You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/09/04 08:50:00 UTC

[jira] [Commented] (JAMES-1516) Add TLS protocols section to smtpserver.xml

    [ https://issues.apache.org/jira/browse/JAMES-1516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409905#comment-17409905 ] 

Benoit Tellier commented on JAMES-1516:
---------------------------------------

Agreed, I upvote this one.

Running Snyk against James got this:


{code:java}
Inadequate Encryption Strength

    Snyk Code
    CWE-326

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of TLS.
server/protocols/protocols-library/src/main/java/org/apache/james/protocols/lib/netty/AbstractConfigurableAsyncServer.java

SSLContext context = SSLContext.getInstance("TLS");
{code}

This option would offer people to supply alternative inputs without introducing braking changes...


> Add TLS protocols section to smtpserver.xml
> -------------------------------------------
>
>                 Key: JAMES-1516
>                 URL: https://issues.apache.org/jira/browse/JAMES-1516
>             Project: James Server
>          Issue Type: Improvement
>          Components: SMTPServer
>    Affects Versions: 3.0.0-beta5
>            Reporter: Johnny Minty
>            Priority: Minor
>
> A facility to provide protocol control should also be introduced for example: 
> <protocols>SSLv3 TLSv1 TLSv1.1 TLSv1.2</protocols>



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org