You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/09/04 08:50:00 UTC
[jira] [Commented] (JAMES-1516) Add TLS protocols section to
smtpserver.xml
[ https://issues.apache.org/jira/browse/JAMES-1516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409905#comment-17409905 ]
Benoit Tellier commented on JAMES-1516:
---------------------------------------
Agreed, I upvote this one.
Running Snyk against James got this:
{code:java}
Inadequate Encryption Strength
Snyk Code
CWE-326
Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of TLS.
server/protocols/protocols-library/src/main/java/org/apache/james/protocols/lib/netty/AbstractConfigurableAsyncServer.java
SSLContext context = SSLContext.getInstance("TLS");
{code}
This option would offer people to supply alternative inputs without introducing braking changes...
> Add TLS protocols section to smtpserver.xml
> -------------------------------------------
>
> Key: JAMES-1516
> URL: https://issues.apache.org/jira/browse/JAMES-1516
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Affects Versions: 3.0.0-beta5
> Reporter: Johnny Minty
> Priority: Minor
>
> A facility to provide protocol control should also be introduced for example:
> <protocols>SSLv3 TLSv1 TLSv1.1 TLSv1.2</protocols>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org