SHA256 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHERSA AESGCM 256 (256) SHA384 384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHERSA
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
On 26/05/2014, at 6:58 pm, Sverre Moe sverre@gmail.com wrote: Documentation aside, none of these cipher-suites are supported in Oracle Java 7. The AES_CBC ciphers I had there are supported in Java 7. I have already concluded as much regarding the AES_x_GCM. Using Java 8 one have access to these higher GCM ciphers, but only very few obscure browsers supports them. Therefore neither AES_256_GCM nor SHA384 can be used yet. Latest versions of Firefox and Chrome (and others I suspect) use GCM ciphers (gmail seems to prefer them for example). Also because of the the JSSE cipher ordering it will always choose AES_x_CBC instead over AES_x_GCM if both are in the Connector cipher list. See table: Default Enabled Cipher Suites http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Same ordering you get from getDefaultCipherSuites(); You don’t have to accept the default ciphers, or ordering. Check the docs for the HTTP connector to see how to configure this. tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
Latest versions of Firefox and Chrome (and others I suspect) use GCM ciphers (gmail seems to prefer them for example). Yes, but it only supports AES_128_GCM_SHA256. No Chromium support for AES_256_GCM_SHA384. Neither does it support SHA256/SHA384 for AES_X_CBC. You don’t have to accept the default ciphers, or ordering. Check the docs for the HTTP connector to see how to configure this. If one use the APR Connector with OpenSSL and sets SSLHonorCipherOrder, but the JSSE Connector does not have such a parameter. I realize I didn't specify that in my original post, but I need to use JSSE since I am running SLES (which has an old version of OpenSSL). 2014-05-26 11:25 GMT+02:00 Tim Whittington t...@apache.org: On 26/05/2014, at 6:58 pm, Sverre Moe sverre@gmail.com wrote: Documentation aside, none of these cipher-suites are supported in Oracle Java 7. The AES_CBC ciphers I had there are supported in Java 7. I have already concluded as much regarding the AES_x_GCM. Using Java 8 one have access to these higher GCM ciphers, but only very few obscure browsers supports them. Therefore neither AES_256_GCM nor SHA384 can be used yet. Latest versions of Firefox and Chrome (and others I suspect) use GCM ciphers (gmail seems to prefer them for example). Also because of the the JSSE cipher ordering it will always choose AES_x_CBC instead over AES_x_GCM if both are in the Connector cipher list. See table: Default Enabled Cipher Suites http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Same ordering you get from getDefaultCipherSuites(); You don’t have to accept the default ciphers, or ordering. Check the docs for the HTTP connector to see how to configure this. tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 5/25/14, 9:34 PM, Tim Whittington wrote: On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote: snip ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / Documentation aside, none of these cipher-suites are supported in Oracle Java 7. If you run the code I referenced elsewhere in this thread, you'll see that some of the components are available, just not in the combinations you have above: $ java -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' java version 1.7.0_55 Java(TM) SE Runtime Environment (build 1.7.0_55-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode) Supported SSL Protocols: TLSv1 (SunJSSE) TLSv1.1 (SunJSSE) TLSv1.2 (SunJSSE) Default Cipher Name * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_NULL_SHA256 So, you can get ECDHE_(ECDSA|RSA)_AES, but not with a 256-bit cipher. You can get a 128-bit cipher and a 256-bit hash, but not higher-bit hash functions. Oracle Java 7 has no GCM support (AIX does I think, but from memory the cipher suite names are different), and some of the cipher-suites don’t exist (see below). GCM was originally targeted for JDK 7 (which is why the cipher suite names and AEAD APIs in the JCE are there) but the implementation didn’t show up until JDK 8. I find no ciphers with 384-bit hashes in Oracle Java 8, but there are 256-bit ones -- at least in the Mac OS X build: $ /Library/Java/JavaVirtualMachines/disabled/jdk1.8.0.jdk/Contents/Home/bin/java - -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' java version 1.8.0-ea Java(TM) SE Runtime Environment (build 1.8.0-ea-b99) Java HotSpot(TM) 64-Bit Server VM (build 25.0-b41, mixed mode) * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_NULL_SHA256 So as Tim says, Oracle Java 7 doesn't support this stuff. And neither does Java 8. If you want higher-grade encryption (and you want it to run faster), consider switching to the OpenSSL-based APR connector: performance is one of the major reasons for using the APR connector, and its a bit more efficient than the NIO connector and certainly better than the BIO connector. - -chris I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites This is not true for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265 or TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 in Java 7 or 8 (only SHA/ SHA384 or AES_128 variants of these are listed in the docs and reported by the JRE). i.e. for whatever reason, SHA384 and SHA are coupled with AES_256, and SHA256 and SHA are coupled with AES_128. The email trail Christopher linked should help you discover what’s available on the system you’re running on. cheers tim For the record, these are the ECDHE cipher suites supported in Oracle Java 7, excluding those that use SHA(1): Cipher Kx Au Enc Mode Key Str MacSize Unsafe TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHEECDSAAES CBC 256 (256) SHA384 384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHERSA AESCBC 256 (256) SHA384 384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHEECDSAAES CBC 128 (128) SHA256 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHERSA AESCBC 128 (128) SHA256 256 Oracle Java 8 adds the following ECDHE + GCM cipher
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sverre, On 5/26/14, 5:42 AM, Sverre Moe wrote: Latest versions of Firefox and Chrome (and others I suspect) use GCM ciphers (gmail seems to prefer them for example). Yes, but it only supports AES_128_GCM_SHA256. No Chromium support for AES_256_GCM_SHA384. Neither does it support SHA256/SHA384 for AES_X_CBC. You don’t have to accept the default ciphers, or ordering. Check the docs for the HTTP connector to see how to configure this. If one use the APR Connector with OpenSSL and sets SSLHonorCipherOrder, but the JSSE Connector does not have such a parameter. Right: JSSE doesn't support server-preferred cipher ordering, but the cipher order in Java 7 looks reasonable to me: http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites Unfortunately, explicitly setting the server's preferred cipher order requires the use of Java 8: http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html (See the final bullet point on that page) There's a bug to support this in Bugzilla: https://issues.apache.org/bugzilla/show_bug.cgi?id=55988 Vote for the bug if you want it fixed. ;) I realize I didn't specify that in my original post, but I need to use JSSE since I am running SLES (which has an old version of OpenSSL). How old? 0.9.8 is okay, but has fewer ciphers and does not support TLS 1.2. As a bonus, it never had heartbeat support ;) - -chris 2014-05-26 11:25 GMT+02:00 Tim Whittington t...@apache.org: On 26/05/2014, at 6:58 pm, Sverre Moe sverre@gmail.com wrote: Documentation aside, none of these cipher-suites are supported in Oracle Java 7. The AES_CBC ciphers I had there are supported in Java 7. I have already concluded as much regarding the AES_x_GCM. Using Java 8 one have access to these higher GCM ciphers, but only very few obscure browsers supports them. Therefore neither AES_256_GCM nor SHA384 can be used yet. Latest versions of Firefox and Chrome (and others I suspect) use GCM ciphers (gmail seems to prefer them for example). Also because of the the JSSE cipher ordering it will always choose AES_x_CBC instead over AES_x_GCM if both are in the Connector cipher list. See table: Default Enabled Cipher Suites http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Same ordering you get from getDefaultCipherSuites(); You don’t have to accept the default ciphers, or ordering. Check the docs for the HTTP connector to see how to configure this. tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTg4dhAAoJEBzwKT+lPKRYuAkP/jyuUuAEMo1NMHwZaYytCSK1 i41hYRdPjY4bDoSK48cPWZLu+ZHm7FzPyrfUTx2t7lX2Fb7jxkQZ6ph94P/4Rh4T TmMPleeECVfWFCT0aIbuGfduX4DpXX2gwZrFopmScGyFpYBl8K6vfLGFafM8k1w5 Pp+cRBKlXoYRwoKboaWv+xbPpwcmTJrNkr/TcFu7b3r25uxGVaT5ASSKrUP8gTFU rCzMTpCJE6GFCLID4xd6pzFW7AB3Yy3hrzJHu7udPg2nP+e7qS+rEf9f3bwDQJet 2qNqJAoVopSGo/gNRua0RFx+NcQtW63X56kKszSrifK2M4ef8h5jw5ti/X000Zaf L21o4LtzhpmvvE1RNjE+T6yXHkiWLzUREp5s8LuYvw/4oarL88IHeadRgLsDFOYb k3tNsAdFRhiS0bSsPkjSaUdsn4jryohJK5ExBibIJcXwWFdW/fmi/6gcSPU4sBXZ ADBo5sqZrtlhS7uQRVdpbCT8d9SsaBaCSjap85f/ETTI0vXDqdIntjIciC8uOqXb upVZycrBuFSbGIKRqZug+7MtKLp37KtXBmoiW7tHNKw8Q+ABLM+DX/BuqJx9sa+N cQUNbZRl3DZnsThB1CY+xowIS0vZJss/Qyz880TrYa80/RgUCOcHrsrpo1EYl0Ws wISpL4l0AiMzr71iCcIA =DWt5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
AES GCM mode is not in Java 7, that is right. These higher cipher suites are supported and implemented in Java 8. There is just that none of the major browsers support them. *http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites* Made my own Java code for listing out the default ciphers. It uses the same piece of code as SSLInfo does. As you can see the 256bit ciphers are there. Java 7 does support the AES 256-bit ciphers, but in CBC mode and not GCM mode. SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); String[] defaultCiphers = ssf.getDefaultCipherSuites(); for (String cipher : defaultCiphers) { if ((cipher.startsWith(TLS_DHE) || cipher.startsWith(TLS_ECDHE)) !cipher.contains(DSS) !cipher.contains(RC4) !cipher.contains(DES)) { System.out.println(cipher); } } *TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384* *TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA *TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 *TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 2014-05-26 20:09 GMT+02:00 Christopher Schultz ch...@christopherschultz.net : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 5/25/14, 9:34 PM, Tim Whittington wrote: On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote: snip ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / Documentation aside, none of these cipher-suites are supported in Oracle Java 7. If you run the code I referenced elsewhere in this thread, you'll see that some of the components are available, just not in the combinations you have above: $ java -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' java version 1.7.0_55 Java(TM) SE Runtime Environment (build 1.7.0_55-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode) Supported SSL Protocols: TLSv1 (SunJSSE) TLSv1.1 (SunJSSE) TLSv1.2 (SunJSSE) Default Cipher Name * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_NULL_SHA256 So, you can get ECDHE_(ECDSA|RSA)_AES, but not with a 256-bit cipher. You can get a 128-bit cipher and a 256-bit hash, but not higher-bit hash functions. Oracle Java 7 has no GCM support (AIX does I think, but from memory the cipher suite names are different), and some of the cipher-suites don’t exist (see below). GCM was originally targeted for JDK 7 (which is why the cipher suite names and AEAD APIs in the JCE are there) but the implementation didn’t show up until JDK 8. I find no ciphers with 384-bit hashes in Oracle Java 8, but there are 256-bit ones -- at least in the Mac OS X build: $ /Library/Java/JavaVirtualMachines/disabled/jdk1.8.0.jdk/Contents/Home/bin/java - -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' java version 1.8.0-ea Java(TM) SE Runtime Environment (build 1.8.0-ea-b99) Java HotSpot(TM) 64-Bit Server VM (build 25.0-b41, mixed mode) * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_NULL_SHA256 So as Tim says, Oracle Java 7 doesn't support this stuff. And neither does Java 8. If you want higher-grade encryption (and you want it to run
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
On 27/05/2014, at 6:09 am, Christopher Schultz ch...@christopherschultz.net wrote: snip If you run the code I referenced elsewhere in this thread, you'll see that some of the components are available, just not in the combinations you have above: $ java -showversion -classpath build/ SSLInfo | grep '\(256\|384\)' java version 1.7.0_55 Java(TM) SE Runtime Environment (build 1.7.0_55-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode) Supported SSL Protocols: TLSv1 (SunJSSE) TLSv1.1 (SunJSSE) TLSv1.2 (SunJSSE) Default Cipher Name * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_NULL_SHA256 So, you can get ECDHE_(ECDSA|RSA)_AES, but not with a 256-bit cipher. You can get a 128-bit cipher and a 256-bit hash, but not higher-bit hash functions. Oracle Java 7 has no GCM support (AIX does I think, but from memory the cipher suite names are different), and some of the cipher-suites don’t exist (see below). GCM was originally targeted for JDK 7 (which is why the cipher suite names and AEAD APIs in the JCE are there) but the implementation didn’t show up until JDK 8. I find no ciphers with 384-bit hashes in Oracle Java 8, but there are 256-bit ones -- at least in the Mac OS X build: Do you have the unrestricted crypto policy files installed? Without those, 128 bit security ciphers (== 256 bit hashes) are suppressed. Cipher suites with SHA384 are definitely available on both JDK 7 and JDK 8 on OS X. I’m using the interactive mode of https://github.com/timw/groktls to dump these. tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote: snip ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / Documentation aside, none of these cipher-suites are supported in Oracle Java 7. Oracle Java 7 has no GCM support (AIX does I think, but from memory the cipher suite names are different), and some of the cipher-suites don’t exist (see below). GCM was originally targeted for JDK 7 (which is why the cipher suite names and AEAD APIs in the JCE are there) but the implementation didn’t show up until JDK 8. I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites This is not true for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265 or TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 in Java 7 or 8 (only SHA/ SHA384 or AES_128 variants of these are listed in the docs and reported by the JRE). i.e. for whatever reason, SHA384 and SHA are coupled with AES_256, and SHA256 and SHA are coupled with AES_128. The email trail Christopher linked should help you discover what’s available on the system you’re running on. cheers tim For the record, these are the ECDHE cipher suites supported in Oracle Java 7, excluding those that use SHA(1): Cipher Kx Au EncMode Key Str MacSize Unsafe TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHEECDSAAESCBC 256 (256) SHA384 384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHERSA AESCBC 256 (256) SHA384 384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHEECDSAAESCBC 128 (128) SHA256 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256ECDHERSA AESCBC 128 (128) SHA256 256 Oracle Java 8 adds the following ECDHE + GCM cipher suites (again not including SHA(1)) to the list above: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHEECDSAAESGCM 256 (256) SHA384 384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHEECDSAAESGCM 128 (128) SHA256 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHERSA AESGCM 256 (256) SHA384 384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHERSA AESGCM 128 (128) SHA256 256 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
When using JSSE it seems the cipher order is predetermined. http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html cipher suites supported by SunJSSE in preference order and the release in which they were introduced. 2014-05-24 1:15 GMT+02:00 Igor Cicimov icici...@gmail.com: On 24/05/2014 1:15 AM, Sverre Moe sverre@gmail.com wrote: NIO does support them according to the java documentation. I was refering to cipher order and tomcat7 connector documentation where only the apr connector supports the option SSLHonorCipherOrder http://tomcat.apache.org/tomcat-7.0-doc/config/http.html These ciphers have been implemented in the JSSE provider. I have no problem making a connection to Tomcat via a Java program using a HttpsConnection and are getting the highest cipher (TLS_ECDHE_RSA_WITH_ AES_256_GCM_SHA384). 2014-05-23 10:00 GMT+02:00 Igor Cicimov icici...@gmail.com: On 23/05/2014 5:43 PM, Sverre Moe sverre@gmail.com wrote: I am using the following ciphers in Tomcat: ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Somehow Chromium uses the last in that list. That is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Though it should support all these ciphers. Is there an ordering I could set so that i picks the first one? I think thats supported in APR only but not in BIO/NIO. But doublecheck that in the Connector docs please.
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
I have found out that the connector can use these ciphers, but Chromium can't. I wrote a small Java program that makes a HttpsConnection with Tomcat without problem. Output with -Djavax.net.debug=ssl main, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 167, 191, 12, 139, 75, 162, 8, 69, 1, 129, 65, 129 } *** main, WRITE: TLSv1.2 Handshake, length = 96 main, READ: TLSv1.2 Change Cipher Spec, length = 1 main, READ: TLSv1.2 Handshake, length = 96 *** Finished verify_data: { 4, 236, 148, 186, 214, 130, 187, 88, 249, 51, 183, 102 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, WRITE: TLSv1.2 Application Data, length = 224 main, READ: TLSv1.2 Application Data, length = 11472 It chose among these ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 If I also add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Then my little Java program uses only these and not the GCM ciphers. Chromium does not use GCM either if I throw along CBC ciphers. It seems neither Chromium, Firefox or Opera supports these higher ciphers. No AES_256_GCM and no SHA384. 2014-05-23 0:53 GMT+02:00 Igor Cicimov icici...@gmail.com: On 21/05/2014 8:22 PM, Sverre Moe sverre@gmail.com wrote: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true sslProtocol=TLSv1.2 sslEnabledProtocols=TLSv1.2 keyAlias=tomcat keystoreFile=/usr/share/tomcat/.keystore keystorePass=** keystoreType=JKS ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites According to the implementation in JSSE provider they are implemented as well to work with TLSv1.2 http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Footnote 1(Java7) Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. Also how come SSLLabs SSLTest tells me I do not have forward secrecy and are using RC4 ciphers. Thought when I set a limited list of ciphers only those can be used. I tried to edit /usr/sbin/tomcat-sysd (which is started by service tomcat) to enable SSL debugging, but nothing shows up in the log files Have you tried starting tomcat with -Djavax.net.debug=ssl option? You can also narrow it down like -Djavax.net.debug=ssl:handshake for example. In case you would really like to have those ciphers in is the apr connector an option for you?
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
NSA: So, how much do you want to not actually *use* string ciphers with perfect forward secrecy? Mozilla,Google,Opera,et-al: Hey, that's a business model RIGHT THERE! How much do you even have? NSA: How about, not being put out of business permanently, family members keeping up their low incidence of accidental deaths? Cryptographically-savvy: *Sigh* World: Hang on, I'll just quickly email you that password ... *David BullockMachaira Enterprises Pty Ltd * PO Box 31 Canowindra NSW 2804 02 6344 1100 http://machaira.com.au/ On 23 May 2014 16:13, Sverre Moe sverre@gmail.com wrote: I have found out that the connector can use these ciphers, but Chromium can't. I wrote a small Java program that makes a HttpsConnection with Tomcat without problem. Output with -Djavax.net.debug=ssl main, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 167, 191, 12, 139, 75, 162, 8, 69, 1, 129, 65, 129 } *** main, WRITE: TLSv1.2 Handshake, length = 96 main, READ: TLSv1.2 Change Cipher Spec, length = 1 main, READ: TLSv1.2 Handshake, length = 96 *** Finished verify_data: { 4, 236, 148, 186, 214, 130, 187, 88, 249, 51, 183, 102 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, WRITE: TLSv1.2 Application Data, length = 224 main, READ: TLSv1.2 Application Data, length = 11472 It chose among these ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 If I also add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Then my little Java program uses only these and not the GCM ciphers. Chromium does not use GCM either if I throw along CBC ciphers. It seems neither Chromium, Firefox or Opera supports these higher ciphers. No AES_256_GCM and no SHA384. 2014-05-23 0:53 GMT+02:00 Igor Cicimov icici...@gmail.com: On 21/05/2014 8:22 PM, Sverre Moe sverre@gmail.com wrote: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true sslProtocol=TLSv1.2 sslEnabledProtocols=TLSv1.2 keyAlias=tomcat keystoreFile=/usr/share/tomcat/.keystore keystorePass=** keystoreType=JKS ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites According to the implementation in JSSE provider they are implemented as well to work with TLSv1.2 http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Footnote 1(Java7) Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. Also how come SSLLabs SSLTest tells me I do not have forward secrecy and are using RC4 ciphers. Thought when I set a limited list of ciphers only those can be used. I tried to edit /usr/sbin/tomcat-sysd (which is started by service tomcat) to enable SSL debugging, but nothing shows up in the log files Have you tried starting tomcat with -Djavax.net.debug=ssl option? You can also narrow it down like -Djavax.net.debug=ssl:handshake for example. In case you would really like to have those ciphers in is the apr connector an option for you?
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
I am using the following ciphers in Tomcat: ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Somehow Chromium uses the last in that list. That is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Though it should support all these ciphers. Is there an ordering I could set so that i picks the first one? 2014-05-23 8:52 GMT+02:00 David Bullock david.bull...@machaira.com.au: NSA: So, how much do you want to not actually *use* string ciphers with perfect forward secrecy? Mozilla,Google,Opera,et-al: Hey, that's a business model RIGHT THERE! How much do you even have? NSA: How about, not being put out of business permanently, family members keeping up their low incidence of accidental deaths? Cryptographically-savvy: *Sigh* World: Hang on, I'll just quickly email you that password ... *David BullockMachaira Enterprises Pty Ltd * PO Box 31 Canowindra NSW 2804 02 6344 1100 http://machaira.com.au/ On 23 May 2014 16:13, Sverre Moe sverre@gmail.com wrote: I have found out that the connector can use these ciphers, but Chromium can't. I wrote a small Java program that makes a HttpsConnection with Tomcat without problem. Output with -Djavax.net.debug=ssl main, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 167, 191, 12, 139, 75, 162, 8, 69, 1, 129, 65, 129 } *** main, WRITE: TLSv1.2 Handshake, length = 96 main, READ: TLSv1.2 Change Cipher Spec, length = 1 main, READ: TLSv1.2 Handshake, length = 96 *** Finished verify_data: { 4, 236, 148, 186, 214, 130, 187, 88, 249, 51, 183, 102 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, WRITE: TLSv1.2 Application Data, length = 224 main, READ: TLSv1.2 Application Data, length = 11472 It chose among these ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 If I also add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Then my little Java program uses only these and not the GCM ciphers. Chromium does not use GCM either if I throw along CBC ciphers. It seems neither Chromium, Firefox or Opera supports these higher ciphers. No AES_256_GCM and no SHA384. 2014-05-23 0:53 GMT+02:00 Igor Cicimov icici...@gmail.com: On 21/05/2014 8:22 PM, Sverre Moe sverre@gmail.com wrote: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true sslProtocol=TLSv1.2 sslEnabledProtocols=TLSv1.2 keyAlias=tomcat keystoreFile=/usr/share/tomcat/.keystore keystorePass=** keystoreType=JKS ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites According to the implementation in JSSE provider they are implemented as well to work with TLSv1.2 http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Footnote 1(Java7) Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. Also how come SSLLabs SSLTest tells me I do not have forward secrecy and are using RC4 ciphers. Thought when I set a limited list of ciphers only those can be used. I tried to edit /usr/sbin/tomcat-sysd (which is started by service tomcat) to enable SSL debugging, but nothing shows up in the log files Have you tried starting tomcat with -Djavax.net.debug=ssl option? You can also narrow it down like -Djavax.net.debug=ssl:handshake for example. In case you would really like to have those ciphers in is the apr connector an option for you?
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
On 23/05/2014 5:43 PM, Sverre Moe sverre@gmail.com wrote: I am using the following ciphers in Tomcat: ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Somehow Chromium uses the last in that list. That is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Though it should support all these ciphers. Is there an ordering I could set so that i picks the first one? I think thats supported in APR only but not in BIO/NIO. But doublecheck that in the Connector docs please.
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
NIO does support them according to the java documentation. These ciphers have been implemented in the JSSE provider. I have no problem making a connection to Tomcat via a Java program using a HttpsConnection and are getting the highest cipher (TLS_ECDHE_RSA_WITH_ AES_256_GCM_SHA384). 2014-05-23 10:00 GMT+02:00 Igor Cicimov icici...@gmail.com: On 23/05/2014 5:43 PM, Sverre Moe sverre@gmail.com wrote: I am using the following ciphers in Tomcat: ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Somehow Chromium uses the last in that list. That is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Though it should support all these ciphers. Is there an ordering I could set so that i picks the first one? I think thats supported in APR only but not in BIO/NIO. But doublecheck that in the Connector docs please.
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
On 24/05/2014 1:15 AM, Sverre Moe sverre@gmail.com wrote: NIO does support them according to the java documentation. I was refering to cipher order and tomcat7 connector documentation where only the apr connector supports the option SSLHonorCipherOrder http://tomcat.apache.org/tomcat-7.0-doc/config/http.html These ciphers have been implemented in the JSSE provider. I have no problem making a connection to Tomcat via a Java program using a HttpsConnection and are getting the highest cipher (TLS_ECDHE_RSA_WITH_ AES_256_GCM_SHA384). 2014-05-23 10:00 GMT+02:00 Igor Cicimov icici...@gmail.com: On 23/05/2014 5:43 PM, Sverre Moe sverre@gmail.com wrote: I am using the following ciphers in Tomcat: ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Somehow Chromium uses the last in that list. That is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Though it should support all these ciphers. Is there an ordering I could set so that i picks the first one? I think thats supported in APR only but not in BIO/NIO. But doublecheck that in the Connector docs please.
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sverre, On 5/21/14, 6:21 AM, Sverre Moe wrote: I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. http://markmail.org/message/zn4namfhypyxum23 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTfh+3AAoJEBzwKT+lPKRY3K8P/jNju+Ixf4+PTGh4mhX+hE2T DFLnX0mRDlL3wLMNQ7WmzSz64b9Ac11xWZXZYOJIOc4RIeDgEmhucfefjMvLKcUC eHCvxE8lrNf22OR43fu1s0MvTO8w9SBkcUlIZBZ6ZMsBlZgNeFuU51zMqGck79xm H5ayuA8n8d7AGxFoYJd2FknSaxBySVnf0DFwHeb5AdhLm8jdNQFttPU7nswY93Mu CvuqoE2TKGZ+mHscDR1p5b9wiWYOiPGvoaUHUAcrIqkkm3b61J+rPJgj53j7/DUP o6rqbw0B4mHST+wM1/PkJk2JIIOFHyhyWR0h9Pj061LREKEVV4yHPSJ0DGfHxMiJ PaAI6pLB/DgfYyFD/UN+6kpvl8Md/JeU5MAxZoqTr9stQg1z4UgJmqdJenGjo1F8 cQTKED/PM/k+o1/fI+/UPtWb/afxJkCLJJXCPCJn4HGuFBxh4EFMNxDZAMhdJr/u SPasBu0MgHgxK7SFf+HO7nfrrG1JWsuEQIutGDEsVSBfQA21nk2nhfi7UmVjcF9Z h7w1SFgLzpp4a5d+iY1ynoVtQY0Tkn8U2aNWpjlai2s0QkV2JJ4LCL0ofuiacUNF Ym60VscDdOxUM7iMxVK/WZ6AvlSsCvlHiEoAqD0VvGWqe3zwMHZGDHZ65IrhkIZL /Gh5c1tkTq6Ifkkk1xxg =kp7V -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
On 21/05/2014 8:22 PM, Sverre Moe sverre@gmail.com wrote: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true sslProtocol=TLSv1.2 sslEnabledProtocols=TLSv1.2 keyAlias=tomcat keystoreFile=/usr/share/tomcat/.keystore keystorePass=** keystoreType=JKS ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites According to the implementation in JSSE provider they are implemented as well to work with TLSv1.2 http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Footnote 1(Java7) Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. Also how come SSLLabs SSLTest tells me I do not have forward secrecy and are using RC4 ciphers. Thought when I set a limited list of ciphers only those can be used. I tried to edit /usr/sbin/tomcat-sysd (which is started by service tomcat) to enable SSL debugging, but nothing shows up in the log files Have you tried starting tomcat with -Djavax.net.debug=ssl option? You can also narrow it down like -Djavax.net.debug=ssl:handshake for example. In case you would really like to have those ciphers in is the apr connector an option for you?
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
Setting only these ciphers in the JSSE connector: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 I wrote a small Java program that makes a HttpsConnection. With it I have no problem making a connection and getting these ciphers. So how come it doesn't work in any browser? As far as I could see Chromium should have support for AES256-GCM. main, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 167, 191, 12, 139, 75, 162, 8, 69, 1, 129, 65, 129 } *** main, WRITE: TLSv1.2 Handshake, length = 96 main, READ: TLSv1.2 Change Cipher Spec, length = 1 main, READ: TLSv1.2 Handshake, length = 96 *** Finished verify_data: { 4, 236, 148, 186, 214, 130, 187, 88, 249, 51, 183, 102 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, WRITE: TLSv1.2 Application Data, length = 224 main, READ: TLSv1.2 Application Data, length = 11472 If I also add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Then my little Java program uses only these and not the GCM ciphers. 2014-05-21 12:21 GMT+02:00 Sverre Moe sverre@gmail.com: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true sslProtocol=TLSv1.2 sslEnabledProtocols=TLSv1.2 keyAlias=tomcat keystoreFile=/usr/share/tomcat/.keystore keystorePass=** keystoreType=JKS ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites According to the implementation in JSSE provider they are implemented as well to work with TLSv1.2 http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Footnote 1(Java7) Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. Also how come SSLLabs SSLTest tells me I do not have forward secrecy and are using RC4 ciphers. Thought when I set a limited list of ciphers only those can be used. I tried to edit /usr/sbin/tomcat-sysd (which is started by service tomcat) to enable SSL debugging, but nothing shows up in the log files exec ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ -classpath $CLASSPATH \ -Dcatalina.base=$CATALINA_BASE \ -Dcatalina.home=$CATALINA_HOME \ -Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \ -Djava.io.tmpdir=$CATALINA_TMPDIR ${DSECURITY_MANAGER} \ -Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties \ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ -Djavax.net.debug=ssl \ org.apache.catalina.startup.Bootstrap start
Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384
It looks to me that Chromium does not support the strongest ciphers. The strongest/highest cipher available is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 No support for SHA384 and no AES_256_GCM https://www.ssllabs.com/ssltest/viewMyClient.html Cipher Suites (in order of preference)TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy128TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy128TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) Forward Secrecy128TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy128TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy128TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy256TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) Forward Secrecy128TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) Forward Secrecy128TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy128TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy*128TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy256TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)128TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)128TLS_RSA_WITH_AES_256_CBC_SHA (0x35)256TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)112TLS_RSA_WITH_RC4_128_SHA (0x5)128TLS_RSA_WITH_RC4_128_MD5 (0x4)128(*) Cannot be used for Forward Secrecy because they require DSS keys, which are effectively limited to 1024 bits. 2014-05-21 21:24 GMT+02:00 Sverre Moe sverre@gmail.com: Setting only these ciphers in the JSSE connector: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 I wrote a small Java program that makes a HttpsConnection. With it I have no problem making a connection and getting these ciphers. So how come it doesn't work in any browser? As far as I could see Chromium should have support for AES256-GCM. main, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 167, 191, 12, 139, 75, 162, 8, 69, 1, 129, 65, 129 } *** main, WRITE: TLSv1.2 Handshake, length = 96 main, READ: TLSv1.2 Change Cipher Spec, length = 1 main, READ: TLSv1.2 Handshake, length = 96 *** Finished verify_data: { 4, 236, 148, 186, 214, 130, 187, 88, 249, 51, 183, 102 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, WRITE: TLSv1.2 Application Data, length = 224 main, READ: TLSv1.2 Application Data, length = 11472 If I also add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Then my little Java program uses only these and not the GCM ciphers. 2014-05-21 12:21 GMT+02:00 Sverre Moe sverre@gmail.com: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true sslProtocol=TLSv1.2 sslEnabledProtocols=TLSv1.2 keyAlias=tomcat keystoreFile=/usr/share/tomcat/.keystore keystorePass=** keystoreType=JKS ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256 / I have tried running Tomcat with Java 7 and Java 8. Both of these should support CBC_SHA256 and CBC_SHA384, but only Java 8 supports GCM_SHA384. I have downloaded the Java cryptographic extensions policy files for both Java 7 and Java 8. The only way I get a connection is when I add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA According to the specification all these ciphers are correct names: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites According to the implementation in JSSE provider they are implemented as well to work with TLSv1.2 http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider Footnote 1(Java7) Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. Also how come SSLLabs SSLTest tells me I do not have forward secrecy and are using RC4 ciphers. Thought when I set a limited list of ciphers only those can be used. I tried to edit /usr/sbin/tomcat-sysd (which is started by service tomcat) to enable SSL debugging, but nothing shows up in the log files exec ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ -classpath $CLASSPATH \ -Dcatalina.base=$CATALINA_BASE \ -Dcatalina.home=$CATALINA_HOME \ -Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \ -Djava.io.tmpdir=$CATALINA_TMPDIR ${DSECURITY_MANAGER} \ -Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties \ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ -Djavax.net.debug=ssl \ org.apache.catalina.startup.Bootstrap start