We are running Apache 2.4 as reverse proxy to a Tomcat 9.0.88 web application.
We started having an issues after a fresh install where Apache was rejecting incoming ssl handshakes from other Web apps. This was previously working.
By adding in some test code on the client side, iteratively trying ciphers, we saw that the cipher suites that Apache was willing to accept shrunk from: Old install:
DHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA
New Install:
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
I looked at the httd.conf and saw it was importing the httpd-ssl.conf which had the following ciphers:
SSLCipherSuite AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:
ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384
This is substantially more that the server is willing to accept. Also this config had not changed between the installs.
I tried adding everything the client will support to:
SSLCipherSuite TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:DHE-DSS-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-D
SS-AES256-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DH
E-RSA-AES256-SHA256:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:AES128-SHA:AES128-SHA256:AES128-CCM:AES128-CCM8:AES128-GCM-SHA256:AES256-SHA:AES256-SHA256:AES256-CCM:AE
S256-CCM8:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-
AES256-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDH
E-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
and saw it would only accept the following:
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES256-SHA384
AES128-CCM
AES128-CCM8
AES256-CCM
AES256-CCM8
This shows me it is using the httpd-ssl.config but only a subset of it.
Is there some additional config that I am missing that would be filtering down the ciphers that can be used? It looks like only ciphers with RSA_WITH_AES
are being used.
Could any of the the Tomcat config be causing this issue? I doubt this as the Apache error.log is where we first noticed this issue.
The only things that I can see have changed on the fresh install is the Tomcat version has gone from 9.0.86 to 9.0.88 and Apache from Apache/2.4.58 (FreeBSD) to Apache/2.4.59 (FreeBSD).
EDIT:
OpenSSL 1.1.1w-freebsd 11 Sep 2023
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLProxyProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder on
Java version old:
$ java --version
openjdk 17.0.6 2023-01-17
OpenJDK Runtime Environment (build 17.0.6+10-1)
OpenJDK 64-Bit Server VM (build 17.0.6+10-1, mixed mode, sharing)
java version new:
$ java --version
openjdk 17.0.10 2024-01-16
OpenJDK Runtime Environment (build 17.0.10+7-1)
OpenJDK 64-Bit Server VM (build 17.0.10+7-1, mixed mode, sharing)
Update: based on Daniel Ferradal's comment below I vefiried that my DHE ciphers are supported by openssl on this machine.
openssl ciphers -v "DHE-RSA-AES256-GCM-SHA384"
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
openssl ciphers -v "DHE-RSA-AES128-GCM-SHA256"
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
#SSLCipherSuite
as shown it was commented out and not actually doing anything at all.We started having an issues after a fresh install where Apache was rejecting incoming ssl handshakes from other Web apps
, but it is usually the other way around, client rejects server for several reasons. You should specify which java version you use to connect to this server. Old java versions have trouble handshaking with DH ciphers when private key is >1024 bits.openssl ciphers -v "TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:etc...."