Diffie-Hellman public key error with Tomcat 7

Question

I successfully set up two Ubuntu machines with Tomcat and SSL certificates. I followed exactly the same procedure with Centos 6, but I'm getting this when I'm trying to connect to the Server (using Opera):

Server has a weak, ephemeral Diffie-Hellman public key

The connector is the following, and there are no errors in catalina.log:

<Connector port="some port number"  
           protocol="org.apache.coyote.http11.Http11Protocol" 
           SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="path to jks"
           keystoreType="JKS"
           keystorePass="mypass1"
           keyPass="mypass2"  /> 

With Firefox, I get the untrusted communication error.

Answer 1

For me it worked after adding a list of allowed ciphers to the Tomcat configuration in conf/server.xml to disable the weak Diffie-Hellman ciphers:

    <Connector
        ...
        ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
        ...

Answer 2

This is due to the fact that new browser versions have started to either issue warning/errors when accessing web sites which are configured with weak DH ciphers for SSL. For more information about issue follow below links

https://weakdh.org

logjam issue

To fix this either you can find a way around this at browser side or server side. Servers side is the best as it will fix the issue for all users , if they are accessing server from different browsers/locations.

Fix the issue we have to make sure our server (in this case tomcat) use strong ciphers for SSL.

In tomcat, there are two different implementations of SSL. Defautl is JSSE implementation provided as part of the Java runtime. Other being APR implementation, which uses the OpenSSL engine by default.

JSSE since it's dependent on the Java runtime, we have to first find out which Java version we are using with tomcat. Tomcat 7 supports java 1.6 upwards. Then we have to find the respective cipher suites supported by relevant java version of JSSE. Weak ones are which which has 'DHE', so pick ones which does not contain 'DHE'. Few of stronger suites for java 1.6 JSSE is listed below.

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_NULL_SHA
TLS_ECDH_RSA_WITH_NULL_SHA
TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDHE_RSA_WITH_NULL_SHA
...

Compile a list of strong cipher suits and add it to the connector ciphers in conf/server.xml in your tomcat

<Connector
...
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA"
...
/>

Restart the server and error/warning should go away. Remember if Java version is different copy/pasting above might not work. So refer to correct version and supported cipher suites.

Note: To be able to use the 256 bit AES Ciphers, it is necessary to install the JCE Unlimited Strength Jurisdiction Policy Files

If Tomcat is configured to use APR instead of JSSE, above configuration will not work. You can enable strong cipher suites by following tomcat ssl configuration guide for APR and logjam admin guide .

Answer 3

Add this into the server.xml file and restart the server

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       keystoreFile="keystorePath"
       keystorePass="keystorepass"
       ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
       clientAuth="false" sslProtocol="TLS"/>

Try to browse with https://localhost:8443

Answer 4

It works with Google Chrome ver.44 and Thanks to Jason Scroggins for suggesting:

1. In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
2. In the search box above the list, type or paste dhe and pause while the list is filtered.
3. Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher).
4. Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher).