TechQA.

Disable non-DHE and non-ECDHE ciphers in JSSE

3.8k views Asked by At

I have a Winstone server running Jenkins on Windows with Java 8. I'm trying to ensure that if a client request fails to specify a preferred cipher, a Diffie-Hellman cipher is preferred by the server. Unlike Tomcat, Winstone doesn't appear to have a way to specify a list of ciphers to order them. So, I'm trying to disable the non-DHE and non-ECDHE ciphers. I've been able to remove some of them by modifying the java.security file's list of disabled algorithms by specifying a minimum keysize and removal of the MD2 algorithms, but cannot disable all of them. OpenSSL identifies the remaining unwanted cipher algorithms as:

AES128-GCM-SHA256
AES128-SHA256  
AES128-SHA  
EDH-RSA-DES-CBC3-SHA 
DES-CBC3-SHA

In the java.security file, I've tried variously adding filters for AES, AES128, None, EDH, and DES, yet these algorithms still appear enabled when I make a request to the server. I've also attempted to remove the entries after legacyAlgorithms. Does anyone know what filter values will remove these?

java.security snippet:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, SSLv2Hello, TLSv1, TLSv1.1
jdk.tls.legacyAlgorithms= \
    K_NULL, C_NULL, M_NULL, \
    DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
    DH_RSA_EXPORT, RSA_EXPORT, \
    DH_anon, ECDH_anon, \
    RC4_128, RC4_40, DES_CBC, DES40_CBC
java ssl encryption jsse winstone
Original Q&A
1

There are 1 answers

2
dave_thompson_085 On

java.policy doesn't do what you describe; java.security does. But it only disables or restricts individual primitives and AFAICT it can't disable non-PFS as a class.

If you (can and do) give the server an ECDSA cert (i.e. a cert with an ECC key and KU=sign) and NOT an RSA cert, then only ECDHE-ECDSA ciphers can be negotiated with that cert. If you (also or instead) give it a DSA cert then only DHE-DSS ciphers can be negotiated with that cert; this may depend on using your own CA or selfsigned (with the advantages and disadvantages thereof) as I have not found any public CA that issues DSA certs. Java8 defaults DHE to a 1024-bit shared value, which is now considered borderline for security, but with system properties you can change this, see How to expand DH key size to 2048 in java 8 .

PS: what OpenSSL calls 'EDH' is DHE in the RFCs and is actually algorithm DH, and what OpenSSL calls 'DES-CBC3' is really {3DES|3DES-EDE|DESEDE}-CBC; see Map SSL/TLS cipher suites and their OpenSSL equivalents

Related Questions in JAVA

Related Questions in SSL

Related Questions in ENCRYPTION

Related Questions in JSSE

Related Questions in WINSTONE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions