tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan S Fisher (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OPENEJB-1856) Allow User selectable Cipher Suites to enhance ejbds SSL security
Date Tue, 03 Jul 2012 21:44:34 GMT

    [ https://issues.apache.org/jira/browse/OPENEJB-1856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406080#comment-13406080
] 

Jonathan S Fisher commented on OPENEJB-1856:
--------------------------------------------

Untested patches attached.
                
> Allow User selectable Cipher Suites to enhance ejbds SSL security
> -----------------------------------------------------------------
>
>                 Key: OPENEJB-1856
>                 URL: https://issues.apache.org/jira/browse/OPENEJB-1856
>             Project: OpenEJB
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 4.0.0
>         Environment: All
>            Reporter: Jonathan S Fisher
>            Priority: Minor
>              Labels: security
>         Attachments: ServiceDaemon.patch, SocketConnectionFactory.patch
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Currently, "SSL_DH_anon_WITH_RC4_128_MD5" is harded as the only available cipher suite
when using SSL. While this provides integrtiy and eavesdorpping protection, it offers no protection
from MITM attacks.
> Allowing the user to specify the protocol suite, then having them also use the normal
javax.net.ssl.trustStore and javax.net.ssl.keyStore parameters will allow fully secure connections
to be established.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message