Reputation: 654
Disabling specific weak ciphers and enforcing Perfect Forward Secrecy using JVM properties
I want to achieve the Perfect Forward Secrecy (PFS) by disabling the unwanted ciphers using JVM properties
I want to achieve this by using Java's 'jdk.tls.disabledAlgorithms' property in java.security file.
Currently I set the property as below jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5, DESede, DH keySize < 1024, RSA keySize < 2048 and when I tested using the Server using TestSSLServer, I got the following output
Supported versions: TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
TLSv1.2
RSA_WITH_AES_128_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
DHE_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA256
DHE_RSA_WITH_AES_128_CBC_SHA256
DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
I still couldn't find a mechanism to get rid of sites that don't provide PFS. E.g. ' TLS_RSA_WITH_AES_128_GCM_SHA256'.
Can I get this done by 'jdk.tls.disabledAlgorithms'? If not, is there any other JVM level mechanism?
Upvotes: 2
Views: 4313
Answers (1)
Reputation: 131
I have been able to get forward secrecy to work in our Java server by changing this in the java.security file:
1) Uncomment (remove #) in front of
crypto.policy=unlimited
(You will need at least Java 1.8.0_151 for this)
2) set jdk.tls.disabledAlgorithms to
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5, DESede, DH keySize < 1024, RSA keySize < 2048, RSA_WITH_AES_128_CBC_SHA, DHE_RSA_WITH_AES_128_CBC_SHA, RSA_WITH_AES_256_CBC_SHA, DHE_RSA_WITH_AES_256_CBC_SHA, RSA_WITH_AES_128_CBC_SHA256, RSA_WITH_AES_256_CBC_SHA256, DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384
(to get this list, I tested my site on ssllabs.com and listed all cipher suites SSLLabs said to be weak)
While you're working on this, you might also want to consider setting the following two variables when starting the java process, but that actually isn't needed to get forward secrecy to work:
-Djdk.tls.ephemeralDHKeySize=2048 -Djdk.tls.rejectClientInitiatedRenegotiation=true
Upvotes: 6
Related Questions
- How do I disable cipher suite using java.security
- Java - How can I disable a TLS cipher for only some protocols using JVM Config?
- AES Encryption vulnerabilities in JAVA
- Restrict cipher suites on JRE level
- Java cipher suites
- Good list of weak cipher suites for Java
- Java: Lighter code for encryption
- How to disable weak cipher suits in java application server for ssl
- Disabling weak Ciphers for Tomcat 5.5.27?
- How to handle multiple Ciphers