You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Romain Manni-Bucau (Jira)" <ji...@apache.org> on 2020/12/04 08:34:00 UTC
[jira] [Commented] (GERONIMO-6793) Do not auto-enable all available
Cyphers in TLS/SSL protocol handling in MailConnection
[ https://issues.apache.org/jira/browse/GERONIMO-6793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17243834#comment-17243834 ]
Romain Manni-Bucau commented on GERONIMO-6793:
----------------------------------------------
IMHO we can't align JVM defaults since they will often be for http clients and not mails so we must pick some.
So question is: which one to select? If we have time we should probably review most mail provider to ensure they all work by default and tuning is only needed for custom company mail servers for example.
What do you think?
> Do not auto-enable all available Cyphers in TLS/SSL protocol handling in MailConnection
> ---------------------------------------------------------------------------------------
>
> Key: GERONIMO-6793
> URL: https://issues.apache.org/jira/browse/GERONIMO-6793
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: mail
> Reporter: Richard Zowalla
> Priority: Major
>
> Check and discuss, if it is a good idea to enable all cyphers in TLS/SSL protocol handling in MailConnection.java
> Some cyphers are deprecated for good reasons and shouldn't be used.
> This enhancement might possibily include
> * Allow users to specifiy cyphers via properties (custom factory is already possible)
> * If we have no user defined cyphers available, fallback to the JVMs default cyphers.
>
> This is a follow up issue raised from the discussion on the dev mailing list, see http://mail-archives.apache.org/mod_mbox/geronimo-dev/202012.mbox/%3C096fbb867eda8e090eddf80fbd81cf787ac87945.camel%40hs-heilbronn.de%3E
--
This message was sent by Atlassian Jira
(v8.3.4#803005)