You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Eoghan Glynn (JIRA)" <ji...@apache.org> on 2007/01/03 15:49:27 UTC
[jira] Created: (CXF-350) Add SSL{Client|Server}Policy
CiphersuitesFilter element
Add SSL{Client|Server}Policy CiphersuitesFilter element
-------------------------------------------------------
Key: CXF-350
URL: https://issues.apache.org/jira/browse/CXF-350
Project: CXF
Issue Type: Improvement
Components: Transports
Reporter: Eoghan Glynn
The SSL client & server policies currently allow a list of individual supported ciphersuites to be enumerated in configuration, via the SSL{Client|Server}Policy Ciphersuites element.
It would also be useful to allow a filter to be applied to the default set of ciphersuites supported by the underlying SSL/TLS engine (e.g. the list returned from javax.net.ssl.SSLSocket.getSupportedCipherSuites() on the client-side or from org.mortbay.http.SslListener.getCipherSuites() on the server-side).
It would then be more convenient to configure for requirements that relate to classes of ciphers, e.g. only support null encryption, or only MD5 digests, or only export-level key lengths.
The default would be something like { ".*_EXPORT.*", "_WITH_DES_.*", ".*_WITH_NULL_.*" }, to allow at most 56-bit encryption.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CXF-350) Add SSL{Client|Server}Policy
CiphersuitesFilter element
Posted by "Eoghan Glynn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eoghan Glynn closed CXF-350.
----------------------------
Resolution: Fixed
Feature committed on Jan 25 2007
> Add SSL{Client|Server}Policy CiphersuitesFilter element
> -------------------------------------------------------
>
> Key: CXF-350
> URL: https://issues.apache.org/jira/browse/CXF-350
> Project: CXF
> Issue Type: Improvement
> Components: Transports
> Reporter: Eoghan Glynn
> Assigned To: Eoghan Glynn
>
> The SSL client & server policies currently allow a list of individual supported ciphersuites to be enumerated in configuration, via the SSL{Client|Server}Policy Ciphersuites element.
> It would also be useful to allow a filter to be applied to the default set of ciphersuites supported by the underlying SSL/TLS engine (e.g. the list returned from javax.net.ssl.SSLSocket.getSupportedCipherSuites() on the client-side or from org.mortbay.http.SslListener.getCipherSuites() on the server-side).
> It would then be more convenient to configure for requirements that relate to classes of ciphers, e.g. only support null encryption, or only MD5 digests, or only export-level key lengths.
>
> The default would be something like { ".*_EXPORT.*", "_WITH_DES_.*", ".*_WITH_NULL_.*" }, to allow at most 56-bit encryption.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CXF-350) Add SSL{Client|Server}Policy
CiphersuitesFilter element
Posted by "Eoghan Glynn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eoghan Glynn reassigned CXF-350:
--------------------------------
Assignee: Eoghan Glynn
> Add SSL{Client|Server}Policy CiphersuitesFilter element
> -------------------------------------------------------
>
> Key: CXF-350
> URL: https://issues.apache.org/jira/browse/CXF-350
> Project: CXF
> Issue Type: Improvement
> Components: Transports
> Reporter: Eoghan Glynn
> Assigned To: Eoghan Glynn
>
> The SSL client & server policies currently allow a list of individual supported ciphersuites to be enumerated in configuration, via the SSL{Client|Server}Policy Ciphersuites element.
> It would also be useful to allow a filter to be applied to the default set of ciphersuites supported by the underlying SSL/TLS engine (e.g. the list returned from javax.net.ssl.SSLSocket.getSupportedCipherSuites() on the client-side or from org.mortbay.http.SslListener.getCipherSuites() on the server-side).
> It would then be more convenient to configure for requirements that relate to classes of ciphers, e.g. only support null encryption, or only MD5 digests, or only export-level key lengths.
>
> The default would be something like { ".*_EXPORT.*", "_WITH_DES_.*", ".*_WITH_NULL_.*" }, to allow at most 56-bit encryption.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.