[teiid-issues] [JBoss JIRA] (TEIID-4663) Support a more secure block mode for client/server encryption
Steven Hawkins (JIRA)
issues at jboss.org
Sat Dec 24 09:51:00 EST 2016
[ https://issues.jboss.org/browse/TEIID-4663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Hawkins resolved TEIID-4663.
-----------------------------------
Resolution: Done
Added another parameter to the handshake to control if cbc is used. This change is not version specific, so it can be added as a patch as desired to older branches.
> Support a more secure block mode for client/server encryption
> -------------------------------------------------------------
>
> Key: TEIID-4663
> URL: https://issues.jboss.org/browse/TEIID-4663
> Project: Teiid
> Issue Type: Quality Risk
> Components: JDBC Driver, Server
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 9.0.6, 9.1.2, 9.2
>
>
> ECB is the current default for the socket transport encryption of secure messages. While this is relatively ok for small messages as we also have a message key acting as a CTR counter to some of the blocks, it does not provide strong security - especially for large data volume scenarios, such as when using larger login payloads or the secure requests option. We should default instead to CBC with an explicit initialization vector.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list