0002360: jsse cipher-suites

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0002360

[Resin]

minor

always

01-23-08 10:58

03-05-08 17:33

Reporter

ferg

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

3.1.6

Product Version

3.1.4

Product Build

Summary

0002360: jsse cipher-suites

Description

(rep by Jay Ballinger)

I'm currently using JSSE vs. OpenSSL for my SSL configuration. I now
need to restrict the ciphers so use of the weaker ciphers are not
allowed; for instance, anything < 128-bit.

The JSSE documentation says that the following system property can be
used to set the enabled ciphers, assuming that they are supported.
Setting this property seems to have no impact on the ciphers being used
by Resin, however.

<system-property
https.cipherSuites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"/>

Does anyone have a solution to this problem?

Steps To Reproduce

Additional Information

Attached Files

Relationships

Notes
(0002826) ferg 03-05-08 17:33	server/0621

Issue History
Date Modified	Username	Field	Change
01-23-08 10:58	ferg	New Issue
01-23-08 12:12	stbu	Issue Monitored: stbu
03-05-08 17:33	ferg	Note Added: 0002826
03-05-08 17:33	ferg	Assigned To	=> ferg
03-05-08 17:33	ferg	Status	new => closed
03-05-08 17:33	ferg	Resolution	open => fixed
03-05-08 17:33	ferg	Fixed in Version	=> 3.1.6
03-05-08 17:33	ferg	Description Updated
03-14-08 15:31	planetpratt	Issue Monitored: planetpratt
05-07-09 16:20	jay	Issue Monitored: jay
07-24-09 12:38	Dan-H	Issue Monitored: Dan-H

Mantis 1.0.0rc3[^]

37 total queries executed.
29 unique queries executed.