[jboss-jira] [JBoss JIRA] (ELY-798) FIPS cipher suite security level in not used

Ondrej Kotek (JIRA) issues at jboss.org
Mon Nov 28 09:24:00 EST 2016 

     [ https://issues.jboss.org/browse/ELY-798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Kotek updated ELY-798:
-----------------------------
    Description: 
There is defined FIPS cipher suite security level name [1,2], but there are no cipher suites with such level [1]. Do we expect some cipher suites with such level to be added? Or {{(fips value == true) => FIPS security level}}?

There is also preparation for matching FIPS cipher suites [4], which is not used. {{CipherSuiteSelector}} [5,6] could offer _FIPS_ keyword to enable users to set FIPS cipher suites easily.


[1] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties#L36
[2] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/SecurityLevel.java#L35
[3] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties#L37
[4] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuitePredicate.java#L338
[5] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L264
[6] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L490

  was:
There is defined FIPS cipher suite security level name [1,2], but there are no cipher suites with such level [1]. Do we expect some cipher suites with such level to be added? Or {{(fips value == true) => FIPS security level}}?

There is is preparation for matching FIPS cipher suites [4], which is not used. {{CipherSuiteSelector}} [5,6] could offer _FIPS_ keyword to enable users to set FIPS cipher suites easily.


[1] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties#L36
[2] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/SecurityLevel.java#L35
[3] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties#L37
[4] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuitePredicate.java#L338
[5] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L264
[6] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L490



> FIPS cipher suite security level in not used
> --------------------------------------------
>
>                 Key: ELY-798
>                 URL: https://issues.jboss.org/browse/ELY-798
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 1.1.0.Beta16
>            Reporter: Ondrej Kotek
>            Assignee: Darran Lofthouse
>
> There is defined FIPS cipher suite security level name [1,2], but there are no cipher suites with such level [1]. Do we expect some cipher suites with such level to be added? Or {{(fips value == true) => FIPS security level}}?
> There is also preparation for matching FIPS cipher suites [4], which is not used. {{CipherSuiteSelector}} [5,6] could offer _FIPS_ keyword to enable users to set FIPS cipher suites easily.
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties#L36
> [2] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/SecurityLevel.java#L35
> [3] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties#L37
> [4] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuitePredicate.java#L338
> [5] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L264
> [6] https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java#L490



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list