How Java 7 and 8 Handle DHE Keys Differently, and Resolving Errors

Under Java 7 versus 8, Firefox v39.0 + and Chrome v45.0 + may generate an error if "weak" DHE public keys are used for SSL communication in WSO2 products.

To resolve this issue, you have three options:

1.  You need to disable the DHE cipher which is used.

Configure the following cipher suite, which can then be used for SSL communication in CARBON_HOME/repository/conf/tomcat/catalina-server.xml. This cipher parameter must be configured inside the TLS connector element.

ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"

To achieve “Perfect Forward Secrecy,” we usually need DHE; therefore, removing the DHE ciphers is not a good option.

2.  Use a 1024-bit (or larger) Diffie-Hellman group for the DHE_RSA SSL cipher suites.

You need to use JAVA 8.0 for this. The following parameter in JAVA 8.0 can be used to customize the key size to some larger value.

-Djdk.tls.ephemeralDHKeySize=2048

JAVA 7.0 does not support 1024-bit key size and you can not have the above parameter to configure a larger key size (in latest public releases of JAVA 7.0)

Currently, WSO2 products can not be run using JAVA 8.0; but, future releases of WSO2 will be able to run using JAVA 8.0, and you can then use the DHE ciphers with a larger key size.

3.  Enable ECDHE
We can enable only the ECDHE cipher in WSO2 servers without using the DHE ciphers. Then, we are safe from both “Weak Cipher”and “Perfect Forward Secrecy” attacks.

So, you can add the following cipher suite which can be used for SSL communication in the CARBON_HOME/repository/conf/tomcat/catalina-server.xml. This cipher's parameter must be configured inside the TLS connector element.

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"