Menu
▾
▴
Re: [Unity-idm-discuss] Cannot disable TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite
|
From: Shiraz M. <a....@fz...> - 2017-06-06 11:36:49
|
Hi, The vulnerability has been resolved. The main issue was the incorrect cipher suite name. Although the ssllabs server test mentions the TLS_RSA_WITH_3DES_EDE_CBC_SHA, alas the correct name is SSL_RSA_WITH_3DES_EDE_CBC_SHA and I have guessed that from http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites - there is no such TLS_RSA.... cipher suite supported in JDK8. Cheers, Shiraz On Fri, Jun 2, 2017 at 2:16 PM, Shiraz Memon <a....@fz...<mailto:a....@fz...>> wrote: Hi Krzysztof, Unity v1.9.6 (probably underlying jetty) cannot disable the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite despite of being declared inside the unityServer.conf, see below, the conf snippet and the ssl test screenshot: unityServer.core.httpServer.disabledCipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_ WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_A ES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA [Inline image 1] Our network dept. is also complaining about this too. Can you guide me how to disable the given cipher? Thanks, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899<tel:02461%20616899> Fax: +49 2461 61 6656<tel:02461%20616656> -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
