usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1069 manual mode Select the listing that points to Java 8 OpenJDK, in my screenshot it is option 2. Switch your server to use your new OpenJDK 8 install. Sudo apt-get install openjdk-8-jre-headless sudo add-apt-repository ppa:openjdk-r/ppa Though this process will not delete existing Java installs so you can always revert back to your original install and configuration. On some setups using 3rd party PPAs could be considered a security risk so use your own discretion. I will be using a 3rd party ppa to install OpenJDK. This guide is targeted towards Ubuntu 14.04 LTS but should work for other distributions. Where you’ll learn how to add a SSLCipherSuite directive into your VirtualHost configuration to harden HTTPS. Users of Apache HTTP Reverse-Proxy configurations should skip to the end of this article titled Apache HTTP Reverse-Proxy users. But if you are not able to update Java you can still use this guide as it will improve your site’s HTTPS security. Upgrading to a recent release of OpenJDK 8 will remove these vulnerabilities. Such as the well publicised POODLE attack and the unauthenticated Diffie-Hellman man-in-the-middle key exchange attack. With this guide we can hopefully boost a F or even a B grade up to an A grade rating.Īlarmingly most default Tomcat over Java 7 HTTPS configurations usually receive an F grade due to some well known vulnerabilities that they permit. You can test your own site’s HTTPS implementation against these weaknesses at Qualys SSL Lab SSL Server Test.
As unfortunately the default configuration of Ubuntu 14.04 LTS using Tomcat 7 and OpenJDK 7 are vulnerable to a number of attacks and weak encryptions. In this guide I will walk through the process of hardening HTTPS connectors used by Apache Tomcat.
0 kommentar(er)
