[jboss-jira] [JBoss JIRA] (WFLY-3451) disabling CBC mode ciphers
Aleksandr Voloschuk (JIRA)
issues at jboss.org
Thu Jun 5 03:20:16 EDT 2014
Aleksandr Voloschuk created WFLY-3451:
-----------------------------------------
Summary: disabling CBC mode ciphers
Key: WFLY-3451
URL: https://issues.jboss.org/browse/WFLY-3451
Project: WildFly
Issue Type: Support Request
Security Level: Public (Everyone can see)
Affects Versions: JBoss AS7 7.1.1.Final
Reporter: Aleksandr Voloschuk
Assignee: Jason Greene
Priority: Critical
encountered such a problem:
management of information security vulnerability found on a production environment, namely:
SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability port 8443/tcp over SSL
RC4-SHA ECDHE-RSA-DES-CBC3-SHA SSLv3
they offer a solution:
This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If
upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability. Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability.
as TLS upgrade we can not, it remains disabling CBC mode ciphers
our platform is jboss-eap-6.1
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list