[teiid-issues] [JBoss JIRA] (TEIID-4663) Support a more secure block mode for client/server encryption

Saturday, 24 December 2016

     [
https://issues.jboss.org/browse/TEIID-4663?page=com.atlassian.jira.plugin...
]

Steven Hawkins resolved TEIID-4663.
-----------------------------------
    Resolution: Done

Added another parameter to the handshake to control if cbc is used.  This change is not
version specific, so it can be added as a patch as desired to older branches.

...
 Support a more secure block mode for client/server encryption
 -------------------------------------------------------------

                 Key: TEIID-4663
                 URL: https://issues.jboss.org/browse/TEIID-4663
             Project: Teiid
          Issue Type: Quality Risk
          Components: JDBC Driver, Server
            Reporter: Steven Hawkins
            Assignee: Steven Hawkins
             Fix For: 9.0.6, 9.1.2, 9.2

 ECB is the current default for the socket transport encryption of secure messages.  While
this is relatively ok for small messages as we also have a message key acting as a CTR
counter to some of the blocks, it does not provide strong security - especially for large
data volume scenarios, such as when using larger login payloads or the secure requests
option.  We should default instead to CBC with an explicit initialization vector. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[teiid-issues] [JBoss JIRA] (TEIID-4663) Support a more secure block mode for client/server encryption