You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Arthur Ramsey <ar...@mediture.com> on 2015/06/11 20:14:12 UTC
tcnative CVE-2015-4000 (Logjam)
Is anyone aware of a way to mitigate the Logjam attack with tomcat 7 and
java 7? I use tcnative and openssl-1.0.2a both compiled from source in
production today, but I would be open to JSSE too. I believe I need
Java 8 to mitigate CVE-2015-4000 with JSSE. I don't see anyway to use a
unique 2048-bit or greater DH group with tcnative currently. I'm not
sure if there is anything I can do at compile time. I'd rather not
change the cipher suites as I want to maintain browser support. My
server configuration passed the Qualys SSL Server Test with flying
colors until Logjam, so I would be worried about regressions on other
security fixes if I used JSSE.
Thanks,
Arthur
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rainer,
On 6/12/15 6:32 AM, Rainer Jung wrote:
> With existing 1.1.33 you can choose your cipher suite, so that
> non-DHE ciphers come first and set SSLHonorCipherOrder such that
> the client chooses the first matching cipher and DHE will likely
> not be used, only by client who do not support a cipher to the left
> of DHE in your cipher list.
A slight correction: the *server* chooses the cipher suite to be used,
not the client.
> Note that old Java versions as clients (6, maybe 7 depending on
> patch level?) have a problem with DHE keys longer than 768 or 1024
> bits (depending on JVM details). So by mitigating Logjam you might
> run into compatibility issues with those.
+1
> It would be interesting to know, what details SSLLabs tell you,
> e.g. if they say you are vulnerable to the export downgrade attack
> (really bad), or "just" to your DH params should be longer. You can
> use the OpenSSL commandline client in version 1.0.2 to check, what
> param length a handshake results in:
>
> openssl s_client -connect www.example.com:443 -cipher "EDH" | \
> grep "Server Temp Key"
>
> See: https://www.openssl.org/blog/
+1
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVetd7AAoJEBzwKT+lPKRYN7AQAIWyRymVO3NYefp/tdMU/9Kf
2uTnWgmL9j7iI9EeF8RwKNNBQBLWxJItEipsn44z6Cx16yh+ZbbI0ePKvSE3UBlQ
9lJfgRtHNfOLkUZQ0NWgl+cSAs8dfctN5Qpv9kSetO/IylRQE35uMN3UubNzieoo
qpS3ub28bstMVD7ATmgG7/Cyhap2IVbVVQ4/EiuaxuZkrE1Yp+JujJFJ1kktbync
rWC3EvYfQm2cThFXhwZQlewOqysvNkFh4wKLQf+SuVrVqBdrZ5CjrfkqfsrFqhRo
pORL+q60Ik+7vu6Cymb1GCgFU6nnb/NCe5yZ07jzcYg1ebmFuOL/cginrfzeirsU
CwZf/7XOblJToYLNGP/G33lmREPc4h/QOfnvcakjznkeKMRB6ijFEvcYTh5EOPfd
IaNCnAqhv+zD7R4W00QfMZRricUfrzhHlwGSoLrU49ct+wwbZXfqW8N2mQRz11Bx
LdsOVp2mitFvCFq0rf/88ZER+ub12NVYWiuJERtpV4mS2r3Hkck2wnj5pYIeLtti
9gl/8E8dNF5tuE/XnLreynHkEiUZov5KLszIihj5tgSbEmQkcr17RtkhnbTYFHq8
PsakYpaxactc8nBXvoi7Ev25VtOFUJzbG+jtQsJSscaE4dF4RnfruliBfTuLVzAh
/XqCtf1Q2y/9LW6EbRb4
=si8C
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Rainer Jung <ra...@kippdata.de>.
Am 12.06.2015 um 04:01 schrieb Christopher Schultz:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Arthur,
>
> On 6/11/15 4:34 PM, Arthur Ramsey wrote:
>> On 06/11/2015 02:35 PM, Christopher Schultz wrote: Arthur,
>>
>> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>>>>> Is anyone aware of a way to mitigate the Logjam attack with
>>>>> tomcat 7 and java 7?
>> Disable DHE_EXPORT on the server?
>>> I believe I have, but Qualys SSL Server Test still fails me on
>>> the Logjam check.
>>
>>> SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SH
> A256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-A
> ES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
> SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128
> - -SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
> SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-
> DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES25
> 6-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>
> You
>>>
> also have DHE-* ciphers in there, which is probably the problem.
> Remove those and I think Qualys will be happier. Really, who is using
> DHE in the first place?
>
>>>>> I use tcnative and openssl-1.0.2a both compiled from source
>>>>> in production today, but I would be open to JSSE too. I
>>>>> believe I need Java 8 to mitigate CVE-2015-4000 with JSSE.
>> Why?
>>> See
>>> http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-grou
> p-in-java-sslengine-to-prevent-logjam-attack
>
> Understood.
>>>
> I thought you just wanted to remove the EXPORT and DHE
> ciphers in general. Increasing the number of bits in the DH parameters
> will in fact require an upgrade.
>
>>>>> I don't see anyway to use a unique 2048-bit or greater DH
>>>>> group with tcnative currently.
>> I believe you are correct; there is a bug in BZ:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>>
>> It looks like 1.1.34 will have this feature. You can build the
>> current trunk of the 1.1 branch and probably be okay.
>>> Thanks, I'll give it a try. Scary to use in production, but it
>>> may be my best answer.
>>
>>>>> I'm not sure if there is anything I can do at compile time.
>>>>> I'd rather not change the cipher suites as I want to maintain
>>>>> browser support.
>> You should disable EXPORT certificates no matter what. Or were you
>> talking about the DH parameters?
>>> I was talking about DH parameters.
>>
>>>>> My server configuration passed the Qualys SSL Server Test
>>>>> with flying colors until Logjam, so I would be worried about
>>>>> regressions on other security fixes if I used JSSE.
>> -chris
>
> - -chris
There's two parts under Logjam:
- a downgrade attack that makes the real attack very feasible. The
downgrade only works if client and derver support the export ciphers (it
is not necessary that they are the preferred ciphers) and the attacker
is an active man-in-the-middle, ie. she can observe and change the
communication. In this case the encryption can be forced to use a 512
Bit key and is relatively easy to break.
To mitigate the downgrade attack, it should be posible to just disable
export ciphers on the server side, which is doable per configuration.
- in addition for non-export ciphers, key length of 768 bits and 1024
bits are assumed to be atackable depending on the computing ressources
tha attacker has at her hand. 768 is expected to be breakable using
academic computing ressources, 1024 bits using national computing resources.
To mitigate this, one should use longer keys. I think that is not
possible with current tcnative 1.1.33. Only the head of 1.1 has code to
allow that. This code would
- use a longer key automatically, if the key in the server
certificate is longer. E.g. a 2048 bit RSA key would lead to using also
a 2048 bit DHE key automatically. This 2048 DH params are standard DH
params but should nevertheless be safe due to their length.
- allows to add custom DH params to the certificate file to choose
completely custom DH params.
With existing 1.1.33 you can choose your cipher suite, so that non-DHE
ciphers come first and set SSLHonorCipherOrder such that the client
chooses the first matching cipher and DHE will likely not be used, only
by client who do not support a cipher to the left of DHE in your cipher
list.
Note that old Java versions as clients (6, maybe 7 depending on patch
level?) have a problem with DHE keys longer than 768 or 1024 bits
(depending on JVM details). So by mitigating Logjam you might run into
compatibility issues with those.
It would be interesting to know, what details SSLLabs tell you, e.g. if
they say you are vulnerable to the export downgrade attack (really bad),
or "just" to your DH params should be longer. You can use the OpenSSL
commandline client in version 1.0.2 to check, what param length a
handshake results in:
openssl s_client -connect www.example.com:443 -cipher "EDH" | \
grep "Server Temp Key"
See: https://www.openssl.org/blog/
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Arthur,
On 6/11/15 4:34 PM, Arthur Ramsey wrote:
> On 06/11/2015 02:35 PM, Christopher Schultz wrote: Arthur,
>
> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>>>> Is anyone aware of a way to mitigate the Logjam attack with
>>>> tomcat 7 and java 7?
> Disable DHE_EXPORT on the server?
>> I believe I have, but Qualys SSL Server Test still fails me on
>> the Logjam check.
>
>> SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SH
A256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-A
ES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128
- -SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-
DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES25
6-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
You
>>
also have DHE-* ciphers in there, which is probably the problem.
Remove those and I think Qualys will be happier. Really, who is using
DHE in the first place?
>>>> I use tcnative and openssl-1.0.2a both compiled from source
>>>> in production today, but I would be open to JSSE too. I
>>>> believe I need Java 8 to mitigate CVE-2015-4000 with JSSE.
> Why?
>> See
>> http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-grou
p-in-java-sslengine-to-prevent-logjam-attack
Understood.
>>
I thought you just wanted to remove the EXPORT and DHE
ciphers in general. Increasing the number of bits in the DH parameters
will in fact require an upgrade.
>>>> I don't see anyway to use a unique 2048-bit or greater DH
>>>> group with tcnative currently.
> I believe you are correct; there is a bug in BZ:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>
> It looks like 1.1.34 will have this feature. You can build the
> current trunk of the 1.1 branch and probably be okay.
>> Thanks, I'll give it a try. Scary to use in production, but it
>> may be my best answer.
>
>>>> I'm not sure if there is anything I can do at compile time.
>>>> I'd rather not change the cipher suites as I want to maintain
>>>> browser support.
> You should disable EXPORT certificates no matter what. Or were you
> talking about the DH parameters?
>> I was talking about DH parameters.
>
>>>> My server configuration passed the Qualys SSL Server Test
>>>> with flying colors until Logjam, so I would be worried about
>>>> regressions on other security fixes if I used JSSE.
> -chris
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVej2CAAoJEBzwKT+lPKRYyPIQAIJvUDQE7KP7Zmlx5JkQhmJP
GYPT7TdElrY1cUgThCkswN2zKSK8q000BSjggO+s64iChEUn+FeQW9BRBRXXdhXX
0p13g9F+SwbMskrJxVYVK9dAjeamlND2OyIo6WS5u6LHc+a2z5fT1p6Qvu5n4HbD
4iy+rBwHZuW9RBQgg8R3w7iT1ioGzRIu6gexXZzc23l1JUi9lnr1CiJETrISK3Dh
4159fpVR3yZHPiukckyfRGR3KghhgFyJO7WXO5xBIOvyR/Pmg0ltBlDyi7U1cJQx
ZxX3Rq/kLUy5SFDVTYDf8cJ8pNXbG8hUfnGGWUtxar05Xb7zIHESjajUZuwIGFkg
D7z7IaWPSE4w6Y1Mwb2oBcVgQCALhUXwqULsoo09YRuspYB5cKSGi6FuN2GiGObO
MDeB+r/qZJJM9sPsu3pvehHlsuktE5nux30XUAxmm9xUZryVfFPnj9XSCE43rT33
0m7VqVCGzRTQGqjEMdiOg0HX94SPJR8vAWyfnyrsQL4iIlytWJpOQAhFy+p/4llp
P+1zIn0XTDwGGLpOZVsfJIWnuhQQCROK5rDdgXz0fAWx7ET8tLbepGdwVvDMUc4i
Pasbly7JtCbdg1Vr1aX1UPWp3W0irfAMZx3zfz0qrvoK0voWfBenOzuHThwcJMqk
hIIKb20oTJkEvGsmtzXX
=eetm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Mark Thomas <ma...@apache.org>.
On 15/06/2015 16:29, Arthur Ramsey wrote:
> I haven't that would have helped a while back. Did that exist back when
> Heartbleed was discovered?
No. I put it together when I was trying to do the release builds post
heartbleed.
Mark
>
> On 06/15/2015 10:28 AM, Mark Thomas wrote:
>> On 15/06/2015 16:22, Arthur Ramsey wrote:
>>
>> <snip/>
>>
>>>> Agreed, I probably wouldn't trust some random binary :P, but
>>>> documentation is fairly lacking on building tcnative for windows x64
>>>> and
>>>> it requires commercial software.
>> Have you seen this?
>>
>> http://wiki.apache.org/tomcat/BuildTcNativeWin
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Arthur Ramsey <ar...@mediture.com>.
I haven't that would have helped a while back. Did that exist back when
Heartbleed was discovered?
On 06/15/2015 10:28 AM, Mark Thomas wrote:
> On 15/06/2015 16:22, Arthur Ramsey wrote:
>
> <snip/>
>
>>> Agreed, I probably wouldn't trust some random binary :P, but
>>> documentation is fairly lacking on building tcnative for windows x64 and
>>> it requires commercial software.
> Have you seen this?
>
> http://wiki.apache.org/tomcat/BuildTcNativeWin
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey@mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer@mediture.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Mark Thomas <ma...@apache.org>.
On 15/06/2015 16:22, Arthur Ramsey wrote:
<snip/>
>> Agreed, I probably wouldn't trust some random binary :P, but
>> documentation is fairly lacking on building tcnative for windows x64 and
>> it requires commercial software.
Have you seen this?
http://wiki.apache.org/tomcat/BuildTcNativeWin
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Arthur Ramsey <ar...@mediture.com>.
On 06/15/2015 09:50 AM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Arthur,
>
> On 6/13/15 8:42 PM, Arthur Ramsey wrote:
>> I have working binaries for Linux x64 and Windows x64 if anyone
>> needs them.
> Thanks for offering, but:
>
> 1. Anyone running Linux should be able to trivially build their own.
True, but there may be other locked into an older version of tomcat like
me, which requires some modifications to the latest 1.1.x. Here's the patch.
jni/native/include/ssl_private.h
85,87c85
< #define SSL_PROTOCOL_TLSV1_1 (1<<3)
< #define SSL_PROTOCOL_TLSV1_2 (1<<4)
< #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
---
> #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
jni/native/src/sslcontext.c
71,89c71
< if (protocol == SSL_PROTOCOL_TLSV1_2) {
< #ifdef SSL_OP_NO_TLSv1_2
< if (mode == SSL_MODE_CLIENT)
< ctx = SSL_CTX_new(TLSv1_2_client_method());
< else if (mode == SSL_MODE_SERVER)
< ctx = SSL_CTX_new(TLSv1_2_server_method());
< else
< ctx = SSL_CTX_new(TLSv1_2_method());
< #endif
< } else if (protocol == SSL_PROTOCOL_TLSV1_1) {
< #ifdef SSL_OP_NO_TLSv1_1
< if (mode == SSL_MODE_CLIENT)
< ctx = SSL_CTX_new(TLSv1_1_client_method());
< else if (mode == SSL_MODE_SERVER)
< ctx = SSL_CTX_new(TLSv1_1_server_method());
< else
< ctx = SSL_CTX_new(TLSv1_1_method());
< #endif
< } else if (protocol == SSL_PROTOCOL_TLSV1) {
---
> if (protocol == SSL_PROTOCOL_TLSV1) {
163,170d144
< #ifdef SSL_OP_NO_TLSv1_1
< if (!(protocol & SSL_PROTOCOL_TLSV1_1))
< SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
< #endif
< #ifdef SSL_OP_NO_TLSv1_2
< if (!(protocol & SSL_PROTOCOL_TLSV1_2))
< SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
< #endif
>
> 2. Anyone wanting Arthur's binaries should be absolutely sure they
> trust him.
>
> (No offense to Arthur, but accepting binaries from someone on a
> mailing list is always a big of a red flag.) :)
Agreed, I probably wouldn't trust some random binary :P, but
documentation is fairly lacking on building tcnative for windows x64 and
it requires commercial software. I've built it before and had some
trouble building it from the branch. Any estimate on when 1.1.34
binaries will be released?
>
>> It should still work with newer versions of tomcat 7 providing the
>> SSLProtocol is set to TLSv1?
> SSLProtocol should be set to "TLSv1+TLSv1.1+TLSv1.2", but on certain
> older versions of Tomcat 7 this won't work. I can't remember exactly
> when we implemented this, and then there was a bug in the
> implementation, etc., so you should just upgrade to 7.0.current which
> definitely works as documented.
Yeah, I use 7.0.55 and "TLSv1+TLSv1.1+TLSv1.2" only enables TLSv1. We
should update tomcat, but we are migrating to Wildfly anyway.
>
>> The Windows binary has SSLv2 and SSLv3 disabled at compile time.
> Good, though lots and lots of people still need to support SSLv3.
>
> - -chris
>
>> On 6/13/2015 3:30 PM, Arthur Ramsey wrote:
>>> Building the latest from svn branch 1.1.x seems to work. I had
>>> to do some modifications to get TLSv1.1 and TLSv1.2 when using
>>> |SSLProtocol="all" |because I'm using tomcat 7.0.55.
>>>
>>> Thanks for the help, Arthur
>>>
>>> On 6/11/2015 3:34 PM, Arthur Ramsey wrote:
>>>> On 06/11/2015 02:35 PM, Christopher Schultz wrote:
>> Arthur,
>>
>> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>>>>>>> Is anyone aware of a way to mitigate the Logjam attack
>>>>>>> with tomcat 7 and java 7?
>> Disable DHE_EXPORT on the server?
>>>>> I believe I have, but Qualys SSL Server Test still fails me
>>>>> on the Logjam check.
>>>>>
>>>>> SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
> SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA
> - -AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES12
> 8-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES1
> 28-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES25
> 6-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DH
> E-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES
> 256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>>>>>
>>>>>>> I use tcnative and openssl-1.0.2a both compiled from
>>>>>>> source in production today, but I would be open to JSSE
>>>>>>> too. I believe I need Java 8 to mitigate CVE-2015-4000
>>>>>>> with JSSE.
>> Why?
>>>>> See
>>>>> http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-gr
> oup-in-java-sslengine-to-prevent-logjam-attack
>>>>>>> I don't see anyway to use a unique 2048-bit or greater DH
>>>>>>> group with tcnative currently.
>> I believe you are correct; there is a bug in BZ:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>>
>> It looks like 1.1.34 will have this feature. You can build the
>> current trunk of the 1.1 branch and probably be okay.
>>>>> Thanks, I'll give it a try. Scary to use in production, but
>>>>> it may be my best answer.
>>>>>>> I'm not sure if there is anything I can do at compile
>>>>>>> time. I'd rather not change the cipher suites as I want
>>>>>>> to maintain browser support.
>> You should disable EXPORT certificates no matter what. Or were you
>> talking about the DH parameters?
>>>>> I was talking about DH parameters.
>>>>>>> My server configuration passed the Qualys SSL Server Test
>>>>>>> with flying colors until Logjam, so I would be worried
>>>>>>> about regressions on other security fixes if I used
>>>>>>> JSSE.
>> -chris
>>>>> -------------------------------------------------------------------
> - --
>>>>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail:
>>>>> users-help@tomcat.apache.org
>>>>>
>>>> Thanks, Arthur
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVfuZHAAoJEBzwKT+lPKRYrkAP/0LsRarD3oy3Gu/eT1qRazKq
> XDZD2ebdpdMnEdaYgNu8xv1T26PerAZSpHStcd+UN+fcjxTeXuIxcRVIHBJ+8Ctu
> QMZc1Xb3dVUt8f2717m+zd0ACEA2Uzkcl1TDzkrmvSGpEE8/iOltskxnaRxV7nAm
> ojBp8ksdxfdIrKUviC+lLOqBZfE23BQdL5BA09KqFEPMoMWcDc28aUNAB3Heh05A
> NEWVgD1WFXV7XLQggv869wF453+vberSpCfDP64UxdwPLpsSH/B0hPfuJg1ap86t
> g5cUnEmcATIxEtnbkh+kBwjDqvyLzPSG1BUvvZNVUiMCdGjs+WGUX6Indfj4+Fpx
> nMAMRfbLqR4jJ3HWNkZ70iRzLsmd2XTaVFklgqHGCScjrrqtAQCIq1nGY0ro5MIq
> dXoJkaQuV0Vw4767r4JuhWewt+OEhSsvrmcMyVrFQtamkVt+Pngr3ufwk+HuVjhB
> l2+54YVSHAs7wj310vuz8ymI2rQ07AGLEXAHkVKiIB/VoQOVoQjLkMNHTB4Mda0T
> w+9f9d0op4SOdLhqDyeJd8Hn8cAaEVxk88vFaOo6orFVHGs0BsS1R3PWrx4xj//q
> IXgJ8Cp0Y1sbZ/8kPtpyLsmg0250BmBj1icRla3EZiVidbVRSlnPQPT+KEAWc8hZ
> qzgsCk2dvMHi8FFQvK1Y
> =b2wW
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey@mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer@mediture.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Arthur,
On 6/13/15 8:42 PM, Arthur Ramsey wrote:
> I have working binaries for Linux x64 and Windows x64 if anyone
> needs them.
Thanks for offering, but:
1. Anyone running Linux should be able to trivially build their own.
2. Anyone wanting Arthur's binaries should be absolutely sure they
trust him.
(No offense to Arthur, but accepting binaries from someone on a
mailing list is always a big of a red flag.) :)
> It should still work with newer versions of tomcat 7 providing the
> SSLProtocol is set to TLSv1?
SSLProtocol should be set to "TLSv1+TLSv1.1+TLSv1.2", but on certain
older versions of Tomcat 7 this won't work. I can't remember exactly
when we implemented this, and then there was a bug in the
implementation, etc., so you should just upgrade to 7.0.current which
definitely works as documented.
> The Windows binary has SSLv2 and SSLv3 disabled at compile time.
Good, though lots and lots of people still need to support SSLv3.
- -chris
>
> On 6/13/2015 3:30 PM, Arthur Ramsey wrote:
>> Building the latest from svn branch 1.1.x seems to work. I had
>> to do some modifications to get TLSv1.1 and TLSv1.2 when using
>> |SSLProtocol="all" |because I'm using tomcat 7.0.55.
>>
>> Thanks for the help, Arthur
>>
>> On 6/11/2015 3:34 PM, Arthur Ramsey wrote:
>>> On 06/11/2015 02:35 PM, Christopher Schultz wrote:
> Arthur,
>
> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>>>>>> Is anyone aware of a way to mitigate the Logjam attack
>>>>>> with tomcat 7 and java 7?
> Disable DHE_EXPORT on the server?
>>>> I believe I have, but Qualys SSL Server Test still fails me
>>>> on the Logjam check.
>>>>
>>>> SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA
- -AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES12
8-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES1
28-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES25
6-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DH
E-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES
256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>>>>
>>>>
>
>>>>
>>>>>> I use tcnative and openssl-1.0.2a both compiled from
>>>>>> source in production today, but I would be open to JSSE
>>>>>> too. I believe I need Java 8 to mitigate CVE-2015-4000
>>>>>> with JSSE.
> Why?
>>>> See
>>>> http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-gr
oup-in-java-sslengine-to-prevent-logjam-attack
>
>>>>
>>>>>> I don't see anyway to use a unique 2048-bit or greater DH
>>>>>> group with tcnative currently.
> I believe you are correct; there is a bug in BZ:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>
> It looks like 1.1.34 will have this feature. You can build the
> current trunk of the 1.1 branch and probably be okay.
>>>> Thanks, I'll give it a try. Scary to use in production, but
>>>> it may be my best answer.
>
>>>>>> I'm not sure if there is anything I can do at compile
>>>>>> time. I'd rather not change the cipher suites as I want
>>>>>> to maintain browser support.
> You should disable EXPORT certificates no matter what. Or were you
> talking about the DH parameters?
>>>> I was talking about DH parameters.
>
>>>>>> My server configuration passed the Qualys SSL Server Test
>>>>>> with flying colors until Logjam, so I would be worried
>>>>>> about regressions on other security fixes if I used
>>>>>> JSSE.
> -chris
>>>>
>>>> -------------------------------------------------------------------
- --
>>>>
>>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail:
>>>> users-help@tomcat.apache.org
>>>>
>>>
>>> Thanks, Arthur
>>
>
>
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVfuZHAAoJEBzwKT+lPKRYrkAP/0LsRarD3oy3Gu/eT1qRazKq
XDZD2ebdpdMnEdaYgNu8xv1T26PerAZSpHStcd+UN+fcjxTeXuIxcRVIHBJ+8Ctu
QMZc1Xb3dVUt8f2717m+zd0ACEA2Uzkcl1TDzkrmvSGpEE8/iOltskxnaRxV7nAm
ojBp8ksdxfdIrKUviC+lLOqBZfE23BQdL5BA09KqFEPMoMWcDc28aUNAB3Heh05A
NEWVgD1WFXV7XLQggv869wF453+vberSpCfDP64UxdwPLpsSH/B0hPfuJg1ap86t
g5cUnEmcATIxEtnbkh+kBwjDqvyLzPSG1BUvvZNVUiMCdGjs+WGUX6Indfj4+Fpx
nMAMRfbLqR4jJ3HWNkZ70iRzLsmd2XTaVFklgqHGCScjrrqtAQCIq1nGY0ro5MIq
dXoJkaQuV0Vw4767r4JuhWewt+OEhSsvrmcMyVrFQtamkVt+Pngr3ufwk+HuVjhB
l2+54YVSHAs7wj310vuz8ymI2rQ07AGLEXAHkVKiIB/VoQOVoQjLkMNHTB4Mda0T
w+9f9d0op4SOdLhqDyeJd8Hn8cAaEVxk88vFaOo6orFVHGs0BsS1R3PWrx4xj//q
IXgJ8Cp0Y1sbZ/8kPtpyLsmg0250BmBj1icRla3EZiVidbVRSlnPQPT+KEAWc8hZ
qzgsCk2dvMHi8FFQvK1Y
=b2wW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Arthur Ramsey <ar...@mediture.com>.
I have working binaries for Linux x64 and Windows x64 if anyone needs
them. It should still work with newer versions of tomcat 7 providing
the SSLProtocol is set to TLSv1? The Windows binary has SSLv2 and SSLv3
disabled at compile time.
On 6/13/2015 3:30 PM, Arthur Ramsey wrote:
> Building the latest from svn branch 1.1.x seems to work. I had to do
> some modifications to get TLSv1.1 and TLSv1.2 when using
> |SSLProtocol="all" |because I'm using tomcat 7.0.55.
>
> Thanks for the help,
> Arthur
>
> On 6/11/2015 3:34 PM, Arthur Ramsey wrote:
>> On 06/11/2015 02:35 PM, Christopher Schultz wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Arthur,
>>>
>>> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>>>> Is anyone aware of a way to mitigate the Logjam attack with tomcat
>>>> 7 and java 7?
>>> Disable DHE_EXPORT on the server?
>> I believe I have, but Qualys SSL Server Test still fails me on the
>> Logjam check.
>>
>> SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>>
>>
>>>
>>>> I use tcnative and openssl-1.0.2a both compiled from source in
>>>> production today, but I would be open to JSSE too. I believe I
>>>> need Java 8 to mitigate CVE-2015-4000 with JSSE.
>>> Why?
>> See
>> http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-group-in-java-sslengine-to-prevent-logjam-attack
>>>
>>>> I don't see anyway to use a unique 2048-bit or greater DH group
>>>> with tcnative currently.
>>> I believe you are correct; there is a bug in BZ:
>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>>>
>>> It looks like 1.1.34 will have this feature. You can build the current
>>> trunk of the 1.1 branch and probably be okay.
>> Thanks, I'll give it a try. Scary to use in production, but it may
>> be my best answer.
>>>
>>>> I'm not sure if there is anything I can do at compile time. I'd
>>>> rather not change the cipher suites as I want to maintain browser
>>>> support.
>>> You should disable EXPORT certificates no matter what. Or were you
>>> talking about the DH parameters?
>> I was talking about DH parameters.
>>>
>>>> My server configuration passed the Qualys SSL Server Test with
>>>> flying colors until Logjam, so I would be worried about regressions
>>>> on other security fixes if I used JSSE.
>>> - -chris
>>> -----BEGIN PGP SIGNATURE-----
>>> Comment: GPGTools - http://gpgtools.org
>>>
>>> iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC
>>> Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm
>>> l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg
>>> lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e
>>> iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg
>>> 8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b
>>> x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/
>>> rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN
>>> DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0
>>> MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3
>>> OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA
>>> XkCixeOIXgynHCDcWYDc
>>> =Lycq
>>> -----END PGP SIGNATURE-----
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>> Thanks,
>> Arthur
>
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Arthur Ramsey <ar...@mediture.com>.
Building the latest from svn branch 1.1.x seems to work. I had to do
some modifications to get TLSv1.1 and TLSv1.2 when using
|SSLProtocol="all" |because I'm using tomcat 7.0.55.
Thanks for the help,
Arthur
On 6/11/2015 3:34 PM, Arthur Ramsey wrote:
> On 06/11/2015 02:35 PM, Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Arthur,
>>
>> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>>> Is anyone aware of a way to mitigate the Logjam attack with tomcat
>>> 7 and java 7?
>> Disable DHE_EXPORT on the server?
> I believe I have, but Qualys SSL Server Test still fails me on the
> Logjam check.
>
> SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>
>
>>
>>> I use tcnative and openssl-1.0.2a both compiled from source in
>>> production today, but I would be open to JSSE too. I believe I
>>> need Java 8 to mitigate CVE-2015-4000 with JSSE.
>> Why?
> See
> http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-group-in-java-sslengine-to-prevent-logjam-attack
>>
>>> I don't see anyway to use a unique 2048-bit or greater DH group
>>> with tcnative currently.
>> I believe you are correct; there is a bug in BZ:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>>
>> It looks like 1.1.34 will have this feature. You can build the current
>> trunk of the 1.1 branch and probably be okay.
> Thanks, I'll give it a try. Scary to use in production, but it may be
> my best answer.
>>
>>> I'm not sure if there is anything I can do at compile time. I'd
>>> rather not change the cipher suites as I want to maintain browser
>>> support.
>> You should disable EXPORT certificates no matter what. Or were you
>> talking about the DH parameters?
> I was talking about DH parameters.
>>
>>> My server configuration passed the Qualys SSL Server Test with
>>> flying colors until Logjam, so I would be worried about regressions
>>> on other security fixes if I used JSSE.
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Comment: GPGTools - http://gpgtools.org
>>
>> iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC
>> Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm
>> l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg
>> lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e
>> iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg
>> 8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b
>> x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/
>> rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN
>> DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0
>> MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3
>> OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA
>> XkCixeOIXgynHCDcWYDc
>> =Lycq
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> Thanks,
> Arthur
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Arthur Ramsey <ar...@mediture.com>.
On 06/11/2015 02:35 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Arthur,
>
> On 6/11/15 2:14 PM, Arthur Ramsey wrote:
>> Is anyone aware of a way to mitigate the Logjam attack with tomcat
>> 7 and java 7?
> Disable DHE_EXPORT on the server?
I believe I have, but Qualys SSL Server Test still fails me on the
Logjam check.
SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>
>> I use tcnative and openssl-1.0.2a both compiled from source in
>> production today, but I would be open to JSSE too. I believe I
>> need Java 8 to mitigate CVE-2015-4000 with JSSE.
> Why?
See
http://stackoverflow.com/questions/30352105/how-to-set-custom-dh-group-in-java-sslengine-to-prevent-logjam-attack
>
>> I don't see anyway to use a unique 2048-bit or greater DH group
>> with tcnative currently.
> I believe you are correct; there is a bug in BZ:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
>
> It looks like 1.1.34 will have this feature. You can build the current
> trunk of the 1.1 branch and probably be okay.
Thanks, I'll give it a try. Scary to use in production, but it may be
my best answer.
>
>> I'm not sure if there is anything I can do at compile time. I'd
>> rather not change the cipher suites as I want to maintain browser
>> support.
> You should disable EXPORT certificates no matter what. Or were you
> talking about the DH parameters?
I was talking about DH parameters.
>
>> My server configuration passed the Qualys SSL Server Test with
>> flying colors until Logjam, so I would be worried about regressions
>> on other security fixes if I used JSSE.
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC
> Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm
> l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg
> lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e
> iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg
> 8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b
> x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/
> rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN
> DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0
> MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3
> OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA
> XkCixeOIXgynHCDcWYDc
> =Lycq
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Thanks,
Arthur
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tcnative CVE-2015-4000 (Logjam)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Arthur,
On 6/11/15 2:14 PM, Arthur Ramsey wrote:
> Is anyone aware of a way to mitigate the Logjam attack with tomcat
> 7 and java 7?
Disable DHE_EXPORT on the server?
> I use tcnative and openssl-1.0.2a both compiled from source in
> production today, but I would be open to JSSE too. I believe I
> need Java 8 to mitigate CVE-2015-4000 with JSSE.
Why?
> I don't see anyway to use a unique 2048-bit or greater DH group
> with tcnative currently.
I believe you are correct; there is a bug in BZ:
https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
It looks like 1.1.34 will have this feature. You can build the current
trunk of the 1.1 branch and probably be okay.
> I'm not sure if there is anything I can do at compile time. I'd
> rather not change the cipher suites as I want to maintain browser
> support.
You should disable EXPORT certificates no matter what. Or were you
talking about the DH parameters?
> My server configuration passed the Qualys SSL Server Test with
> flying colors until Logjam, so I would be worried about regressions
> on other security fixes if I used JSSE.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVeeL0AAoJEBzwKT+lPKRYkJQQAIyplWF0F65zvlzuQTrsFYPC
Ioh+w4ddwalB1OFzaxGjnulwN9eO91iudqFiZyFpZnh7jV8GOJCQVO5whbBIXvQm
l4RUispklWXNh2ClFfkW2YoXwfZPBhk4um5oVo2KHN7wf3F9AhvA/oz3Ecm2WUdg
lQ7q4+WapZknWS6YdxwMzG7Jl7k6gGgnhfe6SmtEYMDKE8ktTcyAjpHX+NhXXC+e
iCiZ0+DH1lYmUIHdVJu2FIgdui0CVecArJ9ufniiIpbYOnjWFxu+IZGlBuTgoAHg
8Lu7koGDOOnagSdJ6DNJeEyniRVPA61zcKRIqB1IWJJzgZVIpo8/wF4r9jGFIH3b
x+3cqqSiDLppHar48ENIGbqYRCwybRCiJu3SvKLJ/zRs51ybxKbSXOondPWqIRD/
rbLQN6Z/2nQUeSp7A7iKGQj1CqFSDp5IFBqwvP4A9xWFbqCbwOWUfKhgM8UrToLN
DRbtjdpGZvA0lJqxmR9nKWn9K9nNRcViI2wlcDOB22RFjz2S+fUToylf8utUJbW0
MJ5GdqnPYMp3r0NajnWaY8z1POneaqnLHnW5xnhLA2UgDBoClUA2Xe/UmU+ngUT3
OOJDb52+Xr3V+JvsDuK6cgoHTM7X+2i3+75acigwMyPYO34hA1uanVhx7XTvheqA
XkCixeOIXgynHCDcWYDc
=Lycq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org