[
https://issues.jboss.org/browse/TEIID-1772?page=com.atlassian.jira.plugin...
]
Steven Hawkins commented on TEIID-1772:
---------------------------------------
Cipher suite negotiation selects the highest precedence (see
http://download.oracle.com/javase/6/docs/technotes/guides/security/SunPro... for
the supported suites in Oracle Java) mutually supported suite. So modifying the client
isn't really necessary as long as the server is restricted.
This issue is more to ensure compliance with security policy since all VMs by default
support the 128 bit or triple des encryption used by the default enabled cipher suites.
You would have attempt a connection with a client that only supports weak encryption to
get a weakly encrypted channel. This enhancement would allow us to reject those
connections.
The workaround is to ensure that clients must support one of the server's enabled
strong cipher suites.
Teiid ports need to have the ability to restrict cipher suites
--------------------------------------------------------------
Key: TEIID-1772
URL:
https://issues.jboss.org/browse/TEIID-1772
Project: Teiid
Issue Type: Feature Request
Components: Server
Affects Versions: 7.1.1
Reporter: Debbie Steigner
Assignee: Van Halbert
When using either 1-way or 2-way ssl for the EDS/Teiid connections, there is currently no
way to restrict connections to 128 bit cipher suites. The capability needs to be added to
the product.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira