1

I have configured our Tomcat 7 (jdk 7) server to only accept TLS (1, 1.1 & 1.2) protocols, to address POODLE. I have also disabled all DH cipher suites to achieve PCI DSS compliance.

Unfortunately this blocks all requests from IE8 browsers (on XP). Has anyone got around this issue.

IE8 seems to support the following non-weak ciphers: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

However jdk 7 does not.

Any help appreciated.

Kevin
  • 21
  • 2
  • Where did you get from that DH ciphers are not allowed for PCI compliance? As far as I know they are not required (which is completely different from not allowed) so some disable them because they have more computational overhead. But DH is the only way to get forward secrecy with older clients (like IE8). – Steffen Ullrich Oct 31 '14 at 21:16
  • From my PCI DSS ASV The remote SSL/TLS server accepts a weak Diffie-Hellman (DH) public key value. This flaw may aid an attacker in conducting a man-in-the-middle (MiTM) attack against the remote server since it could enable a forced calculation of a fully predictable Diffie-Hellman secret. – Kevin Nov 03 '14 at 11:46
  • This mainly affects systems using OpenSSL (which we don't). But it was flagging as a failure for compliance do I have removed those ciphers. – Kevin Nov 03 '14 at 11:47
  • Thus the problems were not the use of DH ciphers itself, but the use of a weak DH keypair together with these ciphers. I thought this should have been only relevant for OpenSSL 0.9.8 with FIPS mode. Since you are enabling TLS1.2 you cannot use OpenSSL 0.9.8 (which did not support TLS1.2). – Steffen Ullrich Nov 03 '14 at 12:39
  • Here's a similar question: http://serverfault.com/q/645567/216809 Looks like `SSL_RSA_WITH_RC4_128_SHA` is what you need – Edd Nov 20 '14 at 09:11

2 Answers2

1

This was resolved on Tomcat 7 with the following config:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" acceptCount="100" keystoreFile="XXXXXXXXX" keystorePass="XXXXXXXXX" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA"/>

Kevin
  • 21
  • 2
  • Surely `SSL_RSA_WITH_RC4_128_MD5` and `SSL_RSA_WITH_RC4_128_SHA` use SSL... that defeats the whole object – Edd Nov 14 '14 at 16:41
  • 1
    Edd, the sslProtocol="TLS" prevents tomcat from using the SSL protocol, which is the part vulnerable to Poodle. The ciphers prefixed with SSL_ in the list above are then exposed over "TLS_" - the cipher part is the same for both protocols under the bonnet. This was the original question. IE8 accepts the "TLS_" version but Tomcat wouldn't accept that as a cipher. Thanks for adding your findings – Kevin Nov 20 '14 at 10:11
0

SSL_RSA_WITH_RC4_128_SHA

This is an SSL Cipher, I think by enabling it you are still vulnerable to poodle. I have not found a work around for tomcat 7/Java 7 using JSSE or NIO. I switched to the APR connectors. In order to use them though you will need to be on the latest version of the native libraries/tomcat 1.0.32/7.0.57.

Steve
  • 1