Do the non-GCM ciphers listed for the Tomcat fix on https://weakdh.org/sysadmin.html have typos?
Under "Apache Tomcat" heading and below the text "In the server.xml file (for JSSE)" there is the following Connector ciphers configuration.
My question pertains to the bottom 14 ciphers (The ciphers that don't have GCM in the name)
(New lines added for readability)
<Connector ciphers="[GCM Ciphers],
TLS_ECDHE_RSA_WITH_AES_128_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_SHA,
TLS_ECDHE_RSA_WITH_AES_256_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_SHA,
TLS_DHE_RSA_WITH_AES_128_SHA256,
TLS_DHE_RSA_WITH_AES_128_SHA,
TLS_DHE_DSS_WITH_AES_128_SHA256,
TLS_DHE_RSA_WITH_AES_256_SHA256,
TLS_DHE_DSS_WITH_AES_256_SHA,
TLS_DHE_RSA_WITH_AES_256_SHA
" />
Should it be these CBC ciphers instead?
<Connector ciphers="[GCM Ciphers],
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
" />
It seems that they are missing CBC_ in the names.
Example:
TLS_DHE_RSA_WITH_AES_256_SHA should be TLS_DHE_RSA_WITH_AES_256_CBC_SHA. According to https://www.openssl.org/docs/apps/ciphers.html, the latter exists while the former does not.
If you look at other fixes on the weakdh.org site, you can see other products use a different cipher naming convention. Using the OpenSSL cipher list, you can map those names to the names Tomcat uses and find out that they map to the CBC ciphers.
I tried using the ciphers from weakdh.org as published in my server.xml, but it had no effect. It appears that Tomcat ignores the ciphers if even one cipher is misspelled or not a legitimate cipher name, and Tomcat falls back to using the JVM's default ciphers. Once I added CBC_ to the cipher names, Tomcat started using the ciphers listed in the Connector ciphers attribute.
Does the weakdh.org solution have typos, or am I missing something?