Tomcat: TLSv1.2 with strong ciphers not working

4
votes

I installed Tomcat-7, configured support for TLSv1.2 on port 8443.
My Connector configuration:
protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2"

I then configured a list of strong ciphers I wanted to use. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

As I have read, Tomcat can either use Java JSSE or OpenSSL
JSSE protocol="org.apache.coyote.http11.Http11NioProtocol"
OpenSSL protocol="org.apache.coyote.http11.Http11AprProtocol"
My tomcat connector is configured with JSSE protocol.

It works if I add the following ciphers with SHA1. (No GCM with SHA1) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.

I have downloaded the Java cryptographic extensions policy files. Tried with both Java 7 and Java 8.

Before I installed the Cryptographic Extensions I got the following error while starting up Tomcat

INFO: Initializing ProtocolHandler ["http-nio-8443"]
mai 20, 2014 3:57:43 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory     getEnableableCiphers
WARNING: None of the ciphers specified are supported by the SSL engine :     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

According to Java 7 Documentation all these strong ciphers with GCM-SHA384 and CBC-SHA384 should be supported: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites

If I change the ciphers just a little bit:

INFO: Initializing ProtocolHandler ["http-nio-8443"]
mai 20, 2014 4:21:11 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getEnableableCiphers
WARNING: None of the ciphers specified are supported by the SSL engine : TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA584,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA584,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA584,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA584

That would indicate that that my list of ciphers are supported by my Tomcat/Java.

Could the problem be with the Browser? I have tried the latest Chromium and Firefox. After checking some commits I found out that Chromium does support SHA256, SHA384 and AES-GCM.

4
javatomcatssljsse

4 Answers

4
votes

Found out that neither Chromium nor Firefox support these higher ciphers.
The strongest/highest cipher available is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
No support for SHA384 and no AES_256_GCM

https://www.ssllabs.com/ssltest/viewMyClient.html
Cipher Suites (in order of preference)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
TLS_RSA_WITH_RC4_128_SHA (0x5)
TLS_RSA_WITH_RC4_128_MD5 (0x4)

2
votes

The standard algorithm name documentation you're quoting is just the list of names, which are effectively reserved, but not necessarily implemented.

The SunJSSE provider (the default JSSE provider in the Oracle JRE) doesn't implement any GCM cipher suite in Java 7. They are in the updated table for the Java 8 implementation.

You might also need sslProtocol="TLSv1.2".

1
votes

I am a web developer and facing the similar issue running the application with Tomcat 7 and Java7 versions and found the fix.

by adding the below property in the server.xml file of tomcat in 

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,     TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
0
votes

For Firefox 37.0.2, the list of supported ciphers is:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)