james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phillip Odam (JIRA)" <j...@apache.org>
Subject [jira] [Created] (PROTOCOLS-99) supportedCipherSuites not working for startTLS
Date Wed, 12 Dec 2012 15:07:21 GMT
Phillip Odam created PROTOCOLS-99:
-------------------------------------

             Summary: supportedCipherSuites not working for startTLS
                 Key: PROTOCOLS-99
                 URL: https://issues.apache.org/jira/browse/PROTOCOLS-99
             Project: James Protocols
          Issue Type: Bug
          Components: api
    Affects Versions: 1.6.2, 2.0.0, 1.6.3
            Reporter: Phillip Odam
            Assignee: Eric Charles


Setting the supported cipher suites when startTLS is enabled is not limiting the available
ciphers since the instantiation of the Encryption object always sets the member enabledCipherSuites
to null.

Demonstrate issue:

Add the following to the tls tag in conf/smtpserver.conf

<supportedCipherSuites>
   <cipherSuite>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipherSuite>
</supportedCipherSuites>

With the change active, attempting to connect to the server with the following command will
succeed (with a weaker cipher)

openssl s_client -connect mail.server.tld:25 -crlf -starttls smtp -cipher LOW

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message