The transport level security protocol of the Tomcat server is configured in the
<PRODUCT_HOME>/conf/tomcat/catalina-server.xml file. Note that the ss
Lprotocol attribute is set to "TLS" by default.
See the following topics for detailed configuration options:
It is necessary to disable SSL in Carbon servers because of a bug ( Poodle Attack) in the SSL protocol that could expose critical data encrypted between clients and servers. The Poodle Attack makes the system vulnerable by telling the client that the server does not support the more secure TLS (Transport Layer Security) protocol, and thereby forces it to connect via SSL. The effect of this bug can be mitigated by disabling SSL protocol for your server.
Follow the steps given below to disable SSL support on WSO2 Carbon based servers.
- Open the
- Make a backup of the
catalina-server.xmlfile and stop the Carbon server.
Find the Connector configuration corresponding to TLS (usually, this connector has the port set to 9443 and the
sslProtocolas TLS). Remove the
sslProtocol="TLS"attribute and replace it with
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"as shown below.
Start the server.
In some Carbon products, such as WSO2 ESB and WSO2 API Manager, pass-thru transports are enabled. Therefore, to disable SSL in such products, the
axis2.xmlfile stored in the
<PRODUCT_HOME>/repository/conf/axis2/directory should also be configured.
To test if SSL is disabled:
Execute the following command to test the transport:
The output of the command after disabling SSL is shown below.
Disable weak ciphers
A cipher is an algorithm for performing encryption or decryption. When you set the
sslprotocol of your server to TLS, the TLS and the default ciphers get enabled without considering the strength of the ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks such as the Logjam attack on Diffie-Hellman key exchange. The Logjam attack is also called the Man-in-the-Middle attack. It downgrades your connection's encryption to a less-secured level (e.g., 512 bit) that can be decrypted with sufficient processing power.
To prevent these types of security attacks, it is encouraged to disable the weak ciphers. You can enable only the ciphers that you want the server to support in a comma-separated list in the
ciphers attribute. Also, if you do not add this cipher attribute or keep it blank, the browser will support all the SSL ciphers by JSSE. This will enable the weak ciphers.
- Open the
- Make a backup of the
catalina-server.xmlfile and stop the WSO2 product server.
cipherattribute to the existing configuration in the
catalina-server.xmlfile by adding the list of ciphers that you want your server to support as follows:
ciphers="<cipher-name>,<cipher-name>". See the example given below.
See the list of supported cipher suites.
- Start the server.
To verify that the configurations are all set correctly, download and run the TestSSLServer.jar.
Note the following when you run the above tool:
The "Supported cipher suites" section in the output does not contain any EXPORT ciphers.
When you use the supported cipher suites listed here, the BEAST attack status will be shown as vulnerable. Note that this is a client-side vulnerability caused by the TLSv1 protocol. You can make the BEAST status protected by removing TLSv1, which will make clients with TLSv1 unusable. Therefore, it is recommended to fixed this from the client side.
Firefox 39.0 onwards does not allow to access Web sites that support DHE with keys less than 1023 bits (not just DHE_EXPORT). 768/1024 bits are considered to be too small and vulnerable to attacks if the hacker has enough computing resources.
Tip: To use AES-256, the Java JCE Unlimited Strength Jurisdiction Policy files need to be installed. Downloaded them from http://www.oracle.com/technetwork/java/javase/downloads/index.html.
Tip: From Java 7, you must set the
jdk.certpath.disabledAlgorithms property in the
<JAVA_HOME>/jre/lib/security/java.security file to
jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048. It rejects all algorithms that have key sizes less than 2048 for MD2, DSA and RSA.
Note that this tip is not applicable when you are disabling weak ciphers in WSO2 Identity Server.