You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Robinson <ma...@mrobinson.ca> on 2015/11/24 18:36:27 UTC
TLS fails in Firefox and Chrome
I'm having this problem with TLS in Firefox and Chrome. Some of my
requests are failing with an SSL MAC Bad Read error. I'm using Tomcat
8.0.24 on Java 8.0_u66 / Ubuntu 14.04. So it works fine with IE, and
if I disable some ciphers then it works.
If I disable these ciphers TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, then it works just fine.
I've tried installing the Unlimited policy file.
Has anyone else experienced this? Is there a known problem with these ciphers?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS fails in Firefox and Chrome
Posted by Mark Robinson <ma...@mrobinson.ca>.
Thanks Chris,
My debugging procedure started with listing all the ciphers in tomcat
explicitly, then I tried winnowing down the list until it worked. I
did use an extension in FF that let me disable certain ciphers
completely. It's possible that the preference order is different and
your browser chose something else. I might try again with the
APR/OpenSSL implementation and see if that is any more effective. Of
course, it might be an FF bug so I'll double check that as well.
I'll definitely remove the insecure ciphers.
Mark
On Wed, Nov 25, 2015 at 8:24 AM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> Mark,
>
> On 11/24/15 1:56 PM, Mark Robinson wrote:
>> My config is pretty vanilla.
>>
>> <Connector
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> port="8443" maxThreads="200"
>> ciphers="TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_EMPTY_RENEGOTIATION_INFO_
> SCSV,TLS_DH_anon_WITH_AES_128_GCM_SHA256,TLS_DH_anon_WITH_AES_128_CBC_SHA256,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_DES_CBC_SHA,TLS_KRB5_WITH_DES_CBC_MD5,TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
>> scheme="https" secure="true" SSLEnabled="true"
>> keystoreFile="conf/keystore.jks" keystorePass="changeit"
>> clientAuth="false" sslProtocol="TLS"/>
>>
>> This fails, because of the three problematic ciphers.
>
>
> I'm just going to list the ciphers you have in order here and make some
> comments.
>
> TLS_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> So the top 3 are giving you problems with ff and Chrome. I have ff using
> the second of those ciphers right now with a site I control, but SSL is
> being terminated by AWS ELB (likely some variant of haproxy).
>
> I just configured Tomcat 9 with sslProtocol="TLS" and I was able to
> connect using OpenSSL s_client -tls1_2 but not with other options. I was
> also unable to connect with Firefox 42, but Chrome 46 and Safari 9 can
> connect. I didn't try any versions of MSIE.
>
> Note that the TLS_RSA_WITH_AES_128_GCM_SHA256 algorithm is defined by
> TLSv1.2 and not before, thus only a TLSv1.2 handshake should be able to
> negotiate them.
>
> I added SSL_RSA_WITH_3DES_EDE_CBC_SHA, a cipher defined in TLSv1
> (arbitrarily-chosen), and now all browsers can connect. Strange that
> Firefox doesn't want to negotiate with only TLSv1.2 ciphers...
>
> When Firefox connects, it negotiates the 3DES cipher instead of the
> higher-security TLS_* ciphers. I wonder if Firefox doesn't support the
> RSA version of these ciphers, and I have an RSA key and no DHE key for
> my test server. Thus, Firefox can't negotiate until I supply a cipher
> that it does support.
>
> I can see that Chrome is using the DHE_RSA flavor when it handshakes. I
> think this is truly an issue of Firefox simply not supporting the
> ciphers you have chosen.
>
> Let's look at the rest of the list:
>
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_RSA_WITH_AES_128_CBC_SHA256
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> TLS_RSA_WITH_AES_128_CBC_SHA
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
> SSL_RSA_WITH_3DES_EDE_CBC_SHA !
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA !
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA !
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV
>
> Those listed above which I've annotated with a ! are somewhat low on
> security, as defined as having only 112 bits. Everything below this line
> should never be used unless you (a) don't actually care about security
> or (b) have other controls in place to mitigate the problems with those
> ciphers.
>
> The problems with the following ciphers are, in no particular order:
>
> 1. No authentication of the server ("anon")
> 2. No actual encryption is being used ("NULL")
> 3. Encryption is intentionally weak ("EXPORT")
> 4. Use of MD5 hash algorithm ("MD5")
> 5. Use of SHA1 hash algorhtm ("SHA")
>
> As for the list above... I'm not entirely sure why Firefox and Chrome
> would have a problem with them. I'll have to re-configure my test server
> and see what happens. Obviously, for me, adding the
> SSL_RSA_WITH_3DES_EDE_CBC_SHA already allowed Firefox to connect, so
> something else must be wrong with your configuration (or client).
>
> TLS_DH_anon_WITH_AES_128_GCM_SHA256 !
> TLS_DH_anon_WITH_AES_128_CBC_SHA256 !
> TLS_ECDH_anon_WITH_AES_128_CBC_SHA !
> TLS_DH_anon_WITH_AES_128_CBC_SHA !
> TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA !
> SSL_DH_anon_WITH_3DES_EDE_CBC_SHA !
> SSL_RSA_WITH_DES_CBC_SHA !
> SSL_DHE_RSA_WITH_DES_CBC_SHA !
> SSL_DHE_DSS_WITH_DES_CBC_SHA !
> SSL_DH_anon_WITH_DES_CBC_SHA !
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA !
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA !
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA !
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA !
> TLS_RSA_WITH_NULL_SHA256 !
> TLS_ECDHE_ECDSA_WITH_NULL_SHA !
> TLS_ECDHE_RSA_WITH_NULL_SHA !
> SSL_RSA_WITH_NULL_SHA !
> TLS_ECDH_ECDSA_WITH_NULL_SHA !
> TLS_ECDH_RSA_WITH_NULL_SHA !
> TLS_ECDH_anon_WITH_NULL_SHA !
> SSL_RSA_WITH_NULL_MD5 !
> TLS_KRB5_WITH_3DES_EDE_CBC_SHA !
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5 !
> TLS_KRB5_WITH_DES_CBC_SHA !
> TLS_KRB5_WITH_DES_CBC_MD5 !
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA !
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 !
>
> -chris
>
>> As far as I know I'm not using any system properties to control JSSE.
>>
>> On Tue, Nov 24, 2015 at 10:16 AM, Christopher Schultz
>> <ch...@christopherschultz.net> wrote:
>>> Mark,
>>>
>>> On 11/24/15 12:36 PM, Mark Robinson wrote:
>>>> I'm having this problem with TLS in Firefox and Chrome. Some of my
>>>> requests are failing with an SSL MAC Bad Read error. I'm using Tomcat
>>>> 8.0.24 on Java 8.0_u66 / Ubuntu 14.04. So it works fine with IE, and
>>>> if I disable some ciphers then it works.
>>>>
>>>> If I disable these ciphers TLS_RSA_WITH_AES_128_GCM_SHA256,
>>>> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, then it works just fine.
>>>>
>>>> I've tried installing the Unlimited policy file.
>>>>
>>>> Has anyone else experienced this? Is there a known problem with these ciphers?
>>>
>>> When your config isn't working, what does your <Connector> configuration
>>> look like? Remember to sanitize the config to remove any secrets.
>>>
>>> Also, are you using any related system properties to control JSSE, etc.?
>>>
>>> -chris
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS fails in Firefox and Chrome
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 11/24/15 1:56 PM, Mark Robinson wrote:
> My config is pretty vanilla.
>
> <Connector
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" maxThreads="200"
> ciphers="TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_
SCSV,TLS_DH_anon_WITH_AES_128_GCM_SHA256,TLS_DH_anon_WITH_AES_128_CBC_SHA256,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_DES_CBC_SHA,TLS_KRB5_WITH_DES_CBC_MD5,TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
> scheme="https" secure="true" SSLEnabled="true"
> keystoreFile="conf/keystore.jks" keystorePass="changeit"
> clientAuth="false" sslProtocol="TLS"/>
>
> This fails, because of the three problematic ciphers.
I'm just going to list the ciphers you have in order here and make some
comments.
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
So the top 3 are giving you problems with ff and Chrome. I have ff using
the second of those ciphers right now with a site I control, but SSL is
being terminated by AWS ELB (likely some variant of haproxy).
I just configured Tomcat 9 with sslProtocol="TLS" and I was able to
connect using OpenSSL s_client -tls1_2 but not with other options. I was
also unable to connect with Firefox 42, but Chrome 46 and Safari 9 can
connect. I didn't try any versions of MSIE.
Note that the TLS_RSA_WITH_AES_128_GCM_SHA256 algorithm is defined by
TLSv1.2 and not before, thus only a TLSv1.2 handshake should be able to
negotiate them.
I added SSL_RSA_WITH_3DES_EDE_CBC_SHA, a cipher defined in TLSv1
(arbitrarily-chosen), and now all browsers can connect. Strange that
Firefox doesn't want to negotiate with only TLSv1.2 ciphers...
When Firefox connects, it negotiates the 3DES cipher instead of the
higher-security TLS_* ciphers. I wonder if Firefox doesn't support the
RSA version of these ciphers, and I have an RSA key and no DHE key for
my test server. Thus, Firefox can't negotiate until I supply a cipher
that it does support.
I can see that Chrome is using the DHE_RSA flavor when it handshakes. I
think this is truly an issue of Firefox simply not supporting the
ciphers you have chosen.
Let's look at the rest of the list:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA !
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA !
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA !
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Those listed above which I've annotated with a ! are somewhat low on
security, as defined as having only 112 bits. Everything below this line
should never be used unless you (a) don't actually care about security
or (b) have other controls in place to mitigate the problems with those
ciphers.
The problems with the following ciphers are, in no particular order:
1. No authentication of the server ("anon")
2. No actual encryption is being used ("NULL")
3. Encryption is intentionally weak ("EXPORT")
4. Use of MD5 hash algorithm ("MD5")
5. Use of SHA1 hash algorhtm ("SHA")
As for the list above... I'm not entirely sure why Firefox and Chrome
would have a problem with them. I'll have to re-configure my test server
and see what happens. Obviously, for me, adding the
SSL_RSA_WITH_3DES_EDE_CBC_SHA already allowed Firefox to connect, so
something else must be wrong with your configuration (or client).
TLS_DH_anon_WITH_AES_128_GCM_SHA256 !
TLS_DH_anon_WITH_AES_128_CBC_SHA256 !
TLS_ECDH_anon_WITH_AES_128_CBC_SHA !
TLS_DH_anon_WITH_AES_128_CBC_SHA !
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA !
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA !
SSL_RSA_WITH_DES_CBC_SHA !
SSL_DHE_RSA_WITH_DES_CBC_SHA !
SSL_DHE_DSS_WITH_DES_CBC_SHA !
SSL_DH_anon_WITH_DES_CBC_SHA !
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA !
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA !
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA !
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA !
TLS_RSA_WITH_NULL_SHA256 !
TLS_ECDHE_ECDSA_WITH_NULL_SHA !
TLS_ECDHE_RSA_WITH_NULL_SHA !
SSL_RSA_WITH_NULL_SHA !
TLS_ECDH_ECDSA_WITH_NULL_SHA !
TLS_ECDH_RSA_WITH_NULL_SHA !
TLS_ECDH_anon_WITH_NULL_SHA !
SSL_RSA_WITH_NULL_MD5 !
TLS_KRB5_WITH_3DES_EDE_CBC_SHA !
TLS_KRB5_WITH_3DES_EDE_CBC_MD5 !
TLS_KRB5_WITH_DES_CBC_SHA !
TLS_KRB5_WITH_DES_CBC_MD5 !
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA !
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 !
-chris
> As far as I know I'm not using any system properties to control JSSE.
>
> On Tue, Nov 24, 2015 at 10:16 AM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> Mark,
>>
>> On 11/24/15 12:36 PM, Mark Robinson wrote:
>>> I'm having this problem with TLS in Firefox and Chrome. Some of my
>>> requests are failing with an SSL MAC Bad Read error. I'm using Tomcat
>>> 8.0.24 on Java 8.0_u66 / Ubuntu 14.04. So it works fine with IE, and
>>> if I disable some ciphers then it works.
>>>
>>> If I disable these ciphers TLS_RSA_WITH_AES_128_GCM_SHA256,
>>> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, then it works just fine.
>>>
>>> I've tried installing the Unlimited policy file.
>>>
>>> Has anyone else experienced this? Is there a known problem with these ciphers?
>>
>> When your config isn't working, what does your <Connector> configuration
>> look like? Remember to sanitize the config to remove any secrets.
>>
>> Also, are you using any related system properties to control JSSE, etc.?
>>
>> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS fails in Firefox and Chrome
Posted by Mark Robinson <ma...@mrobinson.ca>.
My config is pretty vanilla.
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
ciphers="TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV,TLS_DH_anon_WITH_AES_128_GCM_SHA256,TLS_DH_anon_WITH_AES_128_CBC_SHA256,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_DES_CBC_SHA,TLS_KRB5_WITH_DES_CBC_MD5,TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/keystore.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
This fails, because of the three problematic ciphers.
As far as I know I'm not using any system properties to control JSSE.
On Tue, Nov 24, 2015 at 10:16 AM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> Mark,
>
> On 11/24/15 12:36 PM, Mark Robinson wrote:
>> I'm having this problem with TLS in Firefox and Chrome. Some of my
>> requests are failing with an SSL MAC Bad Read error. I'm using Tomcat
>> 8.0.24 on Java 8.0_u66 / Ubuntu 14.04. So it works fine with IE, and
>> if I disable some ciphers then it works.
>>
>> If I disable these ciphers TLS_RSA_WITH_AES_128_GCM_SHA256,
>> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, then it works just fine.
>>
>> I've tried installing the Unlimited policy file.
>>
>> Has anyone else experienced this? Is there a known problem with these ciphers?
>
> When your config isn't working, what does your <Connector> configuration
> look like? Remember to sanitize the config to remove any secrets.
>
> Also, are you using any related system properties to control JSSE, etc.?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS fails in Firefox and Chrome
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 11/24/15 12:36 PM, Mark Robinson wrote:
> I'm having this problem with TLS in Firefox and Chrome. Some of my
> requests are failing with an SSL MAC Bad Read error. I'm using Tomcat
> 8.0.24 on Java 8.0_u66 / Ubuntu 14.04. So it works fine with IE, and
> if I disable some ciphers then it works.
>
> If I disable these ciphers TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, then it works just fine.
>
> I've tried installing the Unlimited policy file.
>
> Has anyone else experienced this? Is there a known problem with these ciphers?
When your config isn't working, what does your <Connector> configuration
look like? Remember to sanitize the config to remove any secrets.
Also, are you using any related system properties to control JSSE, etc.?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org