You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Eoghan Glynn (JIRA)" <ji...@apache.org> on 2007/02/13 11:28:06 UTC
[jira] Assigned: (CXF-350) Add SSL{Client|Server}Policy
CiphersuitesFilter element
[ https://issues.apache.org/jira/browse/CXF-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eoghan Glynn reassigned CXF-350:
--------------------------------
Assignee: Eoghan Glynn
> Add SSL{Client|Server}Policy CiphersuitesFilter element
> -------------------------------------------------------
>
> Key: CXF-350
> URL: https://issues.apache.org/jira/browse/CXF-350
> Project: CXF
> Issue Type: Improvement
> Components: Transports
> Reporter: Eoghan Glynn
> Assigned To: Eoghan Glynn
>
> The SSL client & server policies currently allow a list of individual supported ciphersuites to be enumerated in configuration, via the SSL{Client|Server}Policy Ciphersuites element.
> It would also be useful to allow a filter to be applied to the default set of ciphersuites supported by the underlying SSL/TLS engine (e.g. the list returned from javax.net.ssl.SSLSocket.getSupportedCipherSuites() on the client-side or from org.mortbay.http.SslListener.getCipherSuites() on the server-side).
> It would then be more convenient to configure for requirements that relate to classes of ciphers, e.g. only support null encryption, or only MD5 digests, or only export-level key lengths.
>
> The default would be something like { ".*_EXPORT.*", "_WITH_DES_.*", ".*_WITH_NULL_.*" }, to allow at most 56-bit encryption.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.