Bug 780979 (SOA-3448)

Summary: EDS ports need to have the ability to restrict cipher suites
Product: [JBoss] JBoss Enterprise SOA Platform 5 Reporter: dsteigne
Component: Documentation, EDSAssignee: David Le Sage <dlesage>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.1.0 GACC: dsteigne, rareddy, tkirby, vhalbert
Target Milestone: ---   
Target Release: 5.2.0.ER5   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-3448
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-04 12:54:20 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
ChangeRequest_TeiidCipherSuitesSupport.odt none

Description dsteigne 2011-10-06 13:40:40 UTC 
Affects: Documentation (Ref Guide, User Guide, etc.)
Help Desk Ticket Reference: https://c.na7.visual.force.com/apex/Case_View?id=500A0000008R52i
project_key: SOA

When using either 1-way or 2-way ssl for the EDS/Teiid connections, there is currently no way to restrict connections to 128 bit cipher suites.  The capability needs to be added to the product.
Comment 1 Van Halbert 2011-10-06 13:48:08 UTC 
Link: Added: This issue Cloned to SOA-3449
Comment 2 Ramesh Reddy 2011-10-06 14:47:23 UTC 
During SSL connection handshake the client and server negotiate on available cipher suites in the both the VMs, then settle on mutually supported cipher suite for encryption. With configuration, it one can constrain which sets of cipher suites are the allowed, such that they can control the encryption strength.

The proposed fix to EDS 5.2, will be ability to add a property in the configuration to define these allowed cipher suites. however, the default configuration will not add any property such that the current behaviour is preserved. If user wants to restrict they will need to modify the configuration, which will then enable the feature.
Comment 5 Len DiMaggio 2011-10-06 15:46:53 UTC 
Affects: Added: Documentation (Ref Guide, User Guide, etc.)
Comment 7 Ramesh Reddy 2011-10-07 15:28:51 UTC 
See the "Admin Guide" SSL section for usage.
Comment 8 Ramesh Reddy 2011-10-07 15:28:51 UTC 
Release Notes Text: Added: Has ability to constrain the allowed cipher suites negotiated during a SSL connection.
Comment 9 Van Halbert 2011-10-07 15:51:10 UTC 
I'll create a change request to follow up to this.
Comment 10 Van Halbert 2011-10-10 13:31:41 UTC 
Change request.
Comment 11 Van Halbert 2011-10-10 13:31:41 UTC 
Attachment: Added: ChangeRequest_TeiidCipherSuitesSupport.odt
Comment 15 Paul Nittel 2011-11-04 12:54:20 UTC 
Closed.