DHE-* ciphers are not correctly recognized by server even though its relevant JSSE cipher (see mapping in [2]) is supported by used JRE/JDK. According to [1] EDH and DHE CIPHER_STRINGS are aliases for the same ciphers, nevertheless CIPHER_SUITE_NAMES according to [2] are always using the DHE in their names. In JBossWeb there is used EDH instead of the DHE. For example SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA should be used with openssl cipher suite name DHE-DSS-DES-CBC3-SHA, but is used with EDH-DSS-DES-CBC3-SHA which doesn't correspond to [2] [1] https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS [2] https://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
Created attachment 920943 [details] Proposed patch
I think r2509 in web rebases on the Tomcat code should fix this one too.
No it doesn't I have just checked the code and the issue is still valid. (see Cipher 13 and Cipher 16 in https://source.jboss.org/changelog/JBossWeb?cs=2509)
I am not convinced, but 11, 12, 13, 14, 15, 16 all look in the same situation to me.
Yes, you are right, for them it is the same, see https://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
Ok, so it's consistent, which is better. But it is possible the docs is wrong, the Tomcat tests have less failures with the code as is (the said test needs OpenSSL 1.0.1i, while I have 1.0.1e), rather than after the "fix". It needs to be reviewed again ;)
Note that when trying openssl ciphers it knows those ciphers as EDH ciphers, which is different than what they have in documentation. As you are saying this can be also bug in their documentation or in openssl code. Currently our documentation claims that we support openssl syntax as is described in their documentation, with few exceptions, see https://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Administration_and_Configuration_Guide/index.html#SSL_Connector_Reference1 PS: I have also OpenSSL 1.0.1e
I don't plan to do anything right now, since I don't know what will happen.
From my opinion the safest solution would be to allow also aliases for the openssl cipher names as in these case EDH and DHE are in openssl aliases for the same group of ciphers.
From openssl code : /* XXX * Inconsistency alert: * The OpenSSL names of ciphers with ephemeral DH here include the string * "DHE", while elsewhere it has always been "EDH". * (The alias for the list of all such ciphers also is "EDH".) * The specifications speak of "EDH"; maybe we should allow both forms * for everything. */
Interesting. I can try to commit upstream a set of aliases and see if there are complaints.