Securing SSL in Tomcat - Part Two - Disabling Weak Ciphers
The previous post dealt with SSLv2 behavior in tomcat and jboss. This post is concerned more with the items that we will probably get hit with on the next vulnerability report if we are running tomcat or jboss as a front-end web server. The tomcat documentation is pretty spartan on the topic of restricting certain SSL Ciphers, which is too bad because it means a lot of trial and error on our part. The changes I'm proposing here may not necessarily be ideal but they do work.
This post assumes that you are running a Sun JVM (1.4.2 or higher) and that you are using tomcat 4.1.32 or above AND that you are using a non-APR http connector. non-APR connectors utilize Sun's JSSE for encryption whereas APR connectors utilize OpenSSL.
The directive that you add to your SSL connector is the "ciphers" attribute. The documentation for the ciphers attribute states that you can leave it out or blank for all ssl ciphers supported by JSSE or you can enter in a comma-separated list of ciphers that you want your server to support. I have provided this listing and verified with SSLDigger that connections that try to null, weak, and anonymous ciphers fail. Using the small application and SSL debugging switches from Build Secure Network Applications with SSL and the JSSE API, I see that the following ciphers are enabled on a tomcat 5.5 and a tomcat 6 instance running under jdk1.6:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
I have highlighted the weak ciphers. Edit server.xml and find the SSL Connector section. Copy the following attribute and value and paste it into your SSL Connector section:
ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
NOTE: Spaces between ciphers should be removed. They were only added into this post in order to wrap text within this post's body. Restart your tomcat server. This will configure your server to support all Medium and High-Grade, non-exportable encryption ciphers. Anonymous ciphers will not work. Null Ciphers will not work and connection attempts using weak encryption (export grade and/or 56-bit encryption or below) will fail as well.
Note regarding tomcat 4.1: Tomcat 4.1.32 and above support the 'ciphers' parameter--it is not available in versions prior to 4.1.32 so the suggestions in this article will not work unless you update your tomcat 4.1 container first.
Updated Added 03/27/10: Note regarding Tomcat with an APR Connector: This configuration will not work with an apr (native) connector under tomcat 5.5.x or 6.0.x. See Part Three of this series instead.