You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2011/12/09 20:43:42 UTC
svn commit: r1212597 - in
/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security:
Bethal.cxf https_config.xml
Author: dkulp
Date: Fri Dec 9 19:43:42 2011
New Revision: 1212597
URL: http://svn.apache.org/viewvc?rev=1212597&view=rev
Log:
More updates for algorithms for Java7
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/Bethal.cxf
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/https_config.xml
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/Bethal.cxf
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/Bethal.cxf?rev=1212597&r1=1212596&r2=1212597&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/Bethal.cxf (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/Bethal.cxf Fri Dec 9 19:43:42 2011
@@ -65,6 +65,7 @@
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/https_config.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/https_config.xml?rev=1212597&r1=1212596&r2=1212597&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/https_config.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/https_config.xml Fri Dec 9 19:43:42 2011
@@ -58,6 +58,18 @@ under the License.
<sec:keyStore type="JKS" password="password"
resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
</sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
@@ -75,6 +87,18 @@ under the License.
<sec:keyStore type="JKS" password="password"
resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
</sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>