Menu
For the vulnerabilty see https://freakattack.com/.
Mozilla wiki has a page with recommendations for ciphersuites: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
How would I apply those or similar recommendations in the Java context (SSLContext, provider configuration, Tomcat connectors etc.)?
900
The FREAK vulnerability refers to a weakness in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols caused by the use of 'export-grade' encryption. The name stands for 'Factoring RSA Export Keys. '
disabledAlgorithms and jdk. tls. disabledAlgorithm security properties to disable algorithms during TLS protocol negotiation, including version negotiation, cipher suites selection, peer authentication, and key exchange mechanisms.
The FREAK attack is a SSL/TLS vulnerability that allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use 'export-grade' cryptography, which can then be decrypted or altered.
The FREAK attack is possible because some servers, browsers, and other SSL implementations still support and use the weaker export-grade cryptographic suites, which lets a MITM force these clients to use export-grade keys even if they didn't ask for export-grade encryption.
From Java 7 onwards cipher suites can be excluded from use via a security policy file called java.security that’s located under Java Runtime Environment in the /lib/security directory.
The policy file defines the jdk.tls.disabledAlgorithms property to control TLS cipher selection. There is also a complementary property jdk.certpath.disabledAlgorithms to control algorithms encountered in SSL certificates. You can find the documentation for this property on the Oracle website: JSSE Reference Guide
By default, as of Java 7 the following policy applies: jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 This means: no MD5, no SHA1, no DSA. RSA is allowed only if the key is at least 2048 bits long. You can use this property to further tailor a site deployment to specific needs. All the cipher suites enabled by default in Java are found here under section Ciphers (unless the default SunJSSE crypto provider has been explicitly overridden and is not used).
As you can see all EXPORT cipher suites are disabled by default, so there is no need to configure something for the FREAK attack.
Edit because of above comment of Houtman on question:
About POODLE: You have to think about this both in java 7 and 8. Because the SSLv3 protocol has only been disabled by default from JDK 8u31 (see section Protocols here).
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
