glassfishrobot
commented
6 years ago - Issue Imported From: https://github.com/javaee/glassfish/issues/21313
- Original Issue Raised By:@glassfishrobot
- Original Issue Assigned To: Unassigned
Open glassfishrobot opened 9 years ago
glassfishrobot
commented
6 years ago glassfishrobot
commented
9 years ago @glassfishrobot Commented nabizamani said: For example, this would allow forward secrecy in IE on Win 7 (maybe there are better cipher suites that allow forward secrecy and which are supported by the different IE versions):
IE 11 / Win 7 R via TLS 1.2 ==> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 IE 8-10 / Win 7 R via TLS 1.0 ==> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
But unfortunately Glassfish only selects this, which has no Forward Secrecy as I believe to know:
IE 11 / Win 7 R via TLS 1.2 ==> TLS_RSA_WITH_AES_128_CBC_SHA256 IE 8-10 / Win 7 R via TLS 1.0 ==> TLS_RSA_WITH_AES_128_CBC_SHA
glassfishrobot
commented
7 years ago @glassfishrobot Commented gururaja1234 said: As this change involves admin module adding the admin tag.
glassfishrobot
commented
7 years ago @glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-21313
glassfishrobot
commented
9 years ago @glassfishrobot Commented Reported by nabizamani
glassfishrobot
commented
7 years ago @juanli-oracle Commented I think this is more of an ER (enhancement request) rather than than a bug. The filer may want a new asadmin command using SSLParameters.setUseCipherSuitesOrder(boolean) to honor the client preference on cipher suites.
github-actions[bot]
commented
4 years ago This issue has been marked as inactive and old and will be closed in 7 days if there is no further activity. If you want the issue to remain open please add a comment
roberto-cisternino
commented
2 years ago I think this issue is still available in Glassfish and also Payara. It takes in other words to add an instruction on asadmin to forse the cipher order in a similar way Apache, Tomcat and JBoss does with the SSLHonorCipherOrder parameter. The order of ciphers is actually preserved in domain.xml using the ssl3-tls-ciphers attribute of ssl, but it is ignored. Example with ECDHE and DHE ciphers in front for ensuring the Forward Secrecy:
ssl3-tls-ciphers="+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,+TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA"
Unfortunately the Forward Secrecy compliance cannot be reached if the list contains a single uncomplaint cipher. A test can be easely done using the https://www.ssllabs.com/ssltest and a website running Glassfish or Payara with a certificate enabled for the above ciphers. The order of ciphers is ignored. This server supports weak Diffie-Hellman (DH) key exchange parameters. "TLS 1.2 (server has no preference)"
If we force the order (e.g. on another server) the test succeedes even including in the list weak DH ciphers, because they will be never choosed.
So, in the end it is not a grave bug... most browsers supports modern ciphers so we can disable all weak DH ciphers.
github-actions[bot]
commented
1 year ago This issue has been marked as inactive and old and will be closed in 7 days if there is no further activity. If you want the issue to remain open please add a comment
github-actions[bot]
commented
2 months ago This issue has been marked as inactive and old and will be closed in 7 days if there is no further activity. If you want the issue to remain open please add a comment
https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy
This is the list of supported cipher suites (when disabling RC4 via JSSE) as received via "asadmin list-supported-cipher-suites" (see below). As you can see the following cipher suites are nor really "top listed", which means that for major browsers Forward Secrecy is disabled because the selected cipher suite does not support it:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA there are some more...
Here is a list of some of the affected browsers: IE 11 / Win 7 R via TLS 1.2 ==> TLS_RSA_WITH_AES_128_CBC_SHA256 IE 8-10 / Win 7 R via TLS 1.0 ==> TLS_RSA_WITH_AES_128_CBC_SHA
Glassfish should at least allow to change the order of the "server-side" list of supported cipher suites. Furthermore, Java has even introduced an API for listening a little more to "what the client wants", see http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html :
Cipher Suite Preference: During TLS handshaking, the client requests to negotiate a cipher suite from a list of cryptographic options that it supports, starting with its first preference. Then, the server selects a single cipher suite from the list of cipher suites requested by the client. Normally, the selection honors the client's preference. However, to mitigate the risks of using weak cipher suites, the server may select cipher suites based on its own preference rather than the client's preference, by invoking the method SSLParameters.setUseCipherSuitesOrder(true).
That means it would also be great to apply SSLParameters.setUseCipherSuitesOrder(bool) via asadmin settings (probably on the http-linteners ssl section).
##################################################### And here is the complete list of cypher suites (RC4 is disabled): #####################################################
$ /home/glassfish/bin/asadmin list-supported-cipher-suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLS_DH_anon_WITH_AES_256_GCM_SHA384 TLS_DH_anon_WITH_AES_128_GCM_SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_anon_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5
Environment
Ubuntu 14.04 LTS Server x64, java 1.8.0_31 + JCE Unlimited Strength, GlassFish Server Open Source Edition 4.1 (build 13)
Affected Versions
[4.1]