You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2022/08/05 17:18:30 UTC

[GitHub] [cloudstack] fermosan commented on a diff in pull request #6594: JDK Disabled Algorithms update

fermosan commented on code in PR #6594:
URL: https://github.com/apache/cloudstack/pull/6594#discussion_r939013386


##########
client/conf/java.security.ciphers.in:
##########
@@ -15,4 +15,21 @@
 # specific language governing permissions and limitations
 # under the License.
 
-jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
+jdk.tls.disabledAlgorithms=SSLv3,TLSv1.0, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 2048, EC keySize < 224, \

Review Comment:
   I tested it only against KVM (Ubuntu 20.04). I could try to install one or two hypervisors and test it but what is the point? All supported hypervisors must be tested to make sure the change is ok.
   
   Is it possible to use different definitions for type of service ? 
   For example have one definition for management server login portal and one for all the other backend communications. The big issue is the outside connections from users to the UI or/and apis and not the hypervisor communication.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org