james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Odam <phillip.o...@nitorgroup.com>
Subject supportedCipherSuites not working for startTLS
Date Tue, 11 Dec 2012 17:24:48 GMT
Setting the supported cipher suites when startTLS is enabled is not 
limiting the available ciphers since the instantiation of the Encryption 
object always sets the member enabledCipherSuites to null.

Demonstrate issue:

Add the following to the tls tag in conf/smtpserver.conf


With the change active, attempting to connect to the server with the 
following command will succeed (with a weaker cipher)

openssl s_client -connect mail.server.tld:25 -crlf -starttls smtp 
-cipher LOW


(revision 1420267)
2012-12-11 11:41:45.000000000 -0500
@@ -73,7 +73,7 @@
       * @return enc
      public static Encryption createStartTls(SSLContext context, 
String[] enabledCipherSuites) {
-        return new Encryption(context, true, null);
+        return new Encryption(context, true, enabledCipherSuites);


To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message