Here's a Tomcat puzzler with TLS protocols (and I've already got it on the Tomcat Users' list server)

Question

I have a Tomcat 8.5 server running on an Amazon Linux EC2 Linux instance. Tomcat is running on port 8443, with IPTables remapping 443 to it.

I've changed the "sslProtocol" clause of the connector to specify TLS 1.2 protocol. And the change doesn't work: it 's still accepting TLS 1.0 and 1.1 as well as 1.2. Anybody know what the problem could be?

The Connector looks like this (sensitive information redacted):

<Connector port="8443" proxyPort="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json"
               maxThreads="1000" socket.appReadBufSize="1024" socket.appWriteBufSize="1024" bufferSize="1024" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="/etc/tomcat8/dev.REDACTED.net.ks" keyAlias="REDACTED" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,               TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
               TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
               clientAuth="false" sslProtocol="TLSv1.2" />

(previously, the "sslProtocol" clause was 'sslProtocol="TLS"')

The same "sslProtocol" clause works just fine in the connector tag of a Tomcat 7 server running on a customer's AS/400, restricting it to TLS 1.2.

Probably because of all the weak ciphers you specified in there. — Michael Hampton, Jul 18 '20 at 00:48

dave_thompson_085 · Answer 1 · 2020-07-18T02:51:19.080

From the documentation for Connector (formatting simplified because doing HTML on Stack is too hard)

sslProtocol This is an alias for the sslProtocol attribute of the SSLHostConfig element with the hostName of default. If this SSLHostConfig element is not explicitly defined, it will be created.

and for SSLHostConfig (ditto)

sslProtocol JSSE only. The SSL protocol(s) to use (a single value may enable multiple protocols - see the JVM documentation for details). If not specified, the default is TLS. The permitted values may be obtained from the JVM documentation for the allowed values for algorithm when creating an SSLContext instance e.g. Oracle Java 7. Note: There is overlap between this attribute and protocols.

In other words, this is the value passed to SSLContext.getInstance(). Since you don't identify your Java, I'll use context names for the current Oracle LTS version, 11 (emphasis added):

TLSv1.2 Supports RFC 5246: TLS version 1.2; may support other SSL/TLS versions

And the implementation of that context in the SunJSSE provider enables TLSv1 (which means 1.0), TLSv1.1, and TLSv1.2 -- in other words, it means "maximum 1.2". In older versions of Java it also enabled SSLv3, but that was removed as insecure after the POODLE attack a few years ago. (I love saying "POODLE attack", it just sounds so silly. :-)

The attribute that selectively controls the list of enabled protocols is protocols in SSLHostConfig -- mentioned (briefly) in the quote above -- or equivalently but spelled differently sslEnabledProtocols in Connector. In older versions (before 8.5 'merged' the configurations) it was SSLProtocol in Connector only when using OpenSSL/APR.

The same "sslProtocol" clause works just fine in the connector tag of a Tomcat 7 server running on a customer's AS/400, restricting it to TLS 1.2.

AS/400 is almost certainly using IBM Java rather than Sun-now-Oracle-now-OpenJDK. IBM licensed the source from Sun way back when, and guarantees compatibility with the Java specification defined by Sun -- which explicitly excluded, and still does, the cryptoproviders. IBM has its own cryptoproviders which are different from (though functionally very similar to) the Sun/Oracle/Open ones, so to know what it does for particular SSLContext's you need to find the IBM documentation on the (or some) IBM website, which I always find unnavigable. It may implement TLSv1.2 as "minimum 1.2".

PS: do you really have both RSA and ECC certs in your keystore? If not, much of that huge value you use for ciphers is useless, wasted clutter. Plus no sane client anywhere wants to use static-ECDH (or static-DH either) ciphersuites. Do you understand the very important difference between ECDH and ECDHE in TLS terminology?

score 0 · Accepted Answer · answered Jul 20 '20 at 15:48

0

The correct answer came in over the weekend, from the Tomcat Users list, straight from two of the developers:

sslEnabledProtocols="TLSv1.2"

answered Jul 20 '20 at 15:48

hbquikcomjamesl

259
2
16

Here's a Tomcat puzzler with TLS protocols (and I've already got it on the Tomcat Users' list server)

2 Answers2