Bug report: Default TLS version needs to be greater then 1.1

[Aryeh Friedman <ar...@gmail.com>]

As of the latest upgrade of Safari Apple now gives a warning dialog if a
site uses https with TLS 1.0 or 1.1 (as per the NSA directive to
discontinue all use of said versions).

Tomcat 9.0.35 (the latest available via ports on FreeBSD) defaults to TLS
1.1 when SSLProtocol="TLS".   As per the above warning in Safari and the
reason for it shouldn't Tomcat default to 1.2+ (I fixed it by adding
sslEnabledProtocols="TLSv1.2" which as far I was able to determine is not
documented anywhere except for the following on StackOverflow:
https://stackoverflow.com/questions/9749339/does-tomcat-support-tls-v1-2)

-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org

Re: Bug report: Default TLS version needs to be greater then 1.1

[Christopher Schultz <ch...@christopherschultz.net>]

Aryeh,

On 1/12/21 14:00, Aryeh Friedman wrote:
> As of the latest upgrade of Safari Apple now gives a warning dialog if a
> site uses https with TLS 1.0 or 1.1 (as per the NSA directive to
> discontinue all use of said versions).

No directive from the US NSA. It's a recommendation. Apple and other 
browser vendors apply their own policies for this kind of thing. As of 
March 2020 (last year!), Firefox *disabled* TLSv1 and TLSv1.1 by 
default, then backed-off because apparently COVID-19 interferes with 
TLSv1.2 handshakes. Google deprecated those protocols a few months 
earlier and now they are disabled.

> Tomcat 9.0.35 (the latest available via ports on FreeBSD) defaults to TLS
> 1.1 when SSLProtocol="TLS".

No, it doesn't. The default is to support TLSv1, TLSv1.1, TLSv1.2, and 
TLSv1.3.

> As per the above warning in Safari and the reason for it shouldn't 
> Tomcat default to 1.2+ (I fixed it by adding 
> sslEnabledProtocols="TLSv1.2" which as far I was able to determine
> is not documented anywhere except for the following on StackOverflow:
>  
> https://stackoverflow.com/questions/9749339/does-tomcat-support-tls-v1-2)
It might surprise you to know that it's documented in Tomcat's user guide:
http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

The sslEnabledProtocols attribute on a <Connector> was replaced a long 
time ago by the "protocols" attribute on an <SSLHostConfig>. It shoudl 
continue to work, but you are encouraged to use the new-style 
configuration as it's much more flexible and more obvious what's happening.

Note that the client is in full control of the client "hello" portion of 
the TLS handshake where it advertises the protocol versions it wants to 
use. If it doesn't advertise "TLSv1.2" then you probably won't get that 
protocol.

What you have done is disable versions below TLSv1.2, which is why 
Safari doesn't complain. My guess is that Safari tries the lowest 
protocol it understands first instead of trying to connect using the 
latest version first, and you see this error.

To answer your question/statement about changing the default "protocols" 
to be TLSv1.2 (and not include the other protocols) in Tomcat, this is a 
choice for administrators to make. Changing the default may cause a lot 
of damage downstream.

That said, we should probably change the default for Tomcat 10+ to be 
"TLSv1.2". I'll raise that on the dev@ list.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org