Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006051 [Resin] major always 04-25-17 05:20 04-25-17 13:42
Reporter VasumathiN View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.49
Summary 0006051: Diffie-Hellman group vulnerability
Description We are using Resin 4.0.49. How to resolve the below given vulnerability in resin server
1)Diffie-Hellman group smaller than 2048 bits
2)Diffie-Hellman group smaller than 1024 bits
Additional Information
Attached Files

- Relationships

- Notes
(0006749)
stbu
04-25-17 12:10

I'm not a Caucho employee, but a 14+ Years Resin user. I would recommend you these three system-properties in your resin.xml within the <cluster>:

  <cluster id="app">
...
    <!-- Java 8 JSSE Settings -->
    <system-property jdk.tls.ephemeralDHKeySize="2048"/>
    <system-property jdk.tls.rejectClientInitiatedRenegotiation="true"/>
    <system-property sun.security.ssl.allowUnsafeRenegotiation="false"/>
    <system-property sun.security.ssl.allowLegacyHelloMessages="false"/>


All of these four system properties are related to increase your JSSE SSL/TLS Setup.
I'll also reply on the bug 0006052 - you might want to test your setup afterwards with https://www.ssllabs.com/ssltest/analyze.html [^]
Our Setup, using Java 8 and JSSE, receives a grade A.
 
(0006751)
stbu
04-25-17 12:16

BTW: You might need to apply the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files"

Obtainable from:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html [^]
 
(0006752)
ferg
04-25-17 13:42

Updated default properties at runtime.
 

- Issue History
Date Modified Username Field Change
04-25-17 05:20 VasumathiN New Issue
04-25-17 12:10 stbu Note Added: 0006749
04-25-17 12:16 stbu Note Added: 0006751
04-25-17 13:42 ferg Note Added: 0006752
04-25-17 13:42 ferg Assigned To  => ferg
04-25-17 13:42 ferg Status new => closed
04-25-17 13:42 ferg Resolution open => fixed
04-25-17 13:42 ferg Fixed in Version  => 4.0.52


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
35 total queries executed.
30 unique queries executed.
Powered by Mantis Bugtracker