用于缓解Logjam / weakdh.org的正确JBoss EAP 6.0.1密码套件配置是什么？

Question

Because of the attention that logjam and the website https://weakdh.org/ (Logjam: How Diffie-Hellman Fails in Practice) has received in recent days, I decided to harden the SSL configuration on my JBoss EAP 6.0.1 system as described here:

13.2.5. SSL Connector Reference: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Administration_and_Configuration_Guide/SSL_Connector_Reference1.html

Cross referenced to here: http://www.coderanch.com/t/613062/JBoss/configuring-SSL-Https-Jboss

The relevant portion of my standalone.xml is included in obfuscated form below:

<connector name="https" protocol="HTTP/1.1" scheme="https" 
    socket-binding="https" secure="true">  
    <ssl  
     key-alias="**********"  
     password="**********"  
     certificate-key-file="/var/**********/**********.jks"  
     protocol="TLSv1.2"  
     cipher-suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AE_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"  
     />  
    </connector>

The protocol restriction is working but the cipher-suite attribute has, as far as I can tell, no effect. I have reduced the list down to just two suites but the list returned by JBoss on port 8443 is always the same. I have tested the system against Qualys SSL Labs and the list of cipher suites returned includes numerous weak of ciphers not included in my list.

 Cipher Suites (sorted by strength; the server has no preference)
 TLS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK     128
 TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK     128
 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)     128
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 768 bits (p: 96, g: 96, Ys: 96)   FS   INSECURE     128
 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   WEAK     128
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH 571 bits (eq. 15360 bits RSA)   FS     128
 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)     112
 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 768 bits (p: 96, g: 96, Ys: 96)   FS   INSECURE     112
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)   ECDH 571 bits (eq. 15360 bits RSA)   FS     112

Update : I tried adjusting the configuration via the CLI in the hope it might do something different:

 /subsystem=web/connector=https/ssl=configuration/:write-attribute(name=cipher-suite, value="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA")

which then outputs (corresponds also to the new standalone.xml):

 [standalone@localhost:9999 /] /subsystem=web/connector=https/ssl=configuration/:read-resource(recursive=true,proxies=false,include-runtime=true,include-defaults=true)
 {
      "outcome" => "success",
      "result" => {
           "ca-certificate-file" => undefined,
           "ca-certificate-password" => undefined,
           "ca-revocation-url" => undefined,
           "certificate-file" => undefined,
           "certificate-key-file" => "/var/xxxx/xxxx-xx/xxxx.jks",
           "cipher-suite" => "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA",
           "key-alias" => "xxxx",
           "keystore-type" => undefined,
           "name" => undefined,
           "password" => "****",
           "protocol" => "TLSv1.2",
           "session-cache-size" => undefined,
           "session-timeout" => undefined,
           "truststore-type" => undefined,
           "verify-client" => "false",
           "verify-depth" => undefined
      },
      "response-headers" => {"process-state" => "reload-required"}
 }

but nmap using this command:

 nmap -p 8443 -A --script ssh-hostkey,ssh2-enum-algos,sshv1,ssl-cert,ssl-date,ssl-enum-ciphers,ssl-google-cert-catalog,ssl-heartbleed,ssl-known-key,sslv2 xxxx.de

insists that the other cipher-suites are still active:

 Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-31 09:41 W. Europe Daylight Time

 Nmap scan report for xxxx.de (x.x.x.x)
 Host is up (0.031s latency).

 PORT     STATE SERVICE  VERSION
 8443/tcp open  ssl/http Apache Tomcat/Coyote JSP engine 1.1

 | ssl-cert: Subject: commonName=xxxx.de
 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
 | Public Key type: rsa
 | Public Key bits: 2048
 | Not valid before: 2015-05-27T23:00:00+00:00
 | Not valid after:  2016-05-21T22:59:59+00:00
 | MD5:   7ac1 b1a9 4fd8 c438 0bce 0e82 bb2a 5e06
 |_SHA-1: 9b6e 185c 8598 aec6 7949 e7b1 3183 fc87 637f e86b
 | ssl-enum-ciphers: 
 |   TLSv1.0: No supported ciphers found
 |   TLSv1.2: 
 |     ciphers: 
 |       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
 |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
 |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
 |       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
 |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
 |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
 |       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
 |       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
 |       TLS_RSA_WITH_AES_128_CBC_SHA - stron
 |       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
 |       TLS_RSA_WITH_RC4_128_MD5 - strong
 |       TLS_RSA_WITH_RC4_128_SHA - strong
 |     compressors: 
 |       NULL
 |_  least strength: strong
 | ssl-google-cert-catalog: 
 |_  No DB entry

 Nmap done: 1 IP address (1 host up) scanned in 55.74 seconds
 - See more at: https://developer.jboss.org/message/931697#sthash.3ZJZG9PV.dpuf

Apparently, there is some guidance on this topic here: https://access.redhat.com/solutions/661193 (Disable weak SSL ciphers in EAP 6) Alas, I have no access to that, as RedHat's policy would seem to put security of the application server and the Internet in general behind a paywall. Sigh.

Can anyone confirm this issue and better yet, offer advice for a resolution. Short of putting it behind a reverse proxy (my plan B), does anyone have a working configuration? Thanks.

Ref: https://developer.jboss.org/message/931697

Answer 1

Since neither the JBoss mailing list nor the Stackoverflow crew has any feedback, I am chalking this up to a bug in that JBoss version. I have resolved it by upgrading to Wildfly 8.2 and configuring with the instructions provided and it works as expected.

I guess it was a bug in an, admittedly, older version of the server. For posterity, this is the configuration of the SSL listener for wildfly:

 <https-listener name="https" socket-binding="https" security-
  realm="SSLRealm"      
  enabled-protocols="TLSv1.2"     
  enabled-cipher-suites="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, etc."/>

A corresponding security-realm might look like:

<security-realm name="SSLRealm"> 
    <server-identities> 
      <ssl > 
        <keystore
     path="/var/mysite/ssl/mysite.jks"
     keystore-password="******"
     alias="mysite"
     /> 
      </ssl> 
    </server-identities> 
  </security-realm> 

Answer 2

We are using jboss-6.1.0 and resolved the issue by adding

SSLHonorCipherOrder="On" 
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"

to server.xml , ie

<Connector protocol="HTTP/1.1" SSLEnabled="true" 
           port="8443" address="${jboss.bind.address}"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="${jboss.server.home.dir}/conf/XXXX"
           keystorePass="XXXX" sslProtocol = "TLS"     
           SSLHonorCipherOrder="On" 
           ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" />

I think long term solution will be is to upgrade to one of the latest JBOSS AS.

Answer 3

Got it working with the following attributes for ssl element inside https connector:

protocol="TLSv1,TLSv1.1,TLSv1.2" 
cipher-suite="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"