The transport level security protocol of the Tomcat server is configured in the
<PRODUCT_HOME>/conf/tomcat/catalina-server.xml file. Note that the
Lprotocol attribute is set to "TLS (Transport Layer Security) " by default.
See the following topics for detailed configuration options:
|Table of Contents|
Disable SSL version 3
It is necessary to disable SSL version 3 in WSO2 products Carbon servers because of a bug (Poodle Attack) in the SSL version 3 protocol that could expose critical data encrypted between clients and servers. The Poodle Attack makes the system vulnerable by telling the client that the server does not support the more secure TLS protocol. This forces the server (Transport Layer Security) protocol, and thereby forces it to connect via SSL 3.0. You can mitigate the The effect of this bug can be mitigated by disabling SSL version 3 protocol in for your server.
Follow the steps given below to disable SSL 3.0 support on WSO2 Carbon 4.3.0 based servers.
- Make a backup of Open the
- Make a backup of the
catalina-server.xmlfile and stop the Carbon server.
- Find the connector Connector configuration that is corresponding to TLS (usually, this connector has the port set to 9443 and the
If you are using JDK 1.6, remove the
sslProtocol="TLS"attribute from the configuration and replace it with
sslEnabledProtocols="TLSv1"as shown below.
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" bindOnInit="false" sslEnabledProtocols="TLSv1"
If you are using JDK 1.7, remove the
sslProtocol="TLS"attribute from the above configuration and replace it with
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"as shown below.
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" bindOnInit="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Start the server.
In some Carbon products, such as WSO2 ESB and WSO2 API Manager, pass-thru transports are enabled. Therefore, to disable SSL version 3 in such products, the
axis2.xmlfile stored in the
<PRODUCT_HOME>/repository/conf/axis2/directory should also be configured.
To test if SSL version 3 is disabled:
Execute the following command to test the transport:
java -jar TestSSLServer.jar localhost 9443
The output of the command before and after disabling SSL version 3 is shown below.
Before SSL version 3 is disabled:
Supported versions: SSLv3 TLSv1.0 Deflate compression: no Supported cipher suites (ORDER IS NOT SIGNIFICANT): SSLv3 RSA_EXPORT_WITH_RC4_40_MD5 RSA_WITH_RC4_128_MD5 RSA_WITH_RC4_128_SHA RSA_EXPORT_WITH_DES40_CBC_SHA RSA_WITH_DES_CBC_SHA RSA_WITH_3DES_EDE_CBC_SHA DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DHE_RSA_WITH_DES_CBC_SHA DHE_RSA_WITH_3DES_EDE_CBC_SHA RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA (TLSv1.0: idem)
After SSL version 3 is disabled:
Supported versions: TLSv1.0 Deflate compression: no Supported cipher suites (ORDER IS NOT SIGNIFICANT): TLSv1.0 RSA_EXPORT_WITH_RC4_40_MD5 RSA_WITH_RC4_128_MD5 RSA_WITH_RC4_128_SHA RSA_EXPORT_WITH_DES40_CBC_SHA RSA_WITH_DES_CBC_SHA RSA_WITH_3DES_EDE_CBC_SHA DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DHE_RSA_WITH_DES_CBC_SHA DHE_RSA_WITH_3DES_EDE_CBC_SHA RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA
Disable weak ciphers
A cipher is an algorithm for performing encryption or decryption. When you set the
sslprotocol is set of your server to TLS, only the TLS and the default ciphers are enabled. However, get enabled without considering the strength of the ciphers will not be considered when they are enabled. Therefore, ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks such as the Logjam attack on Diffie-Hellman key exchange. The Logjam attack is also called the Man-in-the-Middle attack. It downgrades your connection's encryption to a less-secured level (e.g., 512 bit) that can be decrypted with sufficient processing power.
To prevent these types of security attacks, it is encouraged to disable the weak ciphers, you enter . You can enable only the ciphers that you want the server to support in a comma-separated list in the
ciphers attribute attribute. Also, if you do not add this cipher attribute or keep it blank, the browser will support all the SSL ciphers by JSSE will be supported by your server. This will enable the weak ciphers.
- Make a backup of the Open the
- Make a backup of the
catalina-server.xmlfile and stop the server (same as for disabling SSL version 3)WSO2 product server.
Add the the
cipherattribute to the existing configuration in the the
catalina-server.xmlfile by adding the list of ciphers that you want your server to support as follows:
ciphers="<cipher-name>,<cipher-name>". For example,
For Tomcat version 7.0.34: ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,TLS SSL_DHE_RSA_WITH_AES_1283DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA, TLS_DHESSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSSRSA_WITH_AES_128_CBC_SHA" For Tomcat version 7.0.59: ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_RC4_128_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,SSLTLS_DHE_DSSRSA_WITH_3DESAES_EDE256_CBC_SHA"
- Start the server.
To verify that the configurations are all set correctly, download and run the TestSSLServer.jar.
$ java -jar TestSSLServer.jar localhost 9443
- Note that in the output that you get, the section "Supported cipher suites" does not contain any export ciphers.
Firefox 39.0 onwards does not allow to access Web sites that support DHE with keys less than 1023 bits (not just DHE_EXPORT). 768/1024 bits are considered to be too small and vulnerable to attacks if the hacker has enough computing resources.
Tip: To use AES-256, the Java JCE Unlimited Strength Jurisdiction Policy files need to be installed. Downloaded them from http://www.oracle.com/technetwork/java/javase/downloads/index.html.
Tip: From Java 7, you must set the