You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Alex Rudyy (JIRA)" <ji...@apache.org> on 2016/02/10 14:16:18 UTC

[jira] [Created] (QPID-7056) [Java Broker] Allow overriding of TLS cipher suites preferences

Alex Rudyy created QPID-7056:
--------------------------------

             Summary: [Java Broker] Allow overriding of TLS cipher suites preferences
                 Key: QPID-7056
                 URL: https://issues.apache.org/jira/browse/QPID-7056
             Project: Qpid
          Issue Type: Bug
          Components: Java Broker
            Reporter: Alex Rudyy


During TLS handshaking, the client requests to negotiate a cipher suite from a list of cryptographic options that it supports, starting with its first preference. Then, the server selects a single cipher suite from the list of cipher suites requested by the client. Normally, the selection honors the client's preference. However, to mitigate the risks of using weak cipher suites, the Broker may select cipher suites based on its own preference rather than the client's preference. 

Additionally, Broker should allow changing the preference order of cipher suites to be able to select faster cipher suites. For example, GCM cipher suites are faster then TLS_ECDHE_RSA_WITH_AES_255_CBC_SHA384. Thus, ciphers suites like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 should be considered to use before TLS_ECDHE_RSA_WITH_AES_255_CBC_SHA384.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org