You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2021/08/13 04:55:55 UTC
[james-project] branch master updated: JAMES-3261 Add some system
properties for TLS (#588)
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new e464299 JAMES-3261 Add some system properties for TLS (#588)
e464299 is described below
commit e46429995f609456aae538727c14dde125c70739
Author: Tellier Benoit <bt...@linagora.com>
AuthorDate: Fri Aug 13 11:55:52 2021 +0700
JAMES-3261 Add some system properties for TLS (#588)
---
server/apps/cassandra-app/README.adoc | 2 +-
server/apps/cassandra-app/pom.xml | 2 ++
server/apps/distributed-app/README.adoc | 2 +-
server/apps/distributed-app/pom.xml | 2 ++
server/apps/jpa-app/README.adoc | 2 +-
server/apps/jpa-app/pom.xml | 2 ++
server/apps/jpa-smtp-app/README.adoc | 2 +-
server/apps/jpa-smtp-app/pom.xml | 2 ++
server/apps/memory-app/pom.xml | 2 ++
server/apps/memory-app/src/assemble/README.adoc | 2 +-
server/apps/spring-app/pom.xml | 4 +++-
11 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/server/apps/cassandra-app/README.adoc b/server/apps/cassandra-app/README.adoc
index 77f30e2..42c80f4 100644
--- a/server/apps/cassandra-app/README.adoc
+++ b/server/apps/cassandra-app/README.adoc
@@ -43,7 +43,7 @@ Once everything is set up, you just have to run the jar with:
[source]
----
-$ java -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -jar james-server-cassandra-app.jar
+$ java -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -Djdk.tls.ephemeralDHKeySize=2048 -jar james-server-cassandra-app.jar
----
Note that binding ports below 1024 requires administrative rights.
diff --git a/server/apps/cassandra-app/pom.xml b/server/apps/cassandra-app/pom.xml
index 11dd2a8..6502dba 100644
--- a/server/apps/cassandra-app/pom.xml
+++ b/server/apps/cassandra-app/pom.xml
@@ -372,6 +372,8 @@
<jvmFlags>
<jvmFlag>-Dlogback.configurationFile=/root/conf/logback.xml</jvmFlag>
<jvmFlag>-Dworking.directory=/root/</jvmFlag>
+ <!-- Prevents Logjam (CVE-2015-4000) -->
+ <jvmFlag>-Djdk.tls.ephemeralDHKeySize=2048</jvmFlag>
</jvmFlags>
<creationTime>USE_CURRENT_TIMESTAMP</creationTime>
diff --git a/server/apps/distributed-app/README.adoc b/server/apps/distributed-app/README.adoc
index 0275741..8f903a0 100644
--- a/server/apps/distributed-app/README.adoc
+++ b/server/apps/distributed-app/README.adoc
@@ -40,7 +40,7 @@ Once everything is set up, you just have to run the jar with:
[source]
----
-$ java -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -jar james-server-distributed-app.jar
+$ java -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -Djdk.tls.ephemeralDHKeySize=2048 -jar james-server-distributed-app.jar
----
Note that binding ports below 1024 requires administrative rights.
diff --git a/server/apps/distributed-app/pom.xml b/server/apps/distributed-app/pom.xml
index 9e90b98..7aa77b6 100644
--- a/server/apps/distributed-app/pom.xml
+++ b/server/apps/distributed-app/pom.xml
@@ -420,6 +420,8 @@
<jvmFlags>
<jvmFlag>-Dlogback.configurationFile=/root/conf/logback.xml</jvmFlag>
<jvmFlag>-Dworking.directory=/root/</jvmFlag>
+ <!-- Prevents Logjam (CVE-2015-4000) -->
+ <jvmFlag>-Djdk.tls.ephemeralDHKeySize=2048</jvmFlag>
</jvmFlags>
<creationTime>USE_CURRENT_TIMESTAMP</creationTime>
<volumes>
diff --git a/server/apps/jpa-app/README.adoc b/server/apps/jpa-app/README.adoc
index 43e7c89..4830ab6 100644
--- a/server/apps/jpa-app/README.adoc
+++ b/server/apps/jpa-app/README.adoc
@@ -25,7 +25,7 @@ Once everything is set up, you just have to run the jar with:
[source]
----
-$ java -javaagent:james-server-jpa-guice.lib/openjpa-3.1.2.jar -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -jar james-server-jpa-app.jar
+$ java -javaagent:james-server-jpa-guice.lib/openjpa-3.1.2.jar -Dworking.directory=. -Djdk.tls.ephemeralDHKeySize=2048 -Dlogback.configurationFile=conf/logback.xml -jar james-server-jpa-app.jar
----
Note that binding ports below 1024 requires administrative rights.
diff --git a/server/apps/jpa-app/pom.xml b/server/apps/jpa-app/pom.xml
index 7727845..bd420a8 100644
--- a/server/apps/jpa-app/pom.xml
+++ b/server/apps/jpa-app/pom.xml
@@ -304,6 +304,8 @@
<jvmFlags>
<jvmFlag>-Dlogback.configurationFile=/root/conf/logback.xml</jvmFlag>
<jvmFlag>-Dworking.directory=/root/</jvmFlag>
+ <!-- Prevents Logjam (CVE-2015-4000) -->
+ <jvmFlag>-Djdk.tls.ephemeralDHKeySize=2048</jvmFlag>
</jvmFlags>
<creationTime>USE_CURRENT_TIMESTAMP</creationTime>
</container>
diff --git a/server/apps/jpa-smtp-app/README.adoc b/server/apps/jpa-smtp-app/README.adoc
index 207baad..6515b71 100644
--- a/server/apps/jpa-smtp-app/README.adoc
+++ b/server/apps/jpa-smtp-app/README.adoc
@@ -27,7 +27,7 @@ Once everything is set up, you just have to run the jar with:
[source]
----
-$ java -javaagent:james-server-jpa-smtp-guice.lib/openjpa-3.1.2.jar -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -jar james-server-jpa-smtp-app.jar
+$ java -javaagent:james-server-jpa-smtp-guice.lib/openjpa-3.1.2.jar -Dworking.directory=. -Djdk.tls.ephemeralDHKeySize=2048 -Dlogback.configurationFile=conf/logback.xml -jar james-server-jpa-smtp-app.jar
----
Note that binding ports below 1024 requires administrative rights.
diff --git a/server/apps/jpa-smtp-app/pom.xml b/server/apps/jpa-smtp-app/pom.xml
index 84c8cee..b9db5a0 100644
--- a/server/apps/jpa-smtp-app/pom.xml
+++ b/server/apps/jpa-smtp-app/pom.xml
@@ -267,6 +267,8 @@
<jvmFlags>
<jvmFlag>-Dlogback.configurationFile=/root/conf/logback.xml</jvmFlag>
<jvmFlag>-Dworking.directory=/root/</jvmFlag>
+ <!-- Prevents Logjam (CVE-2015-4000) -->
+ <jvmFlag>-Djdk.tls.ephemeralDHKeySize=2048</jvmFlag>
</jvmFlags>
<creationTime>USE_CURRENT_TIMESTAMP</creationTime>
<volumes>
diff --git a/server/apps/memory-app/pom.xml b/server/apps/memory-app/pom.xml
index ddb1cee..447f135 100644
--- a/server/apps/memory-app/pom.xml
+++ b/server/apps/memory-app/pom.xml
@@ -295,6 +295,8 @@
<jvmFlags>
<jvmFlag>-Dlogback.configurationFile=/root/conf/logback.xml</jvmFlag>
<jvmFlag>-Dworking.directory=/root/</jvmFlag>
+ <!-- Prevents Logjam (CVE-2015-4000) -->
+ <jvmFlag>-Djdk.tls.ephemeralDHKeySize=2048</jvmFlag>
</jvmFlags>
<creationTime>USE_CURRENT_TIMESTAMP</creationTime>
<volumes>
diff --git a/server/apps/memory-app/src/assemble/README.adoc b/server/apps/memory-app/src/assemble/README.adoc
index 0a75e4a..4ed3b2f 100644
--- a/server/apps/memory-app/src/assemble/README.adoc
+++ b/server/apps/memory-app/src/assemble/README.adoc
@@ -23,7 +23,7 @@ Once everything is set up, you just have to run the jar with:
[source]
----
-$ java -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -jar james-server-memory-guice.jar
+$ java -Dworking.directory=. -Dlogback.configurationFile=conf/logback.xml -Djdk.tls.ephemeralDHKeySize=2048 -jar james-server-memory-guice.jar
----
Note that binding ports below 1024 requires administrative rights.
\ No newline at end of file
diff --git a/server/apps/spring-app/pom.xml b/server/apps/spring-app/pom.xml
index 53e0100..1b6f824 100644
--- a/server/apps/spring-app/pom.xml
+++ b/server/apps/spring-app/pom.xml
@@ -64,7 +64,9 @@
<!-- Use filesystem to copy message by default -->
<james.system-property1>-Djames.message.usememorycopy=false</james.system-property1>
- <james.system-properties>${james.system-property1}</james.system-properties>
+ <!-- Prevents Logjam (CVE-2015-4000) -->
+ <james.system-property2>-Djdk.tls.ephemeralDHKeySize=2048</james.system-property2>
+ <james.system-properties>${james.system-property1} ${james.system-property2}</james.system-properties>
<!-- this name is used for James's folders on Debian systems and james user -->
<james.debian.user>apache-james</james.debian.user>
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org