Bug 780979 (SOA-3448) - EDS ports need to have the ability to restrict cipher suites
Summary: EDS ports need to have the ability to restrict cipher suites
Keywords:
Status: CLOSED NEXTRELEASE
Alias: SOA-3448
Product: JBoss Enterprise SOA Platform 5
Classification: JBoss
Component: Documentation, EDS
Version: 5.1.0 GA
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 5.2.0.ER5
Assignee: David Le Sage
QA Contact:
URL: http://jira.jboss.org/jira/browse/SOA...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-06 13:40 UTC by dsteigne
Modified: 2011-11-04 12:54 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-04 12:54:20 UTC
Type: Feature Request

Attachments (Terms of Use)
ChangeRequest_TeiidCipherSuitesSupport.odt (17.60 KB, application/vnd.oasis.opendocument.text)
2011-10-10 13:31 UTC, Van Halbert 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SOA-3448 0 None Closed EDS ports need to have the ability to restrict cipher suites 2012-03-22 13:48:07 UTC
Red Hat Issue Tracker TEIID-1772 0 None Closed Teiid ports need to have the ability to restrict cipher suites 2012-03-22 13:48:07 UTC

Description dsteigne 2011-10-06 13:40:40 UTC 
Affects: Documentation (Ref Guide, User Guide, etc.)
Help Desk Ticket Reference: https://c.na7.visual.force.com/apex/Case_View?id=500A0000008R52i
project_key: SOA

When using either 1-way or 2-way ssl for the EDS/Teiid connections, there is currently no way to restrict connections to 128 bit cipher suites.  The capability needs to be added to the product.
Comment 1 Van Halbert 2011-10-06 13:48:08 UTC 
Link: Added: This issue Cloned to SOA-3449
Comment 2 Ramesh Reddy 2011-10-06 14:47:23 UTC 
During SSL connection handshake the client and server negotiate on available cipher suites in the both the VMs, then settle on mutually supported cipher suite for encryption. With configuration, it one can constrain which sets of cipher suites are the allowed, such that they can control the encryption strength.

The proposed fix to EDS 5.2, will be ability to add a property in the configuration to define these allowed cipher suites. however, the default configuration will not add any property such that the current behaviour is preserved. If user wants to restrict they will need to modify the configuration, which will then enable the feature.
Comment 5 Len DiMaggio 2011-10-06 15:46:53 UTC 
Affects: Added: Documentation (Ref Guide, User Guide, etc.)
Comment 7 Ramesh Reddy 2011-10-07 15:28:51 UTC 
See the "Admin Guide" SSL section for usage.
Comment 8 Ramesh Reddy 2011-10-07 15:28:51 UTC 
Release Notes Text: Added: Has ability to constrain the allowed cipher suites negotiated during a SSL connection.
Comment 9 Van Halbert 2011-10-07 15:51:10 UTC 
I'll create a change request to follow up to this.
Comment 10 Van Halbert 2011-10-10 13:31:41 UTC 
Change request.
Comment 11 Van Halbert 2011-10-10 13:31:41 UTC 
Attachment: Added: ChangeRequest_TeiidCipherSuitesSupport.odt
Comment 15 Paul Nittel 2011-11-04 12:54:20 UTC 
Closed.
Note You need to log in before you can comment on or make changes to this bug.