0003593: JSSE ciphers restriction not work? - Mantis

Mantis Bugtracker

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

ID

Category

Severity

Reproducibility

Date Submitted

Last Update

0003593

[Resin]

major

always

07-08-09 00:35

08-12-09 15:56

Reporter

vbavin

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Status

closed

Product Version

4.0.0

Summary

0003593: JSSE ciphers restriction not work?

Description

I'm currently using JSSE vs. OpenSSL for my SSL configuration.
I now need to restrict the ciphers so use of the weaker ciphers are not
allowed; for instance, anything < 128-bit or DH because Opera 9 browser security and RSA 2048 (i see this not fixed in Sun JRE 1.6x) .
See similar http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6330287 [^] and
http://forums.sun.com/thread.jspa?threadID=5172531 [^] for example.
My configuration sample
    <server-default>
..
      <http address="*" port="8443">
        <jsse-ssl>
            <key-store-type>JKS</key-store-type>
            <key-store-file>...</key-store-file>
            <password>...</password>
            <key-manager-factory>SunX509</key-manager-factory>
            <ssl-context>SSL</ssl-context>
        <cipher-suites>TLS_RSA_WITH_AES_128_CBC_SHA</cipher-suites>
    </jsse-ssl>
      </http>
...
<server-default>

I use THCSSLCheck too for restriction results monitoring.

Additional Information

Relationships

Notes
(0004118) ferg 08-12-09 15:56	server/0602

Issue History
Date Modified	Username	Field	Change
07-08-09 00:35	vbavin	New Issue
07-08-09 00:36	vbavin	Issue Monitored: vbavin
08-12-09 15:56	ferg	Note Added: 0004118
08-12-09 15:56	ferg	Assigned To	=> ferg
08-12-09 15:56	ferg	Status	new => closed
08-12-09 15:56	ferg	Resolution	open => fixed
08-12-09 15:56	ferg	Fixed in Version	=> 4.0.2

Mantis 1.0.0rc3[^]

Copyright © 2000 - 2005 Mantis Group

30 total queries executed.
26 unique queries executed.