james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phillip Odam (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (PROTOCOLS-99) supportedCipherSuites not working for startTLS
Date Wed, 12 Dec 2012 16:29:22 GMT

     [ https://issues.apache.org/jira/browse/PROTOCOLS-99?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Phillip Odam updated PROTOCOLS-99:

    Attachment: starttls and supported cipher suite config.patch
> supportedCipherSuites not working for startTLS
> ----------------------------------------------
>                 Key: PROTOCOLS-99
>                 URL: https://issues.apache.org/jira/browse/PROTOCOLS-99
>             Project: James Protocols
>          Issue Type: Bug
>          Components: api
>    Affects Versions: 2.0.0, 1.6.2, 1.6.3
>            Reporter: Phillip Odam
>            Assignee: Eric Charles
>         Attachments: starttls and supported cipher suite config.patch
>   Original Estimate: 1h
>  Remaining Estimate: 1h
> Setting the supported cipher suites when startTLS is enabled is not limiting the available
ciphers since the instantiation of the Encryption object always sets the member enabledCipherSuites
to null.
> Demonstrate issue:
> Add the following to the tls tag in conf/smtpserver.conf
> <supportedCipherSuites>
>    <cipherSuite>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipherSuite>
> </supportedCipherSuites>
> With the change active, attempting to connect to the server with the following command
will succeed (with a weaker cipher)
> openssl s_client -connect mail.server.tld:25 -crlf -starttls smtp -cipher LOW

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message