[jboss-jira] [JBoss JIRA] (ELY-1607) Revise cipher suites exposed by Elytron
Justin Cook (JIRA)
issues at jboss.org
Thu Jul 12 09:20:00 EDT 2018
[ https://issues.jboss.org/browse/ELY-1607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13604417#comment-13604417 ]
Justin Cook commented on ELY-1607:
----------------------------------
The Java names for the ones that I could not find an OpenSSL name for are:
TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 ,TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, TLS_PSK_WITH_ARIA_128_CBC_SHA256, TLS_PSK_WITH_ARIA_256_CBC_SHA384, TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
To summarize: all the PSK with CBC ones and most of the Diffie Hellman Non-Ephemeral ones
> Revise cipher suites exposed by Elytron
> ---------------------------------------
>
> Key: ELY-1607
> URL: https://issues.jboss.org/browse/ELY-1607
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.4.0.Final
> Reporter: Martin Choma
> Assignee: Justin Cook
> Priority: Blocker
> Fix For: 1.4.1.CR1
>
>
> I know there have been discussed earlier we should revise/update database and defaults regularly.
> Checking few ciphersuites from java cipher suite list [1]. I have noticed:
> * Elytron is missing CHACHA20 variants introduced in rfc 7905
> * missing ciphersuites from RFC 6209
> * ...
> Please revise content of MechanismDatabase.properties
> [1] https://docs.oracle.com/javase/10/docs/specs/security/standard-names.html#jsse-cipher-suite-names
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list