teiid SVN: r3539 - trunk/documentation/admin-guide/src/main/docbook/en-US/content. - teiid-commits

Thursday, 6 October 2011

Author: rareddy
Date: 2011-10-06 17:06:06 -0400 (Thu, 06 Oct 2011)
New Revision: 3539

Modified:
   trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
Log:
TEIID-1772: adding ability custom configure the cipher suites for ssl connection

Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================

--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml	2011-10-06
20:43:45 UTC (rev 3538)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml	2011-10-06
21:06:06 UTC (rev 3539)
@@ -367,6 +367,8 @@
     <property name="truststorePassword">passwd</property>
     <!--  1-way, 2-way, anonymous -->
     <property name="authenticationMode">1-way</property>
+    <!-- an optional property to constrain the cipher suites to be negotiated between
server and client -->
+    <property
name="enabledCipherSuites">SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA</property>
 </bean>]]></programlisting>       
 </example>
            <itemizedlist>
@@ -387,6 +389,7 @@
             public key for the client. Depending upon how you created the keystore and
truststores, 
             this may be same file as defined under  "keystoreFilename"
property.</para></listitem>
             <listitem><para>truststorePassword - password for the truststore.
</para></listitem>
+            <listitem><para>enabledCipherSuites - A comma separated list of
cipher suites allowed for encryption between server and
client</para></listitem>
            </itemizedlist>  
       	<section id="ssl_auth">
       		<title>SSL Authentication Modes</title>
@@ -408,8 +411,9 @@
       	</section>
       	<section id="encryption_strength">
       		<title>Encryption Strength</title>
-      		<para>Both anonymous SSL and login only encryption are configured to use
128 bit AES encryption.  
-      		1-way and 2-way SSL allow for cipher suite negotiation based upon the default
cipher suites supported by the respective Java platforms of the client and server.		
+      		<para>Both anonymous SSL and login only encryption are configured to use
128 bit AES encryption by default.  By default,
+      		1-way and 2-way SSL allow for cipher suite negotiation based upon the default
cipher suites supported by the respective Java platforms of the client and server.
+            User can restrict the cipher suites used for encryption by specifying the
<emphasis>enabledCipherSuites</emphasis> property above in ssl configuration. 
   		
       		</para>
       	</section> 
     </section>


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

teiid SVN: r3539 - trunk/documentation/admin-guide/src/main/docbook/en-US/content.