Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Enhancement: Jetty Cipher Configuration

Description

http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites

Allow configuration to enable only high level encryption or disable low cipher suites.

Environment

Operating System: All Platform: All

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Benjamin Reed September 17, 2009 at 11:45 AM

merged to branches/1.6 in r14678

Jeff Gehlbach August 21, 2009 at 1:15 PM

Enhancement committed to 1.6-testing at r14471 and merged to trunk at r14472.

The default list of excluded cipher suites is documented in opennms.properties as the commented-out value of org.opennms.netmgt.jetty.https-exclude-cipher-suites. The list as it stands today is:

SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA

I'd like somebody to vet this list who's familiar with which export-grade cipher suites may be the only ones available in the developing world that are "good enough" to leave in by default.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

PagerDuty

Created August 17, 2009 at 3:08 PM
Updated February 3, 2011 at 2:46 PM
Resolved September 21, 2009 at 3:05 PM