You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Trang Vo (Jira)" <ji...@apache.org> on 2019/09/10 16:15:00 UTC

[jira] [Updated] (QPID-6490) Configure SSL ciphers

     [ https://issues.apache.org/jira/browse/QPID-6490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Trang Vo updated QPID-6490:
---------------------------
    Attachment: util.h
                util.cpp

> Configure SSL ciphers
> ---------------------
>
>                 Key: QPID-6490
>                 URL: https://issues.apache.org/jira/browse/QPID-6490
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: 0.30
>         Environment: Linux
>            Reporter: Brant Knudson
>            Priority: Major
>              Labels: security
>         Attachments: util.cpp, util.h
>
>
> qpid-cpp must allow an admin to set the SSL ciphers / protocols that they want the server to allow. The default should be ciphers / protocols that don't have known security vulnerabilities like SSLv3 (POODLE) and RC4 ciphers (Bar Mitzvah)
> With CVE-2015-2808 (a.k.a. Bar Mitzvah affecting RC4 ciphers) and other recent vulnerabilities found in different ciphers / protocols, we need to be able to disable ciphers / protocols easily.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org