1

I have a Winstone server running Jenkins on Windows with Java 8. I'm trying to ensure that if a client request fails to specify a preferred cipher, a Diffie-Hellman cipher is preferred by the server. Unlike Tomcat, Winstone doesn't appear to have a way to specify a list of ciphers to order them. So, I'm trying to disable the non-DHE and non-ECDHE ciphers. I've been able to remove some of them by modifying the java.security file's list of disabled algorithms by specifying a minimum keysize and removal of the MD2 algorithms, but cannot disable all of them. OpenSSL identifies the remaining unwanted cipher algorithms as:

AES128-GCM-SHA256
AES128-SHA256  
AES128-SHA  
EDH-RSA-DES-CBC3-SHA 
DES-CBC3-SHA

In the java.security file, I've tried variously adding filters for AES, AES128, None, EDH, and DES, yet these algorithms still appear enabled when I make a request to the server. I've also attempted to remove the entries after legacyAlgorithms. Does anyone know what filter values will remove these?

java.security snippet:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, SSLv2Hello, TLSv1, TLSv1.1
jdk.tls.legacyAlgorithms= \
    K_NULL, C_NULL, M_NULL, \
    DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
    DH_RSA_EXPORT, RSA_EXPORT, \
    DH_anon, ECDH_anon, \
    RC4_128, RC4_40, DES_CBC, DES40_CBC
OtherDan_84
  • 11
  • 1
  • 4
  • Show your java.policy file – JJF Jan 16 '17 at 19:48
  • "I'm trying to ensure that if a client request fails to specify a preferred cipher, a Diffie-Hellman cipher is preferred by the server. " That doesn't really make sense, at least to me. The client hello always includes a list of ciphers in preference order. – President James K. Polk Jan 16 '17 at 19:58
  • James, I'm not an SSL expert. I believe you are correct, and I may have been thinking about something I misread awhile ago. In any case, see the discussion here about cipher order preferences http://security.stackexchange.com/questions/121608/is-the-order-of-cipher-suites-related-to-the-clients-preferences or here http://www.exploresecurity.com/testing-for-cipher-suite-preference/ The server has the capability to override the client preference order. Since Winstone doesn't give me that option, I want the list to only contain ECDHE and DHE algorithms. – OtherDan_84 Jan 16 '17 at 21:14

1 Answers1

1

java.policy doesn't do what you describe; java.security does. But it only disables or restricts individual primitives and AFAICT it can't disable non-PFS as a class.

If you (can and do) give the server an ECDSA cert (i.e. a cert with an ECC key and KU=sign) and NOT an RSA cert, then only ECDHE-ECDSA ciphers can be negotiated with that cert. If you (also or instead) give it a DSA cert then only DHE-DSS ciphers can be negotiated with that cert; this may depend on using your own CA or selfsigned (with the advantages and disadvantages thereof) as I have not found any public CA that issues DSA certs. Java8 defaults DHE to a 1024-bit shared value, which is now considered borderline for security, but with system properties you can change this, see How to expand DH key size to 2048 in java 8 .

PS: what OpenSSL calls 'EDH' is DHE in the RFCs and is actually algorithm DH, and what OpenSSL calls 'DES-CBC3' is really {3DES|3DES-EDE|DESEDE}-CBC; see Map SSL/TLS cipher suites and their OpenSSL equivalents

Community
  • 1
  • 1
dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
  • Thanks Dave. That fills in some missing pieces for me. I thought there was probably a different naming convention between Java and OpenSSL. I'll read up on the map and see if I can get anywhere with it. I caught that I used the wrong file name after @jjf requested the file, and I've updated my question. – OtherDan_84 Jan 16 '17 at 21:48
  • Could it be that a certificate that doesn't allow RSA *encryption* could be used as well? Obtaining one of those certificates could be tricky if you'd have to go to a CA for it, and not every implementation support EC crypto (although Java obviously does). – Maarten Bodewes Jan 16 '17 at 23:47