Add to collection(s) Add to saved
  1. No category

[#MIRTH-1924] Disable weak SSL ciphers in Jetty server

advertisement 
[MIRTH-1924] Disable weak SSL ciphers in Jetty server Created: 15/Aug/11
Updated:
19/Jan/12 Resolved: 19/Jan/12
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Closed
Mirth Connect
Server
2.1.0, 2.1.1
Type:
Reporter:
Resolution:
Labels:
Remaining
Estimate:
Time Spent:
Original
Estimate:
Environment:
Improvement
stevier
Fixed
None
Not Specified
Issue Links:
Cloners
clones MIRTH-412 Disable weak SSL ciphers in Jetty server
2.2.0 RC 1, 2.2.0
Priority:
Assignee:
Votes:
Minor
Gerald Bortis
0
Not Specified
Not Specified
Any Platform
Description
Weak ssl ciphers are supported by built in Jetty https server. Change to strong ciphers.
Jetty howto: http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites
Nessus output:
Synopsis :
The remote service supports the use of weak SSL ciphers.
Description :
The remote host supports the use of SSL ciphers that
offer either weak encryption or no encryption at all.
See also :
Closed
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of
weak ciphers.
Risk factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C /A:N/I:N/B:N)
Plugin output :
Here is a list of the SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-DSS-DES-CBC-SHA Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
TLSv1
EXP-EDH-DSS-DES-CBC-SHA Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
EDH-DSS-DES-CBC-SHA Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
TLSv1
EDH-DSS-DES-CBC-SHA Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
SSLv3
EDH-DSS-DES-CBC3-SHA Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
TLSv1
EDH-DSS-DES-CBC3-SHA Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DHE-DSS-AES128-SHA Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx=
{key exchange}
Au=
{authentication}
Enc=
{symmetric encryption method}
Mac=
{message authentication code} {export flag}
Nessus ID : 21643
Comments
Comment by Gerald Bortis [ 19/Aug/11 ]
Disabled low and medium strength cipers for SSL.
Comment by Gerald Bortis [ 25/Oct/11 ]
Updated disabled cipher list from this blog article:
http://tux.hk/index.php?m=04&y=09&entry=entry090416-140738
Generated at Tue Feb 09 07:34:14 PST 2016 using JIRA 6.2.7#6265sha1:91604a8de81892a3e362e0afee505432f29579b0.
Related documents
[MIRTH-412] Disable weak SSL ciphers in Jetty server Created
[MIRTH-412] Disable weak SSL ciphers in Jetty server Created
Report - Mohawk College
Report - Mohawk College
Hwk #11
Hwk #11
John Smith - Office of Experiential Learning
John Smith - Office of Experiential Learning
Strong Client Encryption
Strong Client Encryption
[#OPENDJ-649] Add supportedTLSCiphers and
[#OPENDJ-649] Add supportedTLSCiphers and
Tutorial 3 - Prince Sultan University
Tutorial 3 - Prince Sultan University
Word - Puppet Labs Tickets
Word - Puppet Labs Tickets
Download
advertisement