0006067: JSSE-SSL: <honor-cipher-order> ignored

6067

minor

always

07-05-17 05:30

07-05-17 15:20

Reporter:

stbu

Platform:

Assigned To:

ferg

OS:

Priority:

normal

OS Version:

Status:

closed

Product Version:

4.0.53

Product Build:

Resolution:

fixed

Projection:

none

ETA:

none

Fixed in Version:

4.0.54

Summary:

0006067: JSSE-SSL: <honor-cipher-order> ignored

Description:

With Caucho Resin 4.0.46 the support for honor-cipher-order in <jsse-ssl> has been added (0005939).
This feature requires JDK 1.8, but it hasn't been working although I am running JDK 1.8 with the JCE Unlimited Strength Jurisdiction Policy Files:

      <http address="*" port="${https_port}">
        <jsse-ssl>
          <key-store-file>XXX</key-store-file>
          <password>XXX</password>
          <protocol>TLSv1,TLSv1.1,TLSv1.2</protocol>
          <cipher-suites>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</cipher-suites>
          <honor-cipher-order>true</honor-cipher-order>
        </jsse-ssl>
      </http>

It can be tested by entering such configured site in for example the SSL Labs tool (https://www.ssllabs.com/ssltest/analyze.html) [^] or with the very nice Bash script from https://testssl.sh/ [^]

In SSL Labs you'll see on the "Cipher Suites" Section:
# TLS 1.2 (server has no preference)

Or for example when downloading https://testssl.sh/testssl.sh [^]
user@host $ ./testssl.sh -P localhost:8443
..
Testing server preferences

Has server cipher order? nope (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 521 bit ECDH (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
     ECDHE-RSA-AES256-SHA: TLSv1, TLSv1.1
     ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2
No further cipher order check has been done as order is determined by the client

Steps To Reproduce:

Additional Information:

I have a bugfix for this that requires just one additional line in "com/caucho/vfs/JsseSSLFactory.java" in Method "setHonorCipherOrder(SSLServerSocket serverSocket)"

Below is this method with my addition (see comment // Crucial, otherwise no effect)

  private void setHonorCipherOrder(SSLServerSocket serverSocket)
  {
    if (_isHonorCipherOrder == null)
      return;

    if (_honorCipherOrderMethod == null)
      return;

    try {
      SSLParameters params
        = (SSLParameters) _getSSLParametersMethod.invoke(serverSocket);

      _honorCipherOrderMethod.invoke(params, _isHonorCipherOrder);
      serverSocket.setSSLParameters(params); // Crucial, otherwise no effect

      log.log(Level.FINER, L.l("setting honor-cipher-order {0}",
                               _isHonorCipherOrder));
    } catch (Throwable t) {
      log.log(Level.WARNING, t.getMessage(), t);
    }
  }



See also:
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html [^]
"SSLParameters can be applied to a connection via the methods ... and SSLServerSocket.setSSLParameters() and ..."

With this fix, the server cipher order is working:

user@host $ ./testssl.sh -P localhost:8443
..
Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH
Cipher order
    TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA
    TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA
    TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256

Relationships

Attached Files:

Mantis - Resin
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
6067		minor	always	07-05-17 05:30	07-05-17 15:20

Reporter:	stbu	Platform:
Assigned To:	ferg	OS:
Priority:	normal	OS Version:
Status:	closed	Product Version:	4.0.53
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.54

Summary:	0006067: JSSE-SSL: <honor-cipher-order> ignored
Description:	With Caucho Resin 4.0.46 the support for honor-cipher-order in <jsse-ssl> has been added (0005939). This feature requires JDK 1.8, but it hasn't been working although I am running JDK 1.8 with the JCE Unlimited Strength Jurisdiction Policy Files: <http address="*" port="${https_port}"> <jsse-ssl> <key-store-file>XXX</key-store-file> <password>XXX</password> <protocol>TLSv1,TLSv1.1,TLSv1.2</protocol> <cipher-suites>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</cipher-suites> <honor-cipher-order>true</honor-cipher-order> </jsse-ssl> </http> It can be tested by entering such configured site in for example the SSL Labs tool (https://www.ssllabs.com/ssltest/analyze.html) [^] or with the very nice Bash script from https://testssl.sh/ [^] In SSL Labs you'll see on the "Cipher Suites" Section: # TLS 1.2 (server has no preference) Or for example when downloading https://testssl.sh/testssl.sh [^] user@host $ ./testssl.sh -P localhost:8443 .. Testing server preferences Has server cipher order? nope (NOT ok) Negotiated protocol TLSv1.2 Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 521 bit ECDH (limited sense as client will pick) Negotiated cipher per proto (limited sense as client will pick) ECDHE-RSA-AES256-SHA: TLSv1, TLSv1.1 ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2 No further cipher order check has been done as order is determined by the client
Steps To Reproduce:
Additional Information:	I have a bugfix for this that requires just one additional line in "com/caucho/vfs/JsseSSLFactory.java" in Method "setHonorCipherOrder(SSLServerSocket serverSocket)" Below is this method with my addition (see comment // Crucial, otherwise no effect) private void setHonorCipherOrder(SSLServerSocket serverSocket) { if (_isHonorCipherOrder == null) return; if (_honorCipherOrderMethod == null) return; try { SSLParameters params = (SSLParameters) _getSSLParametersMethod.invoke(serverSocket); _honorCipherOrderMethod.invoke(params, _isHonorCipherOrder); serverSocket.setSSLParameters(params); // Crucial, otherwise no effect log.log(Level.FINER, L.l("setting honor-cipher-order {0}", _isHonorCipherOrder)); } catch (Throwable t) { log.log(Level.WARNING, t.getMessage(), t); } } See also: https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html [^] "SSLParameters can be applied to a connection via the methods ... and SSLServerSocket.setSSLParameters() and ..." With this fix, the server cipher order is working: user@host $ ./testssl.sh -P localhost:8443 .. Testing server preferences Has server cipher order? yes (OK) Negotiated protocol TLSv1.2 Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH Cipher order TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256
Relationships
Attached Files: