Jetty 9.3 SSL Performance

Continuation from SSL Performance comparison of Tomcat, JBoss, httpd and Weblogic:
https://middlewarelive.wordpress.com/2016/10/24/simple-ssl-perfomance-comparison/

 

Command used to test:

# openssl s_time -connect localhost:$PORT -new

Jetty 9.3:
435 connections in 10.48s; 41.51 connections/user sec, bytes read 0
435 connections in 31 real seconds, 0 bytes read per connection

Advertisements

Testing Jetty 9.3 using testssl.sh

Default configuration seems to be secure enough; only need to add “-Djdk.tls.rejectClientInitiatedRenegotiation=true”.

[root@localhost testssl]# ./testssl.sh –quiet localhost:8443

No engine or GOST support via engine with your /usr/bin/openssl

Testing now (2016-11-29 11:54) —> 127.0.0.1:8443 (localhost) <—

A record via /etc/hosts
rDNS (127.0.0.1): localhost.
Service detected: HTTP
–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption not offered (OK)
Triple DES Ciphers not offered (OK)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256

–> Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-SHA256, 521 bit ECDH
Cipher order
TLSv1.2: ECDHE-RSA-AES128-SHA256 AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-GCM-SHA256 AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256

–> Testing server defaults (Server Hello)

TLS server extensions renegotiation info
Session Tickets RFC 5077 (none)
Server key size 2048 bit
Signature Algorithm SHA256 with RSA
Fingerprint / Serial SHA1 BCF8947BA3AFD3AF3C0879928177B30AD3596950 / 28CF8FB2
SHA256 9961DA8B9902B767F3D1000FDD35A1D273AC12B3361772CCD0B215C3E658BE7B
Common Name (CN) localhost (works w/o SNI)
subjectAltName (SAN) —
Issuer localhost (Unknown from Unknown)
EV cert (experimental) no
Certificate Expiration >= 60 days (2016-11-25 16:35 –> 2017-02-23 16:35 +0800)
# of certificates provided 1
Chain of trust (experim.) Your /usr/bin/openssl is too old, needed is version >=1.0.2
Certificate Revocation List —
OCSP URI —
OCSP stapling not offered
TLS clock skew -1 sec from localtime
–> Testing HTTP header response @ “/”

HTTP Status Code 200 OK
HTTP clock skew Got no HTTP time, maybe try different URL?
Strict Transport Security —
Public Key Pinning —
Server banner Jetty(9.3.14.v20161028)
Application banner —
Cookie(s) 1 issued: 1/1 secure, NOT HttpOnly
Security headers —
Reverse Proxy banner —
–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Check failed: seems like TLS 1.2 is the only protocol
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
Done now (2016-11-29 11:54) —> 127.0.0.1:8443 (localhost) <—

Weblogic SSL Hostname Verifier

Issue:

javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=myserver.mydomain.com.
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doPostHandshake(JaSSLEngine.java:677)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:748)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:611)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:515)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:98)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:77)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:240)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:574)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:545)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:230)

Diagnosis:

Due to wildcard in the host certificate.

Resolution:

The default hostname verifier in weblogic does not support wildcard certificate, and need to use the wildcard verifier as below:

  1. Go to the WebLogic admin console -> Environment -> Servers -> your server -> Configuration -> SSL
  2. Click “Lock & Edit”
  3. Open the “Advanced” flap
  4. Change “Hostname Verification” from “BEA Hostname Verifier” to “Custom Hostname Verifier”
  5. Set “Custom Hostname Verifier” to security.utils.SSLWLSWildcardHostnameVerifier
  6. Click “Save” and then “Activate Changes”
  7. Restart your server.

 

References:

http://serverfault.com/questions/503751/certificate-verification-error-when-sending-a-service-request-from-weblogic

http://docs.oracle.com/cd/E28280_01/web.1111/e13707/ssl.htm#SECMG571

 

Simple SSL Perfomance Comparison

Command used to test:

# openssl s_time -connect localhost:$PORT -new

Tomcat APR/Native:
2011 connections in 10.67s; 188.47 connections/user sec, bytes read 0
2011 connections in 31 real seconds, 0 bytes read per connection

JBoss Java connector:
460 connections in 11.01s; 41.78 connections/user sec, bytes read 0
460 connections in 31 real seconds, 0 bytes read per connection

Apache:
2753 connections in 14.43s; 190.78 connections/user sec, bytes read 0
2753 connections in 31 real seconds, 0 bytes read per connection

Weblogic:
797 connections in 3.81s; 209.19 connections/user sec, bytes read 0
797 connections in 31 real seconds, 0 bytes read per connection

Conclusion:

  1. Using APR/Native is better for performance.
  2. Weblogic is quite OK, performance better than JBoss, considering that it is using JDK 6 (will try with JDK 7 & 8 later).

Updates (26 Oct 2016)

Weblogic + JDK 7
1103 connections in 2.86s; 385.66 connections/user sec, bytes read 0
1103 connections in 31 real seconds, 0 bytes read per connection

Weblogic + JDK 8
889 connections in 4.27s; 208.20 connections/user sec, bytes read 0
889 connections in 31 real seconds, 0 bytes read per connection

Testing Tomcat 8 SSL using testssl.sh

Configuration:

Apache Tomcat 8.0.18 + JDK 1.8.0_92

APR/Native SSL Connector defined in server.xml:

<Connector
protocol=”org.apache.coyote.http11.Http11AprProtocol”
port=”8443″ maxThreads=”100″
scheme=”https” secure=”true” SSLEnabled=”true”
SSLCertificateFile=”conf/certs/cert.pem”
SSLCertificateKeyFile=”conf/certs/key.pem”
SSLVerifyClient=”optional” SSLProtocol=”TLSv1.1+TLSv1.2″
SSLHonorCipherOrder=”true” SSLCipherSuite=”HIGH:!aNULL:!eNULL:!EXPORT:!3DES:!DES:!RC4:!MD5:!kRSA”/>

Result: ALL OK!

[root@localhost testssl]# ./testssl.sh –quiet localhost:8443

No engine or GOST support via engine with your /usr/bin/openssl

Testing now (2016-10-24 15:39) —> 127.0.0.1:8443 (localhost) <—

A record via /etc/hosts
rDNS (127.0.0.1): localhost.
Service detected: HTTP
–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption not offered (OK)
Triple DES Ciphers not offered (OK)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA ECDHE-RSA-AES128-SHA

–> Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH
Cipher order
TLSv1.1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA
TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA

–> Testing server defaults (Server Hello)

TLS server extensions renegotiation info, EC point formats, session ticket, heartbeat
Session Tickets RFC 5077 300 seconds
Server key size 2048 bit
Signature Algorithm SHA1 with RSA
Fingerprint / Serial SHA1 8AB61B39A292A0826D3C744F229843F58EFB6B13 / C95DEAE861AF547F
SHA256 B6F2DF7EDABEA1249972AEA88A7EE8AD9DE40326DF013EA71FD9AF874CAB8355
Common Name (CN) localhost (works w/o SNI)
subjectAltName (SAN) —
Issuer localhost (MyCompany from MY)
EV cert (experimental) no
Certificate Expiration >= 60 days (2016-10-24 15:09 –> 2026-10-22 15:09 +0800)
# of certificates provided 1
Chain of trust (experim.) Your /usr/bin/openssl is too old, needed is version >=1.0.2
Certificate Revocation List —
OCSP URI —
OCSP stapling not offered
TLS clock skew -1 sec from localtime
–> Testing HTTP header response @ “/”

HTTP Status Code 404 Not Found (Hint: supply a path which doesn’t give a “404 Not Found”)
HTTP clock skew 0 sec from localtime
Strict Transport Security —
Public Key Pinning —
Server banner Apache-Coyote/1.1
Application banner —
Cookie(s) (none issued at “/”)
Security headers —
Reverse Proxy banner —
–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
x88 DHE-RSA-CAMELLIA256-SHA DH 1024 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
x45 DHE-RSA-CAMELLIA128-SHA DH 1024 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
Done now (2016-10-24 15:40) —> 127.0.0.1:8443 (localhost) <—

References:

https://tomcat.apache.org/tomcat-8.0-doc/config/http.html

 

Testing JBoss EAP 6.3 using testssl.sh

SSL configuration for JBoss EAP 6.3 + JDK 1.8.0_92:

<subsystem xmlns=”urn:jboss:domain:web:2.1″ default-virtual-server=”default-host” native=”false”>
<connector name=”http” protocol=”HTTP/1.1″ scheme=”http” socket-binding=”http”/>
<connector name=”https” protocol=”HTTP/1.1″ scheme=”https” socket-binding=”https” secure=”true”>
<ssl certificate-key-file=”localhost.jks” key-alias=”localhost” />
</connector>
<virtual-server name=”default-host” enable-welcome-root=”true”>
<alias name=”localhost”/>
<alias name=”example.com”/>
</virtual-server>
</subsystem>

 

A few “NOT ok” from testssl.sh:
–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption not offered (OK)
Triple DES Ciphers offered (NOT ok)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA

–> Testing server preferences

Has server cipher order? nope (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
ECDHE-RSA-AES128-SHA: TLSv1, TLSv1.1
ECDHE-RSA-AES128-GCM-SHA256: TLSv1.2
No further cipher order check has been done as order is determined by the client

–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention NOT supported
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
— but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 521 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

Remediation:

1) Disable TLSv1, Triple DES
– edit $JBOSS_HOME/standalone/configuration/standalone.xml
<ssl certificate-key-file=”localhost.jks” key-alias=”localhost” protocol=”TLSv1.1,TLSv1.2″ cipher-suite=”TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA”/>
2) Disable client negotiation
– edit $JBOSS_HOME/bin/standalone.conf
JAVA_OPTS=”$JAVA_OPTS -Djdk.tls.rejectClientInitiatedRenegotiation=true”
With above, all OK except “Server cipher order”. Java 8 seems to has added the method SSLParameters.setUseCipherSuiteorder(), but not sure if JBoss has implemented this.
[root@localhost testssl]# ./testssl.sh –quiet localhost:8443

No engine or GOST support via engine with your /usr/bin/openssl

Testing now (2016-10-21 14:47) —> 127.0.0.1:8443 (localhost) <—

A record via /etc/hosts
rDNS (127.0.0.1): localhost.
Service detected: HTTP
–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption not offered (OK)
Triple DES Ciphers not offered (OK)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA

–> Testing server preferences

Has server cipher order? nope (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
ECDHE-RSA-AES128-SHA: TLSv1.1
ECDHE-RSA-AES128-GCM-SHA256: TLSv1.2
No further cipher order check has been done as order is determined by the client

–> Testing server defaults (Server Hello)

TLS server extensions renegotiation info
Session Tickets RFC 5077 (none)
Server key size 2048 bit
Signature Algorithm SHA256 with RSA
Fingerprint / Serial SHA1 EBF653C9320B5633176AC69E7F2BF6DE8DFFEBE6 / 0BACEC33
SHA256 501B7C3C139C43AFF10B1CEAD77DBDF68AC6DEB62F720EA821B4CA50794FE6D6
Common Name (CN) localhost (works w/o SNI)
subjectAltName (SAN) —
Issuer localhost (Unknown from Unknown)
EV cert (experimental) no
Certificate Expiration >= 60 days (2016-10-21 11:02 –> 2026-10-19 11:02 +0800)
# of certificates provided 1
Chain of trust (experim.) Your /usr/bin/openssl is too old, needed is version >=1.0.2
Certificate Revocation List —
OCSP URI —
OCSP stapling not offered
TLS clock skew 0 sec from localtime
–> Testing HTTP header response @ “/”

HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security —
Public Key Pinning —
Server banner Apache-Coyote/1.1
Application banner —
Cookie(s) (none issued at “/”)
Security headers —
Reverse Proxy banner —
–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention NOT supported
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 521 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
Done now (2016-10-21 14:48) —> 127.0.0.1:8443 (localhost) <—

 

References:

https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/Security_Guide/SSL_Connector_Reference1.html
https://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setUseCipherSuitesOrder-boolean-

Testing Apache Httpd SSL with testssl.sh

Default SSL configuration of apache out-of-the-box is not that secure.

From testssl.sh report, there were “NOT ok” items as below:

–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 offered (NOT ok)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption offered (NOT ok)
Triple DES Ciphers offered (NOT ok)
High grade encryption offered (OK)

–> Testing server preferences

Has server cipher order? nope (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
ECDHE-RSA-AES256-SHA: SSLv3, TLSv1, TLSv1.1
ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2
No further cipher order check has been done as order is determined by the client

–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) SSL3: ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
TLS1: ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
— but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): ECDHE-RSA-RC4-SHA RC4-SHA RC4-MD5 RC4-MD5
And there’s way too many insecure ciphers:

–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
x88 DHE-RSA-CAMELLIA256-SHA DH 1024 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
x45 DHE-RSA-CAMELLIA128-SHA DH 1024 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
x16 EDH-RSA-DES-CBC3-SHA DH 1024 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
xc011 ECDHE-RSA-RC4-SHA ECDH 256 RC4 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA
x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5

 

Remediation:

1) Disable SSLv3
– edit ssl.conf
SSLProtocol all -SSLv2 -SSLv3

You can also enable only TLS1.2 if desired
SSLProtocol +TLSv1.2

 

[root@localhost testssl]# ./testssl.sh –quiet -p localhost:443

–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

 

2) Remove insecure ciphers
– edit ssl.conf
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

 

# ./testssl.sh –quiet -e -f localhost:443

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption not offered (OK)
Triple DES Ciphers not offered (OK)
High grade encryption offered (OK)

–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

 

3) Ciphers order
– edit ssl.conf
SSLHonorCipherOrder on

 

Final report:

[root@localhost testssl]# ./testssl.sh –quiet localhost:443

No engine or GOST support via engine with your /usr/bin/openssl

Testing now (2016-10-20 09:49) —> 127.0.0.1:443 (localhost) <—

A record via /etc/hosts
rDNS (127.0.0.1): localhost.
Service detected: HTTP
–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK)
DES Ciphers not offered (OK)
Medium grade encryption not offered (OK)
Triple DES Ciphers not offered (OK)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256

–> Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH
Cipher order
TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA

–> Testing server defaults (Server Hello)

TLS server extensions renegotiation info, EC point formats, session ticket, heartbeat
Session Tickets RFC 5077 300 seconds
Server key size 1024 bit
Signature Algorithm SHA1 with RSA
Fingerprint / Serial SHA1 3D61611F09363757125AF4120367098362264B88 / 5300
SHA256 64BA84D86682F6A8DB9326822C5165C246C00E2CFF4D6259B8A7ED479E979048
Common Name (CN) localhost (CN in response to request w/o SNI: localhost)
subjectAltName (SAN) —
Issuer localhost (SomeOrganization from –)
EV cert (experimental) no
Certificate Expiration expired! (2014-08-20 10:28 –> 2015-08-20 10:28 +0800)
# of certificates provided 1
Chain of trust (experim.) Your /usr/bin/openssl is too old, needed is version >=1.0.2
Certificate Revocation List —
OCSP URI —
OCSP stapling not offered
TLS clock skew -1 sec from localtime
–> Testing HTTP header response @ “/”

HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security —
Public Key Pinning —
Server banner Apache/2.2.15 (Red Hat)
Application banner —
Cookie(s) (none issued at “/”)
Security headers —
Reverse Proxy banner —
–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Check failed: seems like TLS 1.2 is the only protocol
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Done now (2016-10-20 09:50) —> 127.0.0.1:443 (localhost) <—

 

References:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
http://security.stackexchange.com/questions/51680/optimal-web-server-ssl-cipher-suite-configuration

Testing Weblogic 11g SSL/TLS using testssl.sh

The WLS environment configuration:

WLS 10.3.6 + JDK 6 update 121

HTTPS listening on port 8002

Added to setDomainEnv.sh:

JAVA_OPTIONS=”${JAVA_OPTIONS} -Dweblogic.security.SSL.protocolVersion=ALL -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2″

Added to config.xml:
true
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA

false
false
8002 false
localhost

true

Output from testssl.sh:

[root@localhost tmp]# ./testssl.sh localhost:8002

No engine or GOST support via engine with your /usr/bin/openssl

###########################################################
testssl.sh 2.7dev from https://testssl.sh/dev/
(1.396a 2016/09/29 23:12:09)

This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using “OpenSSL 1.0.1e-fips 11 Feb 2013” [~121 ciphers] on
localhost.dummy.com:/usr/bin/openssl
(built: “May 2 06:13:20 EDT 2016”, platform: “linux-x86_64”)
Testing now (2016-10-19 15:48) —> 127.0.0.1:8002 (localhost) Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption not offered (OK)
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) not offered (OK)
Low (<=64 Bit) not offered (OK) DES Ciphers not offered (OK) Medium grade encryption not offered (OK) Triple DES Ciphers not offered (OK) High grade encryption offered (OK) –> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA

–> Testing server preferences

Has server cipher order? nope (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher DHE-RSA-AES128-SHA256, 1024 bit DH (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
DHE-RSA-AES128-SHA256: TLSv1.2
No further cipher order check has been done as order is determined by the client

–> Testing server defaults (Server Hello)

TLS server extensions renegotiation info
Session Tickets RFC 5077 (none)
Server key size 2048 bit
Signature Algorithm SHA256 with RSA
Fingerprint / Serial SHA1 46769492622E914CC82C5DBA56F11036A1309550 / 5805C3D5
SHA256 ABDA2FC2D38A93410A8B7FB31E8761743323075363D09CAC716CB69A975C0196
Common Name (CN) localhost.dummy.com (CN in response to request w/o SNI: localhost.dummy.com)
subjectAltName (SAN) —
Issuer localhost.dummy.com (Unknown from MY)
EV cert (experimental) no
Certificate Expiration >= 60 days (2016-10-18 14:40 –> 2026-10-16 14:40 +0800)
# of certificates provided 1
Chain of trust (experim.) Your /usr/bin/openssl is too old, needed is version >=1.0.2
Certificate Revocation List —
OCSP URI —
OCSP stapling not offered
TLS clock skew 0 sec from localtime
–> Testing HTTP header response @ “/”

HTTP Status Code 404 Not Found (Hint: supply a path which doesn’t give a “404 Not Found”)
HTTP clock skew 0 sec from localtime
Strict Transport Security —
Public Key Pinning —
Server banner (no “Server” line in header, interesting!)
Application banner X-Powered-By: Servlet/2.5 JSP/2.1
Cookie(s) (none issued at “/”)
Security headers —
Reverse Proxy banner —
–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK) (timed out)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Check failed: seems like TLS 1.2 is the only protocol
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
–> Testing all locally available 121 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
———————————————————————————————————————–
x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
Done now (2016-10-19 15:49) —> 127.0.0.1:8002 (localhost) <—

Summary: 

With above configuration, all OK except “Server cipher order” and “Secure Client-Initiated Renegotiation”. Tried with these flags but still client renegotiation NOT OK.

-Dsun.security.ssl.allowUnsafeRenegotiation=false -Dsun.security.ssl.allowLegacyHelloMessages=false

References:

https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)

https://testssl.sh/

http://stackoverflow.com/questions/29172833/weblogic-12c-is-there-any-flag-to-ensure-the-cipher-order-on-ssl-configuration (This seems to indicate that even WLS 12c does not has any configuration to enable cipher order)

http://www.oracle.com/technetwork/java/javase/overview/tlsreadme-141115.html