Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0003593 [Resin] major always 07-08-09 00:35 08-12-09 15:56
Reporter vbavin View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.0
Summary 0003593: JSSE ciphers restriction not work?
Description I'm currently using JSSE vs. OpenSSL for my SSL configuration.
I now need to restrict the ciphers so use of the weaker ciphers are not
allowed; for instance, anything < 128-bit or DH because Opera 9 browser security and RSA 2048 (i see this not fixed in Sun JRE 1.6x) .
See similar http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6330287 [^] and
http://forums.sun.com/thread.jspa?threadID=5172531 [^] for example.
My configuration sample
    <server-default>
..
      <http address="*" port="8443">
        <jsse-ssl>
            <key-store-type>JKS</key-store-type>
            <key-store-file>...</key-store-file>
            <password>...</password>
            <key-manager-factory>SunX509</key-manager-factory>
            <ssl-context>SSL</ssl-context>
        <cipher-suites>TLS_RSA_WITH_AES_128_CBC_SHA</cipher-suites>
    </jsse-ssl>
      </http>
...
<server-default>

I use THCSSLCheck too for restriction results monitoring.
Additional Information
Attached Files

- Relationships

- Notes
(0004118)
ferg
08-12-09 15:56

server/0602
 

- Issue History
Date Modified Username Field Change
07-08-09 00:35 vbavin New Issue
07-08-09 00:36 vbavin Issue Monitored: vbavin
08-12-09 15:56 ferg Note Added: 0004118
08-12-09 15:56 ferg Assigned To  => ferg
08-12-09 15:56 ferg Status new => closed
08-12-09 15:56 ferg Resolution open => fixed
08-12-09 15:56 ferg Fixed in Version  => 4.0.2


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker