You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Rohit Rai Malhotra (JIRA)" <ji...@apache.org> on 2017/11/28 15:14:01 UTC

[jira] [Updated] (AMBARI-22533) Disable Week cipher and protocols from Ambari by default

     [ https://issues.apache.org/jira/browse/AMBARI-22533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rohit Rai Malhotra updated AMBARI-22533:
----------------------------------------
    Issue Type: Bug  (was: Improvement)

> Disable Week cipher and protocols from Ambari by default
> --------------------------------------------------------
>
>                 Key: AMBARI-22533
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22533
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>            Reporter: Rohit Rai Malhotra
>            Priority: Minor
>
> Below is the list of week ciphers and protocols which can be disabled by default from Ambari:
> Vulnerable connection combinations :
> SSL/TLS version : TLSv1.2
> Cipher suite : TLS1_DHE_RSA_WITH_AES_128_CBC_SHA256
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.2
> Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.2
> Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.1
> Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.1
> Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.0
> Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.0
> Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> Here is the list of medium strength SSL ciphers supported by the remote server :
> Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
> DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
> The fields above are :
> {OpenSSL ciphername}
> Kx=
> {key exchange}
> Au=
> {authentication}
> Enc=
> {symmetric encryption method}
> Mac=
> {message authentication code} {export flag}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)