SSL Config

Rubris piggybacks directly on the JSSE implementation of SSL in some respects, while still making use of SSLEngine and wrap/unwarap mechanisms.

Behaviours

Generally the SSL implementation has a certain set of behaviours:

• It does not support any SSL level lower than TLS1.0/SSlv3.
• It is preferred for the level to be TLS1.2 (and Java will try and negotiate from that starting point
• It limits the encryption settings to a know set (see below)
• It does not support Session renegotiation after the initial handshake has been made (see below)

Some of the these options are based on the following:

http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html

Configuration options

Configuration for ssl provides the following options:

• enabled (default false)
  • To enable SSL this must be set to true
• sslProvider
  • defaults to the platform SSL provider
• protocol (default “TLS”)
  • Do NOT use “SSL “ as the protocol
• serverSessionCacheSize
  • Caching is not enabled in general as clients connecting from behind firewalls make this not much use
• serverSessionTimeout
  • not relevant if no caching is set
• keyStoreType (default “jks”)
  • In normal circumstances the jks will be used as it is the default java KeyStore
• keyStoreProvider
  • normally null to use the platform provider
• keystorePassword
  • password as a char[] for the keystore
• keyManagerPassword
  • If the key itself has a password it can be set using this value. It is passed to the keyManager on creation.
• trustStoreType (default “jks”)
  • The type of the truststore file - In normal circumstances the jks will be used as it is the default java KeyStore
• trustStoreProvider
  • normally null to use platform provider
• trustStorePassword
  • password as a char[] for the truststore
• protocols (default (“TLSv1”, “TLSv1.1”,”TLSv1.2”))
  • protocols passed as part of the SSL Params to the SSLContext. SSL is NOT enabled and is insecure - do NOT USE

• ciphers

  “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256”, “TLS_DHE_RSA_WITH_AES_128_GCM_SHA256”, “TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256”, “TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA”, “TLS_DHE_RSA_WITH_AES_128_CBC_SHA256”, “TLS_DHE_RSA_WITH_AES_128_CBC_SHA”, “TLS_RSA_WITH_AES_128_GCM_SHA256”, “TLS_RSA_WITH_AES_128_CBC_SHA256”, “TLS_RSA_WITH_AES_128_CBC_SHA”, “SSL_RSA_WITH_3DES_EDE_CBC_SHA”

  default set of ciphers is to use the so called strong ciphers (in line with those available on the openJDK platform. Oracle’s JVM may have ciphers available —-

• keyStorePath
  • file path to the keystore. This can either be: classpath:/xx/yy/store.jks (Try and load from the classpath) or /xx/yy/store.jks (This must be an exact path)
• trustStorePath
  • file path to the keystore. This can either be: classpath:/xx/yy/store.jks (Try and load from the classpath) or /xx/yy/store.jks (This must be an exact path)
• clientAuthRequired (default false)
  • should client be required to provide a certificate
• useServerCipherOrdered (default true)
  • Enable the JDK to choose the best suite from those offered rather than the client decide. It is not recommended to set this to false
• ephemeralDHKeySize (default 2048)
  • increases the default 1024bit DH ephemeral parameter
• secureRandomAlgorithm
  • normally null to use the JDK SecureRandom algorithm
• keyStoreAlgorithm (default “ssl.KeyManagerFactory.algorithm”)
  • default for platform
• trustStoreAlgorithm (default “ssl.TrustManagerFactory.algorithm”)
  • default for platform
• keyStore
  • Allows a instance of a keystore to be passed in rather than having to provide a path
• trustStore
  • Allows a instance of a trustStore to be passed in rather than having to provide a path

Session renegotiation

SSL (including Java’s SSLEngine) allows client triggered renegotiation. However, Rubris does not due to a a large number of potential security issues that result from this:

https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks

Accordingly, Rubris disables this capacity using system properties:

  java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
     "false");

  // both are set as it is slightly unclear as to which version of 
  // java8 this was renamed in
  java.lang.System.setProperty("jdk.tls.rejectClientInitiatedRenegotiation",
    "true");
  java.lang.System.setProperty("jdk.tls.rejectClientInitializedRenego",
    "true");


  // increase DH negotiation size
  java.lang.System.setProperty("jdk.tls.ephemeralDHKeySize",
    ""+config.ephemeralDHKeySize);

Renegotiation is primarily used for moving between secure and plain on the same connection and downgrading/upgrading ciphers.

Neither of which is useful in the context of these services.