Overview
This article provides instructions on how to configure Cassandra nodes to prevent client side renegotiation.
Applies to
- Java 8
- Java 11
Background
To avoid potential TLS Renegotiation Denial-of-Service attacks, client initiated TLS renegotiation can be disabled on each node in the cluster.
Steps
- In the jvm.options* file on each node, add the following line
-Djdk.tls.rejectClientInitiatedRenegotiation=true
- Perform a rolling restart of the cluster
* In DSE 6.8+, or Cassandra 4.0+, please use the appropriate version of the jvm.options file, i.e. jvm-server.options, jvm8-server.options, jvm11-server.options, etc...
Verification
Use the openssl s_client
command to test renegotiation. Once connected, simply enter R + Enter
For example below is a successful renegotiation initiated by the client:
$ openssl s_client -connect $(hostname -i):9042 -tls1_2
CONNECTED(00000003)
depth=2 C = US, ST = CA, O = DataStax, OU = Support, CN = rootCA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
i:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
1 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
2 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGdDCCBFygAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwTzELMAkGA1UEBhMCVVMx
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
issuer=/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5233 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5F04BC1701AAE3ABEE65B60B8E38BCE292E1062AAF8CEB002029E8E9C1A8EE21
Session-ID-ctx:
Master-Key: 7CF219CB440861C9873CD070DCE662213B95B2AE351FF327C0669EBCB0E7146AF2B62CD3FA568A1B497D4E3DFFF58FB5
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1594145815
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
R
RENEGOTIATING
depth=2 C = US, ST = CA, O = DataStax, OU = Support, CN = rootCA
verify error:num=19:self signed certificate in certificate chain
After adding -Djdk.tls.rejectClientInitiatedRenegotiation=true
and restarting the node, the renogatition will fail:
$ openssl s_client -connect $(hostname -i):9042 -tls1_2
CONNECTED(00000003)
depth=2 C = US, ST = CA, O = DataStax, OU = Support, CN = rootCA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
i:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
1 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
2 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGdDCCBFygAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwTzELMAkGA1UEBhMCVVMx
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
issuer=/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5233 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5F04BC1701AAE3ABEE65B60B8E38BCE292E1062AAF8CEB002029E8E9C1A8EE21
Session-ID-ctx:
Master-Key: 7CF219CB440861C9873CD070DCE662213B95B2AE351FF327C0669EBCB0E7146AF2B62CD3FA568A1B497D4E3DFFF58FB5
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1594145815
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
R
RENEGOTIATING
140341621048984:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40
140341621048984:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
Please be aware that s_client
's output reporting Secure Renegotiation IS supported
, should not be relied on for confirmation of whether or not client initiated TLS renegotiation is enabled, because that is reporting if s_client
itself supports renegotiation.
See also
External doc - JDK-8073643
External doc - Tips for Securing SSL Renegotation