Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Error no Cypher Overlap

Athman Boukhaoua May 18, 2020

I'm trying to upgrade our Confluence install from 6.6 to 7.4. This generally works, and the HTTP site starts without any issue, but after the upgrade we can't connect to Confluence over HTTPS anymore. If we try, we get an SSL cypher error. In Firefox that is SSL_ERROR_NO_CYPHER_OVERLAP, but Chrome and IE11 display similar errors about not allowing the connection because of insufficient SSL settings.

If I query the HTTPS server with nmap I get the following list of offered cyphers:

| ssl-enum-ciphers:

| TLSv1.2:

| ciphers:

| TLS_DHE_DSS_WITH_AES_128_CBC_SHA (dh 1024) - A

| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (dh 1024) - A

| TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (dh 1024) - A

| TLS_DHE_DSS_WITH_AES_256_CBC_SHA (dh 1024) - A

| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (dh 1024) - A

| TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (dh 1024) - A

| compressors:

| NULL

| cipher preference: client

| warnings:

| Key exchange (dh 1024) of lower strength than certificate key

|_ least strength: A

 

Which really seems woefully inadequate. If I query one of our IIS Webservers that is using the same certificate I get a lot more results including modern cyphers like:

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A

| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A

 

I have tried a few solutions that come up when searching for this issue, such as converting the keystore between PKCS12 and JKS, adding a "ciphers" parameter to the HTTPS connector and adding a keystoreType parameter to the connector. But none of them help.

1 answer

0 votes
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 18, 2020

@Athman Boukhaoua 

 

Hi Peter

welcome to the Atlassian community.

So i would assume you are reusing the cert that you had in place for confluence 6.6. - right?

Could you by chance share your ssl config.

 

https://confluence.atlassian.com/kb/security-tools-report-the-default-ssl-ciphers-are-too-weak-755140945.html?_ga=2.64455471.1662637765.1589745316-2005217296.1589745316  has some information around the ciphers, might be helpful

 

Cheers

Kurt

Athman Boukhaoua May 19, 2020

Yes, we use the same cert that we used for Confluence 6.6.0. My SSL connector currently is this:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="a" keystoreFile="C:\ProgramData\jkskeystore" useCipherSuitesOrder="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
TLS_SRP_SHA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
TLS_SRP_SHA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" />

I have since restored 6.6.0 to a different server and have checked the offered cyphers with nmap and additionally to the six I get with 7.4.0 I get these three too:

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

When I check the connection settings in Firefox I see that it chooses the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cypher on Confluence 6.6.0

I have tried adding the "ciphers" value in the linked article but that didn't change anything.

I'm currently trying another install with Confluence 6.15.10 to see if that works better and if it's an issue with version 7 in general.

Athman Boukhaoua May 19, 2020

Ok, 6.15.10 has the same issue.

Athman Boukhaoua May 19, 2020

I checked some more versions. In 6.6.17 this still works. Ironically, it exposes even more cyphers than 6.6.0

|   TLSv1.2:

|     ciphers:

|       TLS_DHE_DSS_WITH_AES_128_CBC_SHA (dh 1024) - A

|       TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (dh 1024) - A

|       TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (dh 1024) - A

|       TLS_DHE_DSS_WITH_AES_256_CBC_SHA (dh 1024) - A

|       TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (dh 1024) - A

|       TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (dh 1024) - A

|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A

|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A

|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A

|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A

|      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A

|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

 

But in 6.13.0 it doesn't work anymore, then I only get the six insecure cyphers.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events