[GitHub] incubator-brooklyn pull request: White list strong TLS ciphers

[neykov <gi...@git.apache.org>]

GitHub user neykov opened a pull request:

    https://github.com/apache/incubator-brooklyn/pull/627

    White list strong TLS ciphers

    Default config uses weak/compromised ciphers. Followed recommendations from https://wiki.mozilla.org/Security/Server_Side_TLS.
    
    Upgrade of Jetty was needed for the support of white-listing (previous version supported black lists only).

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/neykov/incubator-brooklyn console-ciphers

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-brooklyn/pull/627.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #627
    
----
commit 7970cb9d6449f3ce47d82213ddde8404cbc85c0c
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Date:   2015-05-05T12:27:33Z

    Use white listed protocols and ciphers for console https
    
    Jetty upgrade needed because of support for white-listing.

commit 9fec374a94ac73f329eb7c54fb5e2b6f7f195fb5
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Date:   2015-05-05T12:41:46Z

    White list ciphers for nginx and Tomcat

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-brooklyn pull request: White list strong TLS ciphers

[asfgit <gi...@git.apache.org>]

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-brooklyn/pull/627


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-brooklyn pull request: White list strong TLS ciphers

[neykov <gi...@git.apache.org>]

Github user neykov commented on the pull request:

    https://github.com/apache/incubator-brooklyn/pull/627#issuecomment-99955110
  
    IBM java supports only SSL_ prefix for ciphers, repeated the list with SSL_ prefix as well.
    
    The first part of the cipher name specifies the protocol, but in practice the cipher can be used with either protocol. Java uses the TLS cipher suite naming convention, but IBM java uses only SSL_ prefix - https://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/ciphersuites.html


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-brooklyn pull request: White list strong TLS ciphers

[ahgittin <gi...@git.apache.org>]

Github user ahgittin commented on the pull request:

    https://github.com/apache/incubator-brooklyn/pull/627#issuecomment-103091882
  
    nice improvements.  merging.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---