[teiid-issues] [JBoss JIRA] (TEIID-1772) Teiid ports need to have the ability to restrict cipher suites

Thu Oct 6 11:37:17 EDT 2011

    [ https://issues.jboss.org/browse/TEIID-1772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12632824#comment-12632824 ] 

Steven Hawkins commented on TEIID-1772:
---------------------------------------

Cipher suite negotiation selects the highest precedence (see http://download.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html for the supported suites in Oracle Java) mutually supported suite.  So modifying the client isn't really necessary as long as the server is restricted.

This issue is more to ensure compliance with security policy since all VMs by default support the 128 bit or triple des encryption used by the default enabled cipher suites.  You would have attempt a connection with a client that only supports weak encryption to get a weakly encrypted channel.  This enhancement would allow us to reject those connections.  

The workaround is to ensure that clients must support one of the server's enabled strong cipher suites.

> Teiid ports need to have the ability to restrict cipher suites
> --------------------------------------------------------------
>
>                 Key: TEIID-1772
>                 URL: https://issues.jboss.org/browse/TEIID-1772
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: Server
>    Affects Versions: 7.1.1
>            Reporter: Debbie Steigner
>            Assignee: Van Halbert
>
> When using either 1-way or 2-way ssl for the EDS/Teiid connections, there is currently no way to restrict connections to 128 bit cipher suites.  The capability needs to be added to the product.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira