Re: [Simpleweb-Support] Removing weaker ciphers from SSL support
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] Removing weaker ciphers from SSL support
|
From: Niall G. <gal...@ya...> - 2011-01-12 08:29:46
|
Hi, You should be in complete control of SSL. All you need to do is create an SSLContext and pass it to the connection. It will create an SSLEngine per connection. There is nothing you need to do in Simple. Niall --- On Mon, 10/1/11, Andrew Barlow <and...@sd...> wrote: From: Andrew Barlow <and...@sd...> Subject: [Simpleweb-Support] Removing weaker ciphers from SSL support To: "Simple support and user issues" <sim...@li...> Received: Monday, 10 January, 2011, 8:07 AM We have just received the results of a security audit on a system that we developed which uses Simple 4.1.21 to deliver content over SSL. The finding was: "Three weak SSL ciphers were noted as being supported by the web server. These ciphers all used a symmetric key length of 56 bits or less and are considered unsuitable for use by a financial services application. OpenSSL name: EXP-DES-CBC-SHA Detailed information: Key Exchange: RSA(512); Authentication: RSA; Encryption: DES(40); MAC: SHA1 OpenSSL name: EXP-RC4-MD5 Detailed information: Key Exchange: RSA(512); Authentication: RSA; Encryption: RC4(40); MAC: MD5 OpenSSL name: DES-CBC-SHA Detailed information: Key Exchange: RSA; Authentication: " and the recommendation was that the server be configured to remove these weak ciphers. Is this something we do in Simple, or do we make changes in the Java keystore? Does anyone have any experience of this? Andy Barlow -----Inline Attachment Follows----- ------------------------------------------------------------------------------ Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl -----Inline Attachment Follows----- _______________________________________________ Simpleweb-Support mailing list Sim...@li... https://lists.sourceforge.net/lists/listinfo/simpleweb-support |
