You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Phillip Odam (JIRA)" <ji...@apache.org> on 2012/12/12 17:29:22 UTC
[jira] [Updated] (PROTOCOLS-99) supportedCipherSuites not working
for startTLS
[ https://issues.apache.org/jira/browse/PROTOCOLS-99?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Phillip Odam updated PROTOCOLS-99:
----------------------------------
Attachment: starttls and supported cipher suite config.patch
> supportedCipherSuites not working for startTLS
> ----------------------------------------------
>
> Key: PROTOCOLS-99
> URL: https://issues.apache.org/jira/browse/PROTOCOLS-99
> Project: James Protocols
> Issue Type: Bug
> Components: api
> Affects Versions: 2.0.0, 1.6.2, 1.6.3
> Reporter: Phillip Odam
> Assignee: Eric Charles
> Attachments: starttls and supported cipher suite config.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Setting the supported cipher suites when startTLS is enabled is not limiting the available ciphers since the instantiation of the Encryption object always sets the member enabledCipherSuites to null.
> Demonstrate issue:
> Add the following to the tls tag in conf/smtpserver.conf
> <supportedCipherSuites>
> <cipherSuite>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipherSuite>
> </supportedCipherSuites>
> With the change active, attempting to connect to the server with the following command will succeed (with a weaker cipher)
> openssl s_client -connect mail.server.tld:25 -crlf -starttls smtp -cipher LOW
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org