Tomcat solution on https://weakdh.org has typos?

Question

Do the non-GCM ciphers listed for the Tomcat fix on https://weakdh.org/sysadmin.html have typos?

Under "Apache Tomcat" heading and below the text "In the server.xml file (for JSSE)" there is the following Connector ciphers configuration.

My question pertains to the bottom 14 ciphers (The ciphers that don't have GCM in the name)

(New lines added for readability)

<Connector ciphers="[GCM Ciphers],
  TLS_ECDHE_RSA_WITH_AES_128_SHA256,
  TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,
  TLS_ECDHE_RSA_WITH_AES_128_SHA,
  TLS_ECDHE_ECDSA_WITH_AES_128_SHA,
  TLS_ECDHE_RSA_WITH_AES_256_SHA384,
  TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,
  TLS_ECDHE_RSA_WITH_AES_256_SHA,
  TLS_ECDHE_ECDSA_WITH_AES_256_SHA,
  TLS_DHE_RSA_WITH_AES_128_SHA256,
  TLS_DHE_RSA_WITH_AES_128_SHA,
  TLS_DHE_DSS_WITH_AES_128_SHA256,
  TLS_DHE_RSA_WITH_AES_256_SHA256,
  TLS_DHE_DSS_WITH_AES_256_SHA,
  TLS_DHE_RSA_WITH_AES_256_SHA
" />

Should it be these CBC ciphers instead?

<Connector ciphers="[GCM Ciphers],
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
" />

It seems that they are missing CBC_ in the names.

Example:
TLS_DHE_RSA_WITH_AES_256_SHA should be TLS_DHE_RSA_WITH_AES_256_CBC_SHA. According to https://www.openssl.org/docs/apps/ciphers.html, the latter exists while the former does not.

If you look at other fixes on the weakdh.org site, you can see other products use a different cipher naming convention. Using the OpenSSL cipher list, you can map those names to the names Tomcat uses and find out that they map to the CBC ciphers.

I tried using the ciphers from weakdh.org as published in my server.xml, but it had no effect. It appears that Tomcat ignores the ciphers if even one cipher is misspelled or not a legitimate cipher name, and Tomcat falls back to using the JVM's default ciphers. Once I added CBC_ to the cipher names, Tomcat started using the ciphers listed in the Connector ciphers attribute.

Does the weakdh.org solution have typos, or am I missing something?

Answer 1

The ciphers from weakdh.org seem to be invalid for your system, so, yes, it's falling back to the defaults. The ones listed on weakdh.org may work on some other system that they tested on, or they just may be wrong entirely, I can't be completely sure, but what I do know is that they aren't on the list here, so they're probably not valid anywhere.

To get a list of valid cipher suites for your system, from http://markmail.org/message/zn4namfhypyxum23:

From: Christopher Schultz (chr...@christopherschultz.net)

All,

To follow-up, the code below can be used to fetch the currently-available ciphers for SSL and will show whether or not they are enabled in your particular JVM. Note that none of this is Tomcat-specific:

import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.net.ssl.SSLServerSocketFactory;

public class SSLInfo
{
    public static void main(String[] args)
        throws Exception
    {
        SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

        String[] defaultCiphers = ssf.getDefaultCipherSuites();
        String[] availableCiphers = ssf.getSupportedCipherSuites();

        TreeMap ciphers = new TreeMap();

        for(int i=0; i<availableCiphers.length; ++i )
            ciphers.put(availableCiphers[i], Boolean.FALSE);

        for(int i=0; i<defaultCiphers.length; ++i )
            ciphers.put(defaultCiphers[i], Boolean.TRUE);

        System.out.println("Default\tCipher");
        for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) {
            Map.Entry cipher=(Map.Entry)i.next();

            if(Boolean.TRUE.equals(cipher.getValue()))
                System.out.print('*');
            else
                System.out.print(' ');

            System.out.print('\t');
            System.out.println(cipher.getKey());
        }
    }
}

Compile the above and run java SSLInfo from a command line to get a list of valid cipher strings for your system.