Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20267

only allow the most secure cipher suites and TLS protocol versions for inbound HTTPS connections by default

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.28.1
    • Fix Version/s: 3.29.0
    • Component/s: Transport
    • Release Note:
      Yes
    • Notability:
      n/a

      Description

      If NXRM is configured with Jetty HTTPS connector, by default the set of allowed ciphers ( and then implicitly the allowed TLS protocols ) will include weaker than recommended versions.

      NXRM 3.15.2 uses Jetty Server 9.4.11
      NXRM 3.16.0-3.16.2 uses Jetty Server 9.4.14 ( NEXUS-18952 )
      NXRM 3.17.0 uses Jetty Server 9.4.18 ( NEXUS-19860 )
      NXRM 3.26.0 uses Jetty Server 9.4.30 (NEXUS-24327 )
      NXRM 3.29.0 uses Jetty Server 9.4.33 ( NEXUS-25774 )

      At startup of NXRM 3.16.0 and newer, when HTTPS is configured, there are many WARN level messages in the logs complaining about weak cipher suites:

      2019-06-18 15:17:10,674-0300 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory - x509=X509@17179ede(jetty,h=[gromit.local, 192.168.2.73],w=[]) for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,756-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,756-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,756-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,756-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,756-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_DHE_DSS_WITH_AES_256_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256 enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,757-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_DHE_DSS_WITH_AES_128_CBC_SHA enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,758-0300 WARN  [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory.config - Weak cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 enabled for SslContextFactory@173f271b[provider=null,keyStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks,trustStore=file:///app/nexus-testing/3.17.0-SNAPSHOT/nexus-installer-3.17.0-20190614.175715-121-mac-archive/sonatype-work/nexus3/etc/ssl/keystore.jks]
      2019-06-18 15:17:10,760-0300 INFO  [jetty-main-1] *SYSTEM org.eclipse.jetty.server.AbstractConnector - Started ServerConnector@2854d641{SSL,[ssl, http/1.1]}{0.0.0.0:8443}
      

      In addition, it will appear using SSL security scanning tools that the Jetty HTTPS connection has ciphers that can be used with less secure TLSv1.0, TLSv1.1

      $ sslscan localhost:8443
      Version: 2.0.6-static
      OpenSSL 1.1.1h  22 Sep 2020
      
      Connected to 127.0.0.1
      
      Testing SSL server localhost on port 8443 using SNI name localhost
      
      SSL/TLS Protocols:
      SSLv2     disabled
      SSLv3     disabled
      TLSv1.0   enabled
      TLSv1.1   enabled
      TLSv1.2   enabled
      TLSv1.3   disabled
      

      Diagnosis

      In Jetty version 9.4.12, the Jetty project implemented and changed what ciphers were excluded for HTTPS connectors by default. See https://github.com/eclipse/jetty.project/issues/2807

      The old excluded cipher expression was:

      // Exclude weak / insecure ciphers
      setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
      

      The new excluded cipher expressions are:

              // Exclude weak / insecure ciphers
              setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
              // Exclude ciphers that don't support forward secrecy
              addExcludeCipherSuites("^TLS_RSA_.*$");
              // The following exclusions are present to cleanup known bad cipher
              // suites that may be accidentally included via include patterns.
              // The default enabled cipher list in Java will not include these
              // (but they are available in the supported list).
              addExcludeCipherSuites("^SSL_.*$");
              addExcludeCipherSuites("^.*_NULL_.*$");
              addExcludeCipherSuites("^.*_anon_.*$");
      

      Further, it is important to realize that depending on the JRE used to run NXRM, certain unsafe cipher suites are excluded by the JRE itself. The document https://java.com/en/jre-jdk-cryptoroadmap.html should be consulted.

      Related Reference:
      https://github.com/eclipse/jetty.project/issues/2807
      https://github.com/eclipse/jetty.project/pull/2855/files
      https://java.com/en/jre-jdk-cryptoroadmap.html
      https://github.com/eclipse/jetty.project/issues/2889
      https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
      https://github.com/eclipse/jetty.project/issues/2921#issuecomment-422747678

      NXRM currently ships with a default install-dir/etc/jetty/jetty-https.xml file that has the following set excluded cipher suites:

      <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
          <Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>
          <Set name="KeyStorePassword">password</Set>
          <Set name="KeyManagerPassword">password</Set>
          <Set name="TrustStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>
          <Set name="TrustStorePassword">password</Set>
          <Set name="EndpointIdentificationAlgorithm"></Set>
          <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
          <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
          <Set name="ExcludeCipherSuites">
            <Array type="String">
              <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
              <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
              <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
              <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
              <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
              <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
              <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
            </Array>
          </Set>
        </New>
      

      Workaround

      To rely on a more secure set of default ciphers and exclude implicit support for TLSv1.0 and TLSv1.1, and prefer only TLSv1.2 then

      1. edit install-dir/etc/jetty/jetty-https.xml and remove the following lines from the file:

          <Set name="ExcludeCipherSuites">
            <Array type="String">
              <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
              <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
              <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
              <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
              <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
              <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
              <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
            </Array>
          </Set>
      

      2. Ensure that NXRM is using a current release of Java ( which will also include a default configuration of disabled insecure ciphers and TLS protocols ).

      Restart NXRM for the changes to take effect.

      From https://github.com/eclipse/jetty.project/issues/860#issuecomment-241413231 and https://github.com/eclipse/jetty.project/issues/860#issuecomment-241462795

      The reason TLS/1.1 and TLS/1.0 are not available to you, is because there's no ciphers that support TLS/1.1 and TLS/1.0 available on your system.

      Those protocols are not disabled, and on some system configurations you can still use TLS/1.1 as there are some Cipher Suites left in the TLS/1.1 camp still available.

      While its true that on an unconfigured Oracle OpenJDK, there will be no ciphers available to service TLS/1.1, there are reports that alternative cryptographic configurations (unlimited strength JCE, Bouncy Castle, etc) do allow TLS/1.1 and TLS/1.0 to function without altering the JVM level security.properties.

      ...

      There's no cipher suites in common between Java and openssl.

      You'll have to address the java side to make TLS/1.1 function for you.

      Option 1: Configure Jetty's SslContextFactory to expose the vulnerable ciphers you are needing

      This requires you to redefine the .setExcludedCiphers() to the set that applies to you.

      Option 2: Configure the Java JVM to not exclude the specific TLS/1.1 ciphers suites you need

      Option 3: Configure the Java Runtime for more Cipher suites

      This can sometimes be as simple as installing the unlimited strength JCE, or using alternative crypto providers like Bouncy Castle.

      Note: The use of these vulnerable cipher suites is to be considered a short term solution, as they are highly likely to be removed everywhere once the TLS/1.3 spec and implementations are deployed. This is because the current iteration of the (unfinished) TLS/1.3 spec is going to ban those cipher suites from existing for any TLS support level, with no option to enable them (as they wont exist on the systems anymore).

      Expected

      Change the jetty-https.xml cipher suites excluded by default to match those followed by Jetty and security best practices of JRE and the security industry.

      If a user needs to change the default allowed ciphers, they can customize the jetty-https.xml themselves to add the insecure ciphers that are compatible with what their client must use, or augment using a technique described here.

      It should be clearly mentioned in release notes that the default allowed ciphers are changed and how to customize them to previous settings, in case someone upgrades and encounters an issue with SSL that was working fine before upgrade.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Joe Tom Joe Tom
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title