December 2013 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-370) Declarative Agenda control does not support all possible constraints

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/DROOLS-370?page=com.atlassian.jira.plugin... ] RH Bugzilla Integration commented on DROOLS-370: ------------------------------------------------ Mario Fusco <mfusco(a)redhat.com> changed the Status of [bug 1042926|https://bugzilla.redhat.com/show_bug.cgi?id=1042926] from NEW to ASSIGNED > Declarative Agenda control does not support all possible constraints > -------------------------------------------------------------------- > > Key: DROOLS-370 > URL: https://issues.jboss.org/browse/DROOLS-370 > Project: Drools > Issue Type: Bug > Security Level: Public(Everyone can see) > Reporter: Davide Sottara > Assignee: Mario Fusco > Priority: Minor > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (JBJCA-1127) Contention fix when returning connections

by Ståle Pedersen (JIRA)

Ståle Pedersen created JBJCA-1127: ------------------------------------- Summary: Contention fix when returning connections Key: JBJCA-1127 URL: https://issues.jboss.org/browse/JBJCA-1127 Project: IronJacamar Issue Type: Enhancement Components: Performance Affects Versions: 1.1.2.Final, 1.0.23.Final Reporter: Ståle Pedersen Assignee: Jesper Pedersen Fix For: 1.0.24.Final, 1.1.3.Final During benchmarking we saw a lot of contention when hibernate is returning connections. With this fix below the total contention time (aggregated across all threads) over a 5min period in s/state for that lock in SemaphoreArrayListManagedConnectionPool has gone from 39min 55s to 17s. https://github.com/johnaoahra80/ironjacamar/commit/f32885818bc0048522a086... We havent seen any errors with this change in the IJ testsuite or in the benchmark we're running. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-370) Declarative Agenda control does not support all possible constraints

by Mario Fusco (JIRA)

[ https://issues.jboss.org/browse/DROOLS-370?page=com.atlassian.jira.plugin... ] Mario Fusco resolved DROOLS-370. -------------------------------- Resolution: Done > Declarative Agenda control does not support all possible constraints > -------------------------------------------------------------------- > > Key: DROOLS-370 > URL: https://issues.jboss.org/browse/DROOLS-370 > Project: Drools > Issue Type: Bug > Security Level: Public(Everyone can see) > Reporter: Davide Sottara > Assignee: Mario Fusco > Priority: Minor > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-362) provide means to specify allowed ciphers for management https or change default to exclude weak ciphers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-362?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned WFLY-362: ------------------------------------- Assignee: Darran Lofthouse (was: Tomaz Cerar) > provide means to specify allowed ciphers for management https or change default to exclude weak ciphers > ------------------------------------------------------------------------------------------------------- > > Key: WFLY-362 > URL: https://issues.jboss.org/browse/WFLY-362 > Project: WildFly > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Domain Management, Security > Reporter: R Stokoe > Assignee: Darran Lofthouse > Fix For: 8.0.0.CR1 > > > Provide means to specify allowed ciphers for management https. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2653) HTTPS undertow listener select cipher-suites

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-2653?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-2653: -------------------------------------- Assignee: Tomaz Cerar (was: Darran Lofthouse) > HTTPS undertow listener select cipher-suites > -------------------------------------------- > > Key: WFLY-2653 > URL: https://issues.jboss.org/browse/WFLY-2653 > Project: WildFly > Issue Type: Enhancement > Security Level: Public(Everyone can see) > Components: Web (Undertow) > Affects Versions: 8.0.0.Beta1 > Environment: fedora 18 > Reporter: Aleksandar Kostadinov > Assignee: Tomaz Cerar > Labels: https, security, security-hardening, ssl, undertow, wildfly > > At the moment I don't see any way to restrict allowed cipher suites for the https listener. > {CODE} > [standalone@localhost:9990 /] /core-service=management/security-realm=HttpsRealm:read-resource(recursive=true, include-defaults=true) > { > "outcome" => "success", > "result" => { > "map-groups-to-roles" => true, > "authentication" => undefined, > "authorization" => undefined, > "plug-in" => undefined, > "server-identity" => {"ssl" => { > "alias" => undefined, > "key-password" => undefined, > "keystore-password" => "changeit", > "keystore-path" => "localhost.keystore", > "keystore-relative-to" => "jboss.server.config.dir", > "protocol" => "TLS" > }} > } > } > [standalone@localhost:9990 /] /subsystem=undertow/server=default-server:read-resource(recursive=true, include-defaults=true) > { > "outcome" => "success", > "result" => { > <...> > "https-listener" => {"https" => { > "allow-encoded-slash" => false, > "always-set-keep-alive" => true, > "buffer-pipelined-data" => true, > "buffer-pool" => "default", > "decode-url" => true, > "enabled" => true, > "max-cookies" => 200, > "max-header-size" => 51200, > "max-headers" => 200, > "max-parameters" => 1000, > "max-post-size" => 10485760L, > "security-realm" => "ApplicationRealm", > "socket-binding" => "https", > "url-charset" => "UTF-8", > "verify-client" => "NOT_REQUESTED", > "worker" => "default" > }} > } > } > {CODE} > I have tested that default cipher suites used are pretty sane except RC4-SHA and RC4-MD5. Below is full list. But I think it is important for users to be able to support more or less ciphers depending on their environment and requirements. We also need good secure default settings IMO excluding the above mentioned two ciphers. See current recommendations here [1][2] > {CODE} > $ sslscan --no-failed localhost:8443 > _ > ___ ___| |___ ___ __ _ _ __ > / __/ __| / __|/ __/ _` | '_ \ > \__ \__ \ \__ \ (_| (_| | | | | > |___/___/_|___/\___\__,_|_| |_| > Version 1.8.2 > http://www.titania.co.uk > Copyright Ian Ventura-Whiting 2009 > Testing SSL server localhost on port 8443 > Supported Server Cipher(s): > Accepted SSLv3 256 bits DHE-RSA-AES256-SHA > Accepted SSLv3 256 bits AES256-SHA > Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA > Accepted SSLv3 168 bits DES-CBC3-SHA > Accepted SSLv3 128 bits DHE-RSA-AES128-SHA > Accepted SSLv3 128 bits AES128-SHA > Accepted SSLv3 128 bits RC4-SHA > Accepted SSLv3 128 bits RC4-MD5 > Accepted TLSv1 256 bits DHE-RSA-AES256-SHA > Accepted TLSv1 256 bits AES256-SHA > Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA > Accepted TLSv1 168 bits DES-CBC3-SHA > Accepted TLSv1 128 bits DHE-RSA-AES128-SHA > Accepted TLSv1 128 bits AES128-SHA > Accepted TLSv1 128 bits RC4-SHA > Accepted TLSv1 128 bits RC4-MD5 > {CODE} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-370) Declarative Agenda control does not support all possible constraints

by Mario Fusco (JIRA)

[ https://issues.jboss.org/browse/DROOLS-370?page=com.atlassian.jira.plugin... ] Mario Fusco reassigned DROOLS-370: ---------------------------------- Assignee: Mario Fusco (was: Mark Proctor) > Declarative Agenda control does not support all possible constraints > -------------------------------------------------------------------- > > Key: DROOLS-370 > URL: https://issues.jboss.org/browse/DROOLS-370 > Project: Drools > Issue Type: Bug > Security Level: Public(Everyone can see) > Reporter: Davide Sottara > Assignee: Mario Fusco > Priority: Minor > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-362) provide means to specify allowed ciphers for management https or change default to exclude weak ciphers

by Tomaz Cerar (JIRA)

[ https://issues.jboss.org/browse/WFLY-362?page=com.atlassian.jira.plugin.s... ] Tomaz Cerar commented on WFLY-362: ---------------------------------- No, it is in different part of server completely > provide means to specify allowed ciphers for management https or change default to exclude weak ciphers > ------------------------------------------------------------------------------------------------------- > > Key: WFLY-362 > URL: https://issues.jboss.org/browse/WFLY-362 > Project: WildFly > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Domain Management, Security > Reporter: R Stokoe > Assignee: Tomaz Cerar > Fix For: 8.0.0.CR1 > > > Provide means to specify allowed ciphers for management https. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2653) HTTPS undertow listener select cipher-suites

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-2653?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-2653: -------------------------------------- Assignee: Darran Lofthouse (was: Tomaz Cerar) > HTTPS undertow listener select cipher-suites > -------------------------------------------- > > Key: WFLY-2653 > URL: https://issues.jboss.org/browse/WFLY-2653 > Project: WildFly > Issue Type: Enhancement > Security Level: Public(Everyone can see) > Components: Web (Undertow) > Affects Versions: 8.0.0.Beta1 > Environment: fedora 18 > Reporter: Aleksandar Kostadinov > Assignee: Darran Lofthouse > Labels: https, security, security-hardening, ssl, undertow, wildfly > > At the moment I don't see any way to restrict allowed cipher suites for the https listener. > {CODE} > [standalone@localhost:9990 /] /core-service=management/security-realm=HttpsRealm:read-resource(recursive=true, include-defaults=true) > { > "outcome" => "success", > "result" => { > "map-groups-to-roles" => true, > "authentication" => undefined, > "authorization" => undefined, > "plug-in" => undefined, > "server-identity" => {"ssl" => { > "alias" => undefined, > "key-password" => undefined, > "keystore-password" => "changeit", > "keystore-path" => "localhost.keystore", > "keystore-relative-to" => "jboss.server.config.dir", > "protocol" => "TLS" > }} > } > } > [standalone@localhost:9990 /] /subsystem=undertow/server=default-server:read-resource(recursive=true, include-defaults=true) > { > "outcome" => "success", > "result" => { > <...> > "https-listener" => {"https" => { > "allow-encoded-slash" => false, > "always-set-keep-alive" => true, > "buffer-pipelined-data" => true, > "buffer-pool" => "default", > "decode-url" => true, > "enabled" => true, > "max-cookies" => 200, > "max-header-size" => 51200, > "max-headers" => 200, > "max-parameters" => 1000, > "max-post-size" => 10485760L, > "security-realm" => "ApplicationRealm", > "socket-binding" => "https", > "url-charset" => "UTF-8", > "verify-client" => "NOT_REQUESTED", > "worker" => "default" > }} > } > } > {CODE} > I have tested that default cipher suites used are pretty sane except RC4-SHA and RC4-MD5. Below is full list. But I think it is important for users to be able to support more or less ciphers depending on their environment and requirements. We also need good secure default settings IMO excluding the above mentioned two ciphers. See current recommendations here [1][2] > {CODE} > $ sslscan --no-failed localhost:8443 > _ > ___ ___| |___ ___ __ _ _ __ > / __/ __| / __|/ __/ _` | '_ \ > \__ \__ \ \__ \ (_| (_| | | | | > |___/___/_|___/\___\__,_|_| |_| > Version 1.8.2 > http://www.titania.co.uk > Copyright Ian Ventura-Whiting 2009 > Testing SSL server localhost on port 8443 > Supported Server Cipher(s): > Accepted SSLv3 256 bits DHE-RSA-AES256-SHA > Accepted SSLv3 256 bits AES256-SHA > Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA > Accepted SSLv3 168 bits DES-CBC3-SHA > Accepted SSLv3 128 bits DHE-RSA-AES128-SHA > Accepted SSLv3 128 bits AES128-SHA > Accepted SSLv3 128 bits RC4-SHA > Accepted SSLv3 128 bits RC4-MD5 > Accepted TLSv1 256 bits DHE-RSA-AES256-SHA > Accepted TLSv1 256 bits AES256-SHA > Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA > Accepted TLSv1 168 bits DES-CBC3-SHA > Accepted TLSv1 128 bits DHE-RSA-AES128-SHA > Accepted TLSv1 128 bits AES128-SHA > Accepted TLSv1 128 bits RC4-SHA > Accepted TLSv1 128 bits RC4-MD5 > {CODE} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-362) provide means to specify allowed ciphers for management https or change default to exclude weak ciphers

by Aleksandar Kostadinov (JIRA)

[ https://issues.jboss.org/browse/WFLY-362?page=com.atlassian.jira.plugin.s... ] Aleksandar Kostadinov commented on WFLY-362: -------------------------------------------- maybe this is obsoleted by WFLY-2653 ? As far as I see this bug is about jboss-web but now that is gone > provide means to specify allowed ciphers for management https or change default to exclude weak ciphers > ------------------------------------------------------------------------------------------------------- > > Key: WFLY-362 > URL: https://issues.jboss.org/browse/WFLY-362 > Project: WildFly > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Domain Management, Security > Reporter: R Stokoe > Assignee: Tomaz Cerar > Fix For: 8.0.0.CR1 > > > Provide means to specify allowed ciphers for management https. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2653) HTTPS undertow listener select cipher-suites

by Aleksandar Kostadinov (JIRA)

[ https://issues.jboss.org/browse/WFLY-2653?page=com.atlassian.jira.plugin.... ] Aleksandar Kostadinov updated WFLY-2653: ---------------------------------------- Forum Reference: https://community.jboss.org/thread/229569 > HTTPS undertow listener select cipher-suites > -------------------------------------------- > > Key: WFLY-2653 > URL: https://issues.jboss.org/browse/WFLY-2653 > Project: WildFly > Issue Type: Enhancement > Security Level: Public(Everyone can see) > Components: Web (Undertow) > Affects Versions: 8.0.0.Beta1 > Environment: fedora 18 > Reporter: Aleksandar Kostadinov > Assignee: Tomaz Cerar > Labels: https, security, security-hardening, ssl, undertow, wildfly > > At the moment I don't see any way to restrict allowed cipher suites for the https listener. > {CODE} > [standalone@localhost:9990 /] /core-service=management/security-realm=HttpsRealm:read-resource(recursive=true, include-defaults=true) > { > "outcome" => "success", > "result" => { > "map-groups-to-roles" => true, > "authentication" => undefined, > "authorization" => undefined, > "plug-in" => undefined, > "server-identity" => {"ssl" => { > "alias" => undefined, > "key-password" => undefined, > "keystore-password" => "changeit", > "keystore-path" => "localhost.keystore", > "keystore-relative-to" => "jboss.server.config.dir", > "protocol" => "TLS" > }} > } > } > [standalone@localhost:9990 /] /subsystem=undertow/server=default-server:read-resource(recursive=true, include-defaults=true) > { > "outcome" => "success", > "result" => { > <...> > "https-listener" => {"https" => { > "allow-encoded-slash" => false, > "always-set-keep-alive" => true, > "buffer-pipelined-data" => true, > "buffer-pool" => "default", > "decode-url" => true, > "enabled" => true, > "max-cookies" => 200, > "max-header-size" => 51200, > "max-headers" => 200, > "max-parameters" => 1000, > "max-post-size" => 10485760L, > "security-realm" => "ApplicationRealm", > "socket-binding" => "https", > "url-charset" => "UTF-8", > "verify-client" => "NOT_REQUESTED", > "worker" => "default" > }} > } > } > {CODE} > I have tested that default cipher suites used are pretty sane except RC4-SHA and RC4-MD5. Below is full list. But I think it is important for users to be able to support more or less ciphers depending on their environment and requirements. We also need good secure default settings IMO excluding the above mentioned two ciphers. See current recommendations here [1][2] > {CODE} > $ sslscan --no-failed localhost:8443 > _ > ___ ___| |___ ___ __ _ _ __ > / __/ __| / __|/ __/ _` | '_ \ > \__ \__ \ \__ \ (_| (_| | | | | > |___/___/_|___/\___\__,_|_| |_| > Version 1.8.2 > http://www.titania.co.uk > Copyright Ian Ventura-Whiting 2009 > Testing SSL server localhost on port 8443 > Supported Server Cipher(s): > Accepted SSLv3 256 bits DHE-RSA-AES256-SHA > Accepted SSLv3 256 bits AES256-SHA > Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA > Accepted SSLv3 168 bits DES-CBC3-SHA > Accepted SSLv3 128 bits DHE-RSA-AES128-SHA > Accepted SSLv3 128 bits AES128-SHA > Accepted SSLv3 128 bits RC4-SHA > Accepted SSLv3 128 bits RC4-MD5 > Accepted TLSv1 256 bits DHE-RSA-AES256-SHA > Accepted TLSv1 256 bits AES256-SHA > Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA > Accepted TLSv1 168 bits DES-CBC3-SHA > Accepted TLSv1 128 bits DHE-RSA-AES128-SHA > Accepted TLSv1 128 bits AES128-SHA > Accepted TLSv1 128 bits RC4-SHA > Accepted TLSv1 128 bits RC4-MD5 > {CODE} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira December 2013