HOWTO: Secure SSL in Tomcat and JBoss

Introduction

It is quite common, during a PCI vulnerability scan, to see errors like the following show up for SSL encrypted sites: SSL Server Supports Weak Encryption Vulnerability or SSL Server Allows Anonymous Authentication Vulnerability. These vulnerabilities indicate that the web site scanned allows successful SSL handshakes using anonymous authentication and/or encryption levels below 128 bits. This HOWTO has been written to address how to disable anonymous and weak encryption and is geared towards the two tomcat containers in widespread use today, Apache Tomcat 5.5.x and Apache Tomcat 6.0.x. Users of Mulesoft's Tcat Server or SpringSource's tc Server would also follow the directions included in this HOWTO. Users of JBoss 4 and JBoss 5, as well as JBoss Web, the JBoss Web Platform, the JBoss Enterprise Web Server, and the JBoss Application Platform could also use the information in this HOWTO.

Remediation steps are identical for both versions of tomcat. The only thing that is different is the directive used to disable those ciphers, which depends upon the type of HTTP connector in use. Please note that this document assumes that you are using a Sun JVM or one that is compliant with a Sun JVM. Please consult your vendor's documentation is you are using, for example, an IBM JVM.

A Java-Based HTTP Connector

If you are using a Java-based http connector, (one that does not have the initials "APR" in the name, then SSL is handled through the Java Secure Socket Extension (JSSE). Tomcat ships with two connectors, the standard HTTP 1.1-compliant connector and the non-blocking HTTP 1.1-compliant connector. They are known by the following names: org.apache.coyote.http11.Http11Protocol and org.apache.coyote.http11.Http11NioProtocol. The default used by both Tomcat 5.5 and Tomcat 6 is the blocking Http11Protocol connector. The non-blocking connector is new in Tomcat 6.0.

JSSE ciphers utilize long naming conventions. I have not come across an easier way to disable specific ciphers using a pattern, like one can do with Apache and OpenSSL.

Disabling Weak and Anonymous encryption ciphers is done by adding the following command to your server.xml:

ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

IMPORTANT NOTE: White space between the ciphers above have been included to provide legible text but the spaces following the comma between each cipher should be removed if copying/pasting into your own server.xml. Changes go into effect once tomcat has been restarted.

An APR Connector

Supported in both Tomcat 5.5 and Tomcat 6.0, the APR connector is a native connector, with performance on par with Apache. The APR connector is an HTTP 1.1-compliant connector that utilizes OpenSSL instead of JSSE for SSL support. Since it uses OpenSSL, you can use the same filter string to disable specific ciphers as if this were an Apache web server. Instead of using the ciphers directive above, a similar directive named SSLCipherSuite is used. Below is the setting to add to your server.xml in order to disable weak and anonymous encryption in a tomcat implementation using APR:

SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"

Changes go into effect once Tomcat has been restarted. The !SSLv2 is not strictly necessary as SSLv2 support is generally not enabled by default in a Tomcat instance but it was added above for compatibility with Apache


Creative Commons Attribution-ShareAlike 3.0 Unported