Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5987 major always 03-14-16 21:46 08-04-16 14:26
Reporter: saravanansankar93 Platform:  
Assigned To: ferg OS:  
Priority: normal OS Version:  
Status: closed Product Version: 4.0.14  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.49  
Summary: 0005987: Disable the RC4 cipher in resin server
Description: We are trying to remove the RC4 and ssl version,to avoid poodle security issue in windows server.we could disable the ssl version but how could we do the RC4 cipher in resin configuration xml file.
Steps To Reproduce:
Additional Information: we are using JDK 1.7 update 79
windows server 2008 R2
Resin 4.0.14
Relationships
Attached Files:

Notes
(0006682)
saravanansankar93   
03-14-16 22:01   
please find the scan message

RC4 ciphers are still enabled on 8443 port.
&12288;
T:\Docs\Misc\SSLScan>SSLScan.exe --no-failed 10.94.100.178:8443
Testing SSL server 10.94.100.178 on port 8443
Supported Server Cipher:
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Prefered Server Cipher:
TLSv1 128 bits DHE-RSA-AES128-SHA
________________________________________
(0006712)
ferg   
08-04-16 14:26   
Added substring matching for cipher-suites-forbidden for jose

network/0531