Mantis - Resin
Viewing Issue Advanced Details
3593 major always 07-08-09 00:35 08-12-09 15:56
vbavin  
ferg  
normal  
closed 4.0.0  
fixed  
none    
none 4.0.2  
0003593: JSSE ciphers restriction not work?
I'm currently using JSSE vs. OpenSSL for my SSL configuration.
I now need to restrict the ciphers so use of the weaker ciphers are not
allowed; for instance, anything < 128-bit or DH because Opera 9 browser security and RSA 2048 (i see this not fixed in Sun JRE 1.6x) .
See similar http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6330287 [^] and
http://forums.sun.com/thread.jspa?threadID=5172531 [^] for example.
My configuration sample
    <server-default>
..
      <http address="*" port="8443">
        <jsse-ssl>
            <key-store-type>JKS</key-store-type>
            <key-store-file>...</key-store-file>
            <password>...</password>
            <key-manager-factory>SunX509</key-manager-factory>
            <ssl-context>SSL</ssl-context>
        <cipher-suites>TLS_RSA_WITH_AES_128_CBC_SHA</cipher-suites>
    </jsse-ssl>
      </http>
...
<server-default>

I use THCSSLCheck too for restriction results monitoring.

Notes
(0004118)
ferg   
08-12-09 15:56   
server/0602