[jboss-jira] [JBoss JIRA] (WFLY-3451) disabling CBC mode ciphers

[Darran Lofthouse (JIRA)]

     [ https://issues.jboss.org/browse/WFLY-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFLY-3451.
------------------------------------
    Fix Version/s: 10.1.0.Final
       Resolution: Out of Date


OpenSSL style filters of cipher suites can be specified from WildFly 10.

> disabling CBC mode ciphers
> --------------------------
>
>                 Key: WFLY-3451
>                 URL: https://issues.jboss.org/browse/WFLY-3451
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Security
>    Affects Versions: JBoss AS7 7.1.1.Final
>            Reporter: Aleksandr Voloschuk
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 10.1.0.Final
>
>
> encountered such a problem:
> management of information security vulnerability found on a production environment, namely:
> SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability port 8443/tcp over SSL
> RC4-SHA ECDHE-RSA-DES-CBC3-SHA SSLv3
>  they offer a solution:
> This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If
> upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability. Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability.
> as TLS upgrade we can not, it remains disabling CBC mode ciphers
> our platform is jboss-eap-6.1



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)