0005987: Disable the RC4 cipher in resin server - Mantis

Mantis Bugtracker

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

ID

Category

Severity

Reproducibility

Date Submitted

Last Update

0005987

[Resin]

major

always

03-14-16 21:46

08-04-16 14:26

Reporter

saravanansankar93

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Status

closed

Product Version

4.0.14

Summary

0005987: Disable the RC4 cipher in resin server

Description

We are trying to remove the RC4 and ssl version,to avoid poodle security issue in windows server.we could disable the ssl version but how could we do the RC4 cipher in resin configuration xml file.

Additional Information

we are using JDK 1.7 update 79
windows server 2008 R2
Resin 4.0.14

Relationships

Notes
(0006682) saravanansankar93 03-14-16 22:01	please find the scan message RC4 ciphers are still enabled on 8443 port. &12288; T:\Docs\Misc\SSLScan>SSLScan.exe --no-failed 10.94.100.178:8443 Testing SSL server 10.94.100.178 on port 8443 Supported Server Cipher: Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1 128 bits AES128-SHA Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Accepted TLSv1 128 bits RC4-SHA Accepted TLSv1 128 bits RC4-MD5 Prefered Server Cipher: TLSv1 128 bits DHE-RSA-AES128-SHA ________________________________________

(0006712) ferg 08-04-16 14:26	Added substring matching for cipher-suites-forbidden for jose network/0531

Issue History
Date Modified	Username	Field	Change
03-14-16 21:46	saravanansankar93	New Issue
03-14-16 22:01	saravanansankar93	Note Added: 0006682
08-04-16 14:26	ferg	Note Added: 0006712
08-04-16 14:26	ferg	Assigned To	=> ferg
08-04-16 14:26	ferg	Status	new => closed
08-04-16 14:26	ferg	Resolution	open => fixed
08-04-16 14:26	ferg	Fixed in Version	=> 4.0.49

Mantis 1.0.0rc3[^]

Copyright © 2000 - 2005 Mantis Group

32 total queries executed.
28 unique queries executed.