OpenEJB
  1. OpenEJB
  2. OPENEJB-1856

Allow User selectable Cipher Suites to enhance ejbds SSL security

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 4.0.0
    • Fix Version/s: None
    • Component/s: server
    • Labels:
    • Environment:
      All

      Description

      Currently, "SSL_DH_anon_WITH_RC4_128_MD5" is harded as the only available cipher suite when using SSL. While this provides integrtiy and eavesdorpping protection, it offers no protection from MITM attacks.

      Allowing the user to specify the protocol suite, then having them also use the normal javax.net.ssl.trustStore and javax.net.ssl.keyStore parameters will allow fully secure connections to be established.

      1. ServiceDaemon.patch
        1 kB
        Jonathan S Fisher
      2. SocketConnectionFactory.patch
        3 kB
        Jonathan S Fisher

        Activity

        Hide
        Jonathan S Fisher added a comment -

        Untested patches attached.

        Show
        Jonathan S Fisher added a comment - Untested patches attached.

          People

          • Assignee:
            Unassigned
            Reporter:
            Jonathan S Fisher
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 48h
              48h
              Remaining:
              Remaining Estimate - 48h
              48h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development