Disabling SSLv3 and SSLv2 in Tomcat and JBoss Web

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5, 6, 7
  • Red Hat Certificate System 8
  • Red Hat JBoss Enterprise Application Platform (EAP) 4, 5, 6
  • Red Hat JBoss Enterprise Web Platform (EWP) 5
  • Red Hat Network Satellite 5
  • JBoss Enterprise Web Server (EWS) 1, 2
  • Red Hat JBoss Data Grid (JDG) 6
  • Red Hat JBoss Data Virtualization (JDV) 6
  • Red Hat JBoss BRMS Platform (BRMS-P) 5, 6
  • Red Hat JBoss BPM Suite (BPMS) 6
  • Red Hat JBoss SOA Platform (SOA-P) 4, 5
  • Red Hat JBoss Fuse Service Works (FSW) 6
  • Red Hat JBoss Operations Network (JON) 3
  • Red Hat JBoss Portal Platform (JPP) 5, 6

Issue

  • How can I disable less secure encryption methods and use only TLS?
  • How do I avoid impact to a Tomcat or JBoss Enterprise Middleware system from CVE-2014-3566?
  • Resolution for POODLE SSLv3 vulnerability (CVE-2014-3566) in Tomcat and JBoss Web

Resolution

Red Hat recommends disabling SSL and using only TLSv1.1 or TLSv1.2. Backwards compatibility can be achieved using TLSv1.0. Many products Red Hat supports have the ability to use SSLv2 or SSLv3 protocols, however it is strongly recommended against.

JBoss Web in EAP 4/5 and JBoss 4.x/5.x products

Note: the following mitigation instructions are only applicable if you are using the JSSE connectors for HTTPS configuration. Refer to the Tomcat APR section if you are using native connectors.

For EAP 4/5 and JBoss 4/5.x products based on EAP 4/5, SSLv2 and SSLv3 can be disabled by configuring the https connectors to have the sslProtocols attribute set to "TLSv1,TLSv1.1,TLSv1.2" in the configuration located within $JBOSS_HOME/jboss-as/server/$JBOSS_PROFILE/deploy
/jbossweb.sar/server.xml. For example:

      <Connector protocol="HTTP/1.1" SSLEnabled="true" 
           port="8443" address="${jboss.bind.address}"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="${jboss.server.home.dir}/conf/keystore.jks"
           keystorePass="rmi+ssl"
           sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

The sslProtocols attribute specifies the versions of the SSL protocol to use. If not specified, the default is "TLS". Note TLSv1.2 is only available when using JDK 7 and higher. For more information see http://docs.jboss.org/jbossweb/2.1.x/config/http.html. Note that this applies to only JBoss Web prior to 7.x. In 7.x and later, a connector supports the protocol attribute as discussed for EAP 6 below. Refer to http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html for more information in regards to this.

JBoss Web in EAP 6 and JBoss 6.x products

Note: the following mitigation instructions are only applicable if you are using the JSSE connectors for HTTPS configuration. Refer to the Tomcat APR section if you are using native connectors.

For EAP 6 and JBoss 6.x products based on EAP 6, SSLv2 and SSLv3 can be disabled by setting the protocol attribute to "TLSv1,TLSv1.1,TLSv1.2" for the HTTPS connector in the web subsystem. This can be done using the following CLI commands.
In standalone mode:

/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=protocol,value="TLSv1,TLSv1.1,TLSv1.2")
:reload

In domain mode

/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=protocol,value="TLSv1,TLSv1.1,TLSv1.2")
:reload

Alternatively, edit the configuration file manually:

In standalone mode: $JBOSS_HOME/standalone/configuration/$JBOSS_PROFILE.xml
In domain mode: $JBOSS_HOME/domain/configuration/$JBOSS_PROFILE.xml

Locate and edit the following element in the configuration file. The protocol attribute is set to "TLSv1,TLSv1.1,TLSv1.2" in this example.

            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
                <ssl name="https" key-alias="KEY_ALIAS" password="SECRET" certificate-key-file="${jboss.server.config.dir}/keystore.jks" protocol="TLSv1,TLSv1.1,TLSv1.2"/>
            </connector>

The protocol attribute specifies the version of the SSL protocol to use. Supported values include SSLv2, SSLv3, TLSv1, SSLv2+SSLv3, and ALL. The default is ALL. See the EAP 6 Administration and Configuration Guide for more information.

EAP 6 Management Interfaces

EAP 6 users exposing HTTPS Management Interfaces may not be able to disable SSLv3 via the current configuration options exposed by security-realm/server-identities/ssl configuration parameter. A bug has been filed to add functionality that would make this possible. The following steps allow you to mitigate this issue on EAP 6 systems exposing HTTPS Management Interfaces.

  • Explicitly set the protocol attribute in the ssl configuration to TLSv1:
                <server-identities>
                    <ssl protocol="TLSv1">
                        <keystore path="https.keystore" relative-to="keystore.home" keystore-password="secret" alias="https" key-password="secret" />
                    </ssl>

Tomcat

When using Tomcat with the JSSE connectors, the SSL protocol to be used can be configured via $TOMCAT_HOME/conf/server.xml. The following example shows how the sslProtocol in an https connector is configured.

Tomcat 5 and 6 (prior to 6.0.38)

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

Tomcat 6 (6.0.38 and later) and 7

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

If the sslEnabledProtocols or sslProtocols attributes are specified, only protocols that are listed and supported by the SSL implementation will be enabled. If not specified, the JVM default is used. The permitted values may be obtained from the JVM documentation for the allowed values for algorithm when creating an SSLContext instance e.g. Oracle Java 6 and Oracle Java 7.

Tomcat APR

When using Tomcat with the APR/Native connectors, the SSL protocol to be used can be configured in $TOMCAT_HOME/conf/server.xml. The following example shows how the SSLProtocol in an https connector is configured.

<Connector port="443" maxHttpHeaderSize="8192"
               maxThreads="150"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEnabled="true" 
               SSLProtocol="TLSv1"
               SSLCertificateFile="${catalina.base}/conf/localhost.crt"
               SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />

Configuration parameters are documented here. The default is for the SSLProtocol attribute to be set to ALL, with other acceptable values being SSLv2, SSLv3, TLSv1 and SSLv2+SSLv3. Starting with version 1.1.21 of the Tomcat native library any combination of the three protocols concatenated with a plus sign will be supported. Note that the protocol SSLv2 is inherently unsafe.

Root Cause

SSLv3 is inherently less secure than it's successor Transport Socket Layer (TLS). It is considered a better security practice to disable any variation of SSL and adopt only TLS.

A vulnerability was found in the SSLv3.0 protocol. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. For more information about this vulnerability, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)

Diagnostic Steps

For diagnostic steps, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)

This solution has been reviewed for technical accuracy, optimized for search, and integrated with Product Documentation and/or Red Hat Access Labs. Much like when a software package is accepted upstream, this content has moved from the general KCS editing workflow into the responsibility of Customer Content Services as maintainers.

16 Comments

The JSSE connector in tomcat5 as shipped with RHEL5 does not support the sslEnabledProtocols attribute. That was introduced in tomcat 6.0.

This doesn't cover the disabling in apache per this DOC:

https://access.redhat.com/solutions/1232413

need to add -SSLv3 to apache

SSLProtocol all -SSLv2 -SSLv3

When I execute the script, I get the output as "echo "SSL 3.0 enabled" and tomcat server.xml has the sslProtocol as TLS. Do i need to make any changes?

maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Can we have some instructions for JBoss EAP v4 please?

When using EAP 5 with the APR connector, the attribute to set is: SSLProtocol = "TLSv1"
So without "s" and with uppercase SSL.

If the attribute in Tomcat 6 is already set to sslProtocol="TLS" why is the detector stating the server is vulnerable?

FYI - The following did the trick:

In the server.xml connector, remove:
sslProtocol="TLS"
and replace it with:
sslProtocols="TLSv1, TLSv1.1, TLSv1.2"
Then restart tomcat.

Sean, you rock!!

I spent forever yesterday trying to get Tomcat 6 to disable SSLv3, and nothing worked as expected. The solution, as you mentioned, is to use the sslProtocols attribute.

The problem is that this solution does not match Apache's published documentation -- the sslProtocols attribute is not listed in the Tomcat 6 or 7 docs as a valid option. That's because RH ships Tomcat 6.0.24, but the sslEnabledProtocols attribute wasn't added until 6.0.38. This solution page needs to be updated to fix the guidance. May also want to backport the sslEnabledProtocols feature to RHEL 6.

So, for the record, here's the Connector that worked for me in RHEL6 with Tomcat6:

<Connector port="8443" protocol="HTTP/1.1"
               maxThreads="150" clientAuth="false"
               SSLEnabled="true" scheme="https" secure="true"
               sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/>

If the attribute in Tomcat 6 is already set to sslProtocol="TLS" why is the detector stating the server is vulnerable?

Despite the name, sslProtocol="TLS" seems to include SSLv3, which is pretty misleading.

Awesome!! I spent most of yesterday beating my head against the wall while trying to get Tomcat 6 to disable SSLv3.

I tried every combination of SSLProtocol, SSLEnabledProtocols, and ciphers attributes, but nothing worked!

SSLProtocols just fixed Tomcat 6! Thank you!!!

:-)

Same here. The documentation on this page was incorrect last week. Tomcat 6 was changed sometime after tomcat6-6.0.36, but the Red Hat documentation actually only applied to tomcat6.0.38 and above.

It looks like the latest update on Monday added the correct syntax regarding Tomcat versions earlier then 6.0.38.

Tomcat 5 and 6 (prior to 6.0.38)

   <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
              maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
              clientAuth="false" sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

It's frustrating that the Tomcat developers would make such a major change to the configuration without bumping the version number. From looking at online forums, I can see that many sysadmins had wasted too much time trying to figure out the correct syntax for this simple change. This is why sticking to Semantic Versioning is important.

Yes please add solution to jboss 4.

I have the main connector set like:

maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1,TLSv1.1,TLSv1.2" />
-->

but we also use this in /jboss/server/default/deploy/jboss-jetty.deployer/META-INF/jboss-service.xml

<!-- SSL configuration-->
    <Call name="addConnector">
      <Arg>
        <New class="org.mortbay.jetty.security.SslSocketConnector">
          <Set name="Port"><SystemProperty name="jetty.secure.port" default="13843"/></Set>
          <Set name="maxIdleTime">30000</Set>
          <Set name="keystore"><SystemProperty name="jboss.server.home.dir"/>/conf/stjames.kdb</Set>
          <Set name="password">******</Set>
          <Set name="keyPassword">******</Set>
          <Set name="truststore"><SystemProperty name="jboss.server.home.dir"/>/conf/stjames.kdb</Set>
          <Set name="trustPassword">******</Set>
        </New>
      </Arg>
    </Call>

Instructions for JBoss 4.x products have now been added to this solution.

The doc isn't entirely clear about APR for EAP 6 since the APR section only provides an EAP 5 example. But APR for EAP 6 still only supports TLSv1 and not 1.1/1.2 per https://issues.jboss.org/browse/JBWEB-306. Trying to use protocol="TLSv1,TLSv1.1,TLSv1.2" on EAP 6 APR connectors is not recognized, so it falls back to "all" with SSLv3 enabled.

For JBoss EAP 5.2, I was successful in editing server.xml, changing sslProtocol="TLS" to sslProtocols="TLSv1,TLSv1.1,TLSv1.2". However, when a client app was running JRE6, I get a ssl-handshake failure exception. It appears that, at least under JRE6, I need to keep enabled the "pseudo-protocol" SSLv2Hello in order for the protocol negotiation to work (if you are at JRE7 or higher it appears to work fine without modification). So in my case, I needed to use sslProtocols="SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2" in order for my workstation app to work correctly in JRE6.

add {enabled-protocols="TLSv1, TLSv1.1, TLSv1.2"} to element for wildfly 8.2

When having old Java6 clients connecting to the Jboss, is adding SSLv2Hello to the TLS protocols a valid and supported solution to get around the Poodle vulnerability?