Updating Fuse to have TLS v1.3

Question

I am new to JBoss Fuse server. The Fuse server version we are using is 7.2. According to undertow.xml file in ${karaf.home}/etc location, we currently support TLSv1, TLSv1.1 and TLSv1.2. Requirement is to add the later versions as well (TLSv1.3 in this instance). I want to check the prerequisites and the feasibility aspects for the same.

Also, I could not determine if Fuse 7.2 could support TLSv1.3 or not.

We are using Java 8.

Any information/direction which can lead me that way is highly appreciated.

Answer 1

You can check the security guide at this location.

First you have to enable secure listener. You do it in two files:

etc/org.ops4j.pax.web.cfg, where you need two new properties (according to OSGi CMPN Http Service specification):

org.osgi.service.http.port.secure = 8443
org.osgi.service.http.secure.enabled = true

you of course need a keystore/truststore (could be the same or separate). Copy it for example to etc/server.keystore.

Finally you need changes in etc/undertow.xml.

1. Uncomment https-listener:

<https-listener name="https" socket-binding="https"
    security-realm="https" verify-client="NOT_REQUESTED" />

2. Ensure correct location/credential for the keystore:

<w:keystore path="${karaf.etc}/server.keystore" provider="JKS" alias="server"
    keystore-password="secret" key-password="secret"

3. Ensure correct location/credential for the truststore (could be the same file):

<w:truststore path="${karaf.etc}/server.truststore" provider="JKS"
    keystore-password="secret" />

4. Ensure that secure interface is uncommented:

<interface name="secure">
    <w:inet-address value="0.0.0.0" />
</interface>

5. Uncomment secure socket binding:

<socket-binding name="https" interface="secure"
    port="${org.osgi.service.http.port.secure}" />

Now when you restart Fuse 7.2 you'll have secure listener at port 8443.

However there's one more thing. Undertow TLS engine configuration is (by default):

<w:engine
    enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />

However TLS_ECDHE_* suites are strong for TLS 1.2 and not necessarily supported (in combination) by some clients (browsers). You can already connect to such Fuse instance using for example:

$ openssl s_client -connect 127.0.0.1:8443 -debug -tls1_2 -ciphersuites TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
CONNECTED(00000003)
...
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1691 bytes and written 386 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
...

You can't now use TLS 1.3:

$ openssl s_client -connect 127.0.0.1:8443 -tls1_3 -debug
CONNECTED(00000003)
write to 0x562ac4785740 [0x562ac479cb90] (215 bytes => 215 (0xD7))
0000 - 16 03 01 00 d2 01 00 00-ce 03 03 12 4c a3 cb de   ............L...
0010 - 46 95 45 07 5b 86 05 d0-69 20 3c e2 70 9f 0f 99   F.E.[...i <.p...
...
New, (NONE), Cipher is (NONE)
...

First you have to change enabled protocols in the engine (etc/undertow.xml):

enabled-protocols="TLSv1.3"

but if you add (to etc/system.properties):

javax.net.debug=all

you'll see something like:

javax.net.ssl|FINE|6F|XNIO-4 I/O-8|2021-03-17 07:46:46.011 CET|Logger.java:765|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS13
javax.net.ssl|FINE|6F|XNIO-4 I/O-8|2021-03-17 07:46:46.011 CET|Logger.java:765|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS13

So looks like the remaining thing is to find proper cipher suites for TLS 1.3. One of such suites is TLS_AES_256_GCM_SHA384, so if you use:

enabled-cipher-suites="TLS_AES_256_GCM_SHA384"

you'll successfully connect - both using browser and openssl:

$ openssl s_client -connect 127.0.0.1:8443 -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384
CONNECTED(00000003)
...
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1906 bytes and written 640 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
...
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
...

And just one more thing. You have to use JDK 8 that supports TLS 1.3, which is:

• at least Oracle JDK 1.8.0_261
• at least OpenJDK 8u272