[teiid-users] securing psql service
Ramesh Reddy
rareddy at redhat.com
Thu Jun 11 08:58:32 EDT 2015
As document mentions supported Ciphers defined in your VM, I am not sure how VM picks a certain one. Using the enabled-cipher-suite value to a restricted one of your choice, I think you can force to use certain one.
Ramesh..
----- Original Message -----
> My understanding is that you are not vulnerable with the protocol set to
> TLSv1.
>
> ----- Original Message -----
> > Hi,
> >
> > I wanted to secure some teiid instances with psql service I am currently
> > running.
> >
> > I set ssl-protocol="TLSv1" however a weak cipher is still being
> > negotiated [2] . AES128-SHA is listed as a CBC cipher [3]
> >
> > There is a mention of a property called enabled-cipher-suite [1] and a
> > warning that the string has to contain valid ciphers.
> >
> > How can I determine what ciphers are available for working with?
> >
> > Regards,
> > Marco
> >
> > [1] https://docs.jboss.org/author/display/teiid88final/Teiid+Server+SSL
> > [2] psql -A -h myhost.com -p 5432 -d myvdb
> > psql (9.3.6, server 8.1.4)
> > SSL connection (cipher: AES128-SHA, bits: 128)
> >
> > [3]
> > https://www.tinfoilsecurity.com/blog/how-to-fix-poodle-and-why-you-are-probably-still-vulnerable
> >
> > --
> > Marco Grigull, Systems Administrator, Systems Engineering
> > 85 88229 / +61 7 3514 8229
> > _______________________________________________
> > teiid-users mailing list
> > teiid-users at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/teiid-users
> >
> _______________________________________________
> teiid-users mailing list
> teiid-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/teiid-users
>
More information about the teiid-users
mailing list