| Anonymous | Login | Signup for a new account | 12-17-2024 10:56 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0005682 | [Resin] | minor | always | 03-10-14 09:37 | 09-10-14 16:03 | ||||
| Reporter | alex | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 4.0.41 | Product Version | 4.0.38 | ||||
| Product Build | |||||||||
| Summary | 0005682: unknown protocol value '-all +tlsv1.1' | ||||||||
| Description |
rep by: Sarah Gillespie com.caucho.vfs.OpenSSLFactory.setProtocol(): unknown protocol value '-all +tlsv1.1' I've tried tlsv1.1, tlsv1_1 and tlsv11, it seems that resin needs to explicitly allow the protocols, which would be tlsv1.1 and tlsv1.2. In addition, and on a related subject, it would be really nice if resin supported the elliptical curve tlsv1.2 ciphers with your RPMs, I believe it would just require rebuilding your RPMs on a recent version of centos/redhat which have only had support for the elliptical curve ciphers since October: https://bugzilla.redhat.com/show_bug.cgi?id=319901 [^] This has been in centos/rhel since 6.5 (released December). Right now we have an openssl which supports ECDH and ECDHE: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 And a cipher string that supports this: AES128-SHA256:AES256 SHA256:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:AES128-GCM-SHA256:AES256-GCM-SHA384:!3DES:!KRB5:!MD5:!EXP:!PSK:!SRP:!DSS:!eNULL:!aNULL But the server is only using the non-elliptical curve key exchange mechanisms: Preferred Cipher Suite: AES128-SHA256 128 bits HTTP 200 OK Accepted Cipher Suite(s): AES256-SHA256 256 bits HTTP 200 OK AES256-GCM-SHA384 256 bits HTTP 200 OK AES128-SHA256 128 bits HTTP 200 OK AES128-GCM-SHA256 128 bits HTTP 200 OK |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0006507) ferg 09-10-14 16:03 |
network/040c |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 03-10-14 09:37 | alex | New Issue | |
| 09-10-14 16:03 | ferg | Note Added: 0006507 | |
| 09-10-14 16:03 | ferg | Assigned To | => ferg |
| 09-10-14 16:03 | ferg | Status | new => closed |
| 09-10-14 16:03 | ferg | Resolution | open => fixed |
| 09-10-14 16:03 | ferg | Fixed in Version | => 4.0.41 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed. 26 unique queries executed. |  |
