Bug 60849

Summary: Tomcat NIO Connector not able to handle SSL renegotiation handshake exception
Product: Tomcat 8 Reporter: ram <rambabu.eedala>
Component: ConnectorsAssignee: Tomcat Developers Mailing List <dev>
Status: NEW ---    
Severity: enhancement    
Priority: P2    
Version: 8.0.37   
Target Milestone: ----   
Hardware: Other   
OS: Linux   

Description ram 2017-03-13 07:10:39 UTC
SSL Renegotiation was restricted by using this -Djdk.tls.rejectClientInitiatedRenegotiation=true. As expected tomcat is throwing the exception but the exception was not handled by NIO connector. Where as with BIO connector , the exception was handled properly and a proper alert was sent to openssl client.

Steps To reproduce:

Tomcat version: 8.0.37
Oracle Java : 1.8.0.112

1) Configure tomcat server.xml with NIO connector on ssl port which was on 8443 by default and with self signed certificate.

 <Connector SSLEnabled="true" acceptCount="100" ciphers=" TLS_RSA_WITH_AES_128_CBC_SHA " clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8443" protocol="HTTP/1.1" scheme="https" sekeystoreFile="/home/.keystore" keystorePass="password" cure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>

2) Restrict SSL renegotiation by setting this flag  CATALINA_OPTS="$CATALINA_OPTS -Djdk.tls.rejectClientInitiatedRenegotiation=true" at setenv.sh file present in bin folder.

3) Enable debug mode by setting this flag in CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.debug=all" at setenv.sh present in bin folder

4) Try to renegotiate with openssl and observe the cataline.out file at logs folder.

Error Message :

%% Cached server session: [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-nio2-8443-exec-15, READ: TLSv1 Handshake, length = 224
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
*** ClientHello, TLSv1
RandomCookie:  GMT: 1358710174 bytes = { 192, 154, 132, 174, 67, 12, 146, 242, 194, 112, 62, 72, 182, 17, 144, 176, 95, 0, 228, 50, 124, 188, 160, 233, 52, 78, 195, 186 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DH_RSA_WITH_SEED_CBC_SHA, TLS_DH_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection: df:3c:e7:d4:4d:b6:87:23:28:a7:2f:61
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {secp256r1, secp521r1, unknown curve 28, unknown curve 27, secp384r1, unknown curve 26, secp256k1}
Unsupported extension type_35, data:
Unsupported extension type_15, data: 01
***
http-nio2-8443-exec-15, fatal error: 40: Client initiated renegotiation is not allowed
javax.net.ssl.SSLHandshakeException: Client initiated renegotiation is not allowed
%% Invalidated:  [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-nio-8443-exec-15, SEND TLSv1 ALERT:  fatal, description = handshake_failure
http-nio-8443-exec-15, WRITE: TLSv1 Alert, length = 32
http-nio-8443-exec-17, called closeOutbound()
http-nio-8443-exec-17, closeOutboundInternal()
http-nio-8443-exec-17, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: Client initiated renegotiation is not allowed


BIO Connector Message where ssl handshake exception was handled properly.

%% Cached server session: [Session-2, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-bio-8443-exec-1, setSoTimeout(59673) called
http-bio-8443-exec-1, READ: TLSv1 Handshake, length = 224
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
*** ClientHello, TLSv1
RandomCookie:  GMT: 1367302669 bytes = { 190, 58, 232, 25, 36, 252, 0, 164, 52, 168, 124, 230, 150, 191, 73, 250, 174, 70, 153, 199, 156, 188, 34, 138, 146, 208, 66, 242 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DH_RSA_WITH_SEED_CBC_SHA, TLS_DH_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection: 17:03:f4:e4:ee:78:fc:bd:f9:45:f5:d0
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {secp256r1, secp521r1, unknown curve 28, unknown curve 27, secp384r1, unknown curve 26, secp256k1}
Unsupported extension type_35, data:
Unsupported extension type_15, data: 01
***
%% Invalidated:  [Session-2, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-bio-8443-exec-1, SEND TLSv1 ALERT:  fatal, description = handshake_failure
http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 32
http-bio-8443-exec-1, called closeSocket()
http-bio-8443-exec-1, handling exception: javax.net.ssl.SSLHandshakeException: Client initiated renegotiation is not allowed
http-bio-8443-exec-1, called close()
http-bio-8443-exec-1, called closeInternal(true)
Comment 1 Remy Maucherat 2017-03-13 09:07:29 UTC
I would say these configuration options and questionable behaviors are less likely to be handled in any way when using the SSL engine.