| Anonymous | Login | Signup for a new account | 04-25-2024 21:44 PDT |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0006051 | [Resin] | major | always | 04-25-17 05:20 | 04-25-17 13:42 | ||||
| Reporter | VasumathiN | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 4.0.52 | Product Version | 4.0.49 | ||||
| Product Build | |||||||||
| Summary | 0006051: Diffie-Hellman group vulnerability | ||||||||
| Description |
We are using Resin 4.0.49. How to resolve the below given vulnerability in resin server 1)Diffie-Hellman group smaller than 2048 bits 2)Diffie-Hellman group smaller than 1024 bits |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0006749) stbu 04-25-17 12:10 |
I'm not a Caucho employee, but a 14+ Years Resin user. I would recommend you these three system-properties in your resin.xml within the <cluster>: <cluster id="app"> ... <!-- Java 8 JSSE Settings --> <system-property jdk.tls.ephemeralDHKeySize="2048"/> <system-property jdk.tls.rejectClientInitiatedRenegotiation="true"/> <system-property sun.security.ssl.allowUnsafeRenegotiation="false"/> <system-property sun.security.ssl.allowLegacyHelloMessages="false"/> All of these four system properties are related to increase your JSSE SSL/TLS Setup. I'll also reply on the bug 0006052 - you might want to test your setup afterwards with https://www.ssllabs.com/ssltest/analyze.html [^] Our Setup, using Java 8 and JSSE, receives a grade A. |
|
(0006751) stbu 04-25-17 12:16 |
BTW: You might need to apply the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" Obtainable from: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html [^] |
|
(0006752) ferg 04-25-17 13:42 |
Updated default properties at runtime. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 04-25-17 05:20 | VasumathiN | New Issue | |
| 04-25-17 12:10 | stbu | Note Added: 0006749 | |
| 04-25-17 12:16 | stbu | Note Added: 0006751 | |
| 04-25-17 13:42 | ferg | Note Added: 0006752 | |
| 04-25-17 13:42 | ferg | Assigned To | => ferg |
| 04-25-17 13:42 | ferg | Status | new => closed |
| 04-25-17 13:42 | ferg | Resolution | open => fixed |
| 04-25-17 13:42 | ferg | Fixed in Version | => 4.0.52 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
35 total queries executed. 30 unique queries executed. |  |
