Enable TLSv1 ciphers in Spring Boot

问题:

I am trying to enable TLSv1 ciphers in my spring boot REST service so that older android clients can connect to it but it is not working for some reason. I'm running openjdk version "1.8.0_131" and by default TLSv1, TLSv1.1 and TLSv1.2 seem to be enabled
I'm using nmap --script ssl-enum-ciphers -p 8443 127.0.0.1 to scan what the server can take and I'm getting this

8443/tcp open  https-alt | ssl-enum-ciphers:  |   TLSv1.2:  |     ciphers:  |       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (secp256k1) - A |       TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (secp521r1) - A |       TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (secp521r1) - A |       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (secp256k1) - A |       TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (secp521r1) - A |       TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (secp521r1) - A |       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256k1) - A |       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256k1) - A |       TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (secp521r1) - A |       TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (secp521r1) - A |       TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (secp521r1) - A |       TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (secp521r1) - A |     compressors:  |       NULL |     cipher preference: server |     warnings:  |       Key exchange (secp256k1) of lower strength than certificate key |_  least strength: A 

There are no TLSv1 or TLSv1.1 that succeeded. But they are not disabled! I know this because when I do disable them by setting server.ssl.enabled-protocols=TLSv1.2, on the server ssl logs I see

javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1.1 not enabled or not supported 

When I remove that line (so defaults are enabled again), I don't see that error. What I see is

javax.net.ssl.SSLHandshakeException: no cipher suites in common 

This is the list of ciphers that the nmap scan is sending, it's a huge list so it's hard to believe there are none in common in TLSv1 or TLSv1.1:

Cipher Suites: [Unknown 0xc0:0xa9, TLS_PSK_WITH_AES_256_GCM_SHA384, Unknown 0xc0:0x64, Unknown 0xc0:0x6a, Unknown 0xc0:0x65, Unknown 0xc0:0x6b, Unknown 0xc0:0x94, Unknown 0xc0:0x8e, Unknown 0xc0:0x95, Unknown 0xc0:0x8f, Unknown 0xcc:0xab, TLS_PSK_WITH_NULL_SHA, TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA384, TLS_PSK_WITH_RC4_128_SHA, SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, Unknown 0x0:0x61, Unknown 0x0:0x60, SSL_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, TLS_RSA_PSK_WITH_AES_128_CBC_SHA, TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, TLS_RSA_PSK_WITH_AES_256_CBC_SHA, TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, Unknown 0xc0:0x68, Unknown 0xc0:0x6e, Unknown 0xc0:0x69, Unknown 0xc0:0x6f, Unknown 0xc0:0x98, Unknown 0xc0:0x92, Unknown 0xc0:0x99, Unknown 0xc0:0x93, Unknown 0xcc:0xae, TLS_RSA_PSK_WITH_NULL_SHA, TLS_RSA_PSK_WITH_NULL_SHA256, TLS_RSA_PSK_WITH_NULL_SHA384, TLS_RSA_PSK_WITH_RC4_128_SHA, Unknown 0x0:0x7c, SSL_RSA_WITH_3DES_EDE_CBC_SHA, Unknown 0x0:0x7d, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, Unknown 0xc0:0x9c, Unknown 0xc0:0xa0, TLS_RSA_WITH_AES_128_GCM_SHA256, Unknown 0x0:0x7e, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, Unknown 0xc0:0x9d, Unknown 0xc0:0xa1, TLS_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xc0:0x3c, Unknown 0xc0:0x50] 

Some background, I am trying to enable TLSv1 hoping that my android 4.4.4 client will then connect. It is having the same error of no cipher suites in common as nmap when it sends its ciphers list. However nmap succeeds with some TLSv1.2 ciphers, android does not since it supports less ciphers. So I'm trying to either enable more ciphers in android (seems harder/impossible) or enable more ciphers in my server (seems easier). These are the ciphers that android is sending in the ClientHello

TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV 

If I explicitly enable only those in spring using server.ssl.ciphers, nmap reveals that no cipher at all is actually being accepted. What could be causing spring/java/somethingelse not enabling any of the (common and standard) ciphers that android is trying to use?

回答1:

The issue in my case was not with TLS versions not being enabled. It was with the cipher's signing algorithm.

Jetty disables all ciphers that use SHA1 or MD5 and, as can be seen in the client's list, they are all SHA1 ciphers in my case. This is in the Jetty code

SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setExcludeCipherSuites(         "^.*_(MD5|SHA|SHA1)$"); 

More details here

To fix it, I created an explicit list of ciphers to use in my spring boot config where I enabled the SHA1 ciphers

I have to say that this jetty decision seems unnecessary to me based on this post (I'm no security expert though) at least when using it with TLS1.2. The gist is that what is definitely not secure is signing certificates with SHA1, but using cipher suites that use SHA1 within their HMAC is still considered secure

文章来源: Enable TLSv1 ciphers in Spring Boot