cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nachiket Patil (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-13325) Bring back the accepted encryption protocols list as configurable option
Date Tue, 14 Mar 2017 18:51:41 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-13325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924790#comment-15924790
] 

Nachiket Patil commented on CASSANDRA-13325:
--------------------------------------------

References Inline:
Yes, I was talking about downgrade attacks. [SSLv3 vulnerability|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566]
which is taken care of in java8. But [TLSv1 vulnerability|https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8730]
which has no solution yet.

Many security communities including [PCI council|https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf]
and [NIST|https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations]
guidelines recommend minimum TLS v1.1.

There is a way to set protocol in Cassandra yaml `server_encryption_options` and `client_encryption_options`
but by definition, it is a preferred protocol not restricting protocol (may support other
versions).
https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#getInstance(java.lang.String)
https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext

To restrict TLS protocols to we need to set `jdk.tls.client.protocols` which is not JVM property
it is a JDK setting in `<JRE_HOME>/lib/security/java.security`. Overriding jdk security
settings is also considered a vulnerability.

> Bring back the accepted encryption protocols list as configurable option
> ------------------------------------------------------------------------
>
>                 Key: CASSANDRA-13325
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13325
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Configuration
>            Reporter: Nachiket Patil
>            Priority: Minor
>
> With CASSANDRA-10508, the hard coded list of accepted encryption protocols was eliminated.
For some use cases, it is necessary to restrict the encryption protocols used for communication
between client and server. Default JVM way of negotiations allows the best encryption protocol
that client can use. 
> e.g. I have set Cassandra to use encryption. Ideally client and server negotiate to use
best protocol (TLSv1.2). But a malicious client might force TLSv1.0 which is susceptible to
POODLE attacks.
> At the moment only way to restrict the encryption protocol is using the {{jdk.tls.client.protocols}}
systems property. If I dont have enough access to modify this property, I dont have any way
of restricting the encryption protocols.
> I am proposing bring back the accepted_protocols property but make it configurable. If
not specified, let the JVM take care of the TLS negotiations.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message