Mantis - Resin
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
3431 | minor | always | 04-02-09 06:35 | 08-12-09 18:31 | |
|
|||||
Reporter: | vbavin | Platform: | |||
Assigned To: | ferg | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | 3.1.8 | ||
Product Build: | Resolution: | fixed | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | 4.0.2 | ||
|
|||||
Summary: | 0003431: reopen?: 0002360: jsse cipher-suites | ||||
Description: |
I'm currently using JSSE vs. OpenSSL for my SSL configuration. I now need to restrict the ciphers so use of the weaker ciphers are not allowed; for instance, anything < 128-bit. The JSSE documentation says that the following system property can be used to set the enabled ciphers, assuming that they are supported. Setting this property seems to have no impact on the ciphers being used by Resin, however. <system-property https.cipherSuites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"/> and jsse-ssl/cipher-suites TLS_RSA_WITH_AES_128_CBC_SHA not work too |
||||
Steps To Reproduce: | |||||
Additional Information: | |||||
Relationships | |||||
Attached Files: |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|