You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2018/12/14 09:33:00 UTC

[jira] [Resolved] (OPENMEETINGS-1969) Disable weak chiper configuration not available/working.

     [ https://issues.apache.org/jira/browse/OPENMEETINGS-1969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maxim Solodovnik resolved OPENMEETINGS-1969.
--------------------------------------------
    Resolution: Information Provided

To make this test GREEN you need to modify {{conf/jee-container.xml}} file
add following entry {{<entry key="ciphers" value="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA" />}}

to "Tomcat with SSL enabled" -> "tomcat.server" -> "connectors" -> "httpsConnector" -> "connectionProperties"



NOTE to self: check was performed using this tool: https://github.com/drwetter/testssl.sh

> Disable weak chiper configuration not available/working.
> --------------------------------------------------------
>
>                 Key: OPENMEETINGS-1969
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1969
>             Project: Openmeetings
>          Issue Type: Bug
>         Environment: docker,ubuntu,jdk8
>            Reporter: Mani M
>            Assignee: Maxim Solodovnik
>            Priority: Major
>         Attachments: ssl_check_result.jpg, ssl_config.jpg
>
>
> There is no option to disable weak chippers for SSL config. No proper documentation is available if the configuration is possible. Uncommenting *rtmpsMinaIoHandler* section in *red5-core.xml* and adding chipers has no effect.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)