can't get tomcat to offer TLS_ECDHE_ECDSA_… ciphers

tonioc asked:

my tomcat (7.0.52) Connector is configured with a cipher list like
ciphers=”TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA”

all those are supported by openjdk1.7 installed on the server (verified).

the keystore is initialized with keytool, using

    keytool -genkey -alias Tomcat -keyalg RSA -sigalg SHA256withRSA -keysize 2048 ... 

In ssl handshake debug output, I can see the client offers these ciphers, but server picks TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA only, which is not the strongest:

ClientHello, TLSv1.2Jul 04, 2014 2:38:31 PM org.apache.coyote.AbstractProtocol start
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,...
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
Jul 04, 2014 2:38:31 PM org.apache.catalina.startup.Catalina start
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: tomcat
% Negotiating:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]

If I remove TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA from tomcat’s cipher list, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is used. If i remove both TLS_ECDHE_RSA_WITH_AES_xxx, then I get a handshake failure (no ciphers in common).

I Can’t figure out what’s missing or bad in the configuration.

Any input much appreciated…

My answer:


Your ciphers should be listed in order of preference.

But you listed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA before TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.

Try reversing their order in the list.

You may also wish to reorder the entire list so that all the 256-bit ciphers appear before all the 128-bit ciphers.

You also need to have SSLHonorCipherOrder="true" set in your <Connector>.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.