CVE-2026-29129 Overview
A cryptographic configuration vulnerability has been identified in Apache Tomcat where the configured cipher preference order is not preserved during TLS/SSL handshake operations. This flaw can undermine the security posture of Tomcat deployments by allowing weaker cipher suites to be negotiated even when administrators have explicitly configured stronger ciphers to take precedence.
Critical Impact
Administrators who have carefully configured cipher suite ordering to prioritize stronger encryption algorithms may find their security configurations ineffective, potentially exposing encrypted communications to downgrade attacks or weakened encryption.
Affected Products
- Apache Tomcat 11.0.16 through 11.0.18
- Apache Tomcat 10.1.51 through 10.1.52
- Apache Tomcat 9.0.114 through 9.0.115
Discovery Timeline
- 2026-04-09 - CVE CVE-2026-29129 published to NVD
- 2026-04-09 - Last updated in NVD database
Technical Details for CVE-2026-29129
Vulnerability Analysis
This vulnerability affects the TLS/SSL connector configuration in Apache Tomcat. When administrators configure a specific cipher preference order in the server configuration (typically in server.xml), the intent is to ensure that stronger, more secure cipher suites are negotiated first during the TLS handshake. However, due to this flaw, Tomcat fails to honor the configured ordering, potentially resulting in weaker cipher suites being selected.
The cipher suite ordering is a critical security control that allows administrators to deprecate weak ciphers while maintaining backward compatibility. When this ordering is not respected, the security benefits of careful cipher configuration are negated, and the actual cipher selected during negotiation may depend on client preferences or other factors outside administrator control.
Root Cause
The root cause stems from improper handling of the cipher suite configuration within Tomcat's SSL/TLS connector implementation. The configured ciphers attribute and associated ordering preferences are not being correctly applied when establishing secure connections, causing the server to deviate from the administrator-defined cipher preference policy.
Attack Vector
An attacker could potentially exploit this vulnerability by forcing a downgrade attack during the TLS handshake process. By presenting a client hello message that advertises support for multiple cipher suites (including weaker ones), an attacker may be able to negotiate a less secure cipher than the administrator intended. This could facilitate subsequent cryptographic attacks against the weakened encryption, including:
- Potential exposure to known weaknesses in deprecated cipher suites
- Increased susceptibility to protocol downgrade attacks
- Reduced protection for sensitive data in transit
The vulnerability requires network access to the affected Tomcat server and the ability to initiate TLS connections.
Detection Methods for CVE-2026-29129
Indicators of Compromise
- TLS connections using weaker cipher suites than expected based on server configuration
- Unexpected cipher suite negotiation results in SSL/TLS debug logs
- Discrepancies between configured cipher order and actual negotiated ciphers
Detection Strategies
- Enable SSL/TLS debug logging and compare negotiated ciphers against expected configuration
- Use tools like openssl s_client or nmap --script ssl-enum-ciphers to enumerate accepted cipher suites
- Implement network monitoring to detect TLS connections using deprecated or weak cipher suites
- Review Tomcat access logs and connector logs for cipher negotiation anomalies
Monitoring Recommendations
- Deploy network-based TLS inspection to monitor cipher suite usage across connections
- Implement alerting for connections negotiated with cipher suites outside the approved list
- Schedule periodic cipher suite audits using automated scanning tools
- Monitor the Apache Mailing List Thread for updates and additional guidance
How to Mitigate CVE-2026-29129
Immediate Actions Required
- Upgrade Apache Tomcat to version 11.0.20, 10.1.53, or 9.0.116 respectively, which fix the issue
- Audit current TLS/SSL configurations to understand the intended cipher preferences
- Test cipher negotiation behavior after applying patches to verify correct ordering
- Consider implementing additional network-layer controls to enforce cipher requirements
Patch Information
Apache has released patched versions that address this cipher preference ordering vulnerability:
| Affected Version Range | Fixed Version |
|---|---|
| 11.0.16 - 11.0.18 | 11.0.20 |
| 10.1.51 - 10.1.52 | 10.1.53 |
| 9.0.114 - 9.0.115 | 9.0.116 |
Refer to the Apache Mailing List Thread for the official security announcement and download links.
Workarounds
- Temporarily disable weaker cipher suites entirely rather than relying on preference ordering
- Implement a reverse proxy or load balancer that enforces cipher preferences before traffic reaches Tomcat
- Use firewall rules or WAF configurations to block connections attempting weak cipher negotiation
- Monitor and log all TLS connections to identify potential exploitation attempts
# Example: Restrict cipher suites in server.xml Connector configuration
# Remove weak ciphers entirely until patch can be applied
# In server.xml, update the Connector element:
# ciphers="TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256"
# sslEnabledProtocols="TLSv1.3,TLSv1.2"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
