<< Back to previous view |
[QB-1396] Option to disable weak cipher suites in SSL support
|
|
Status: | Resolved |
Project: | QuickBuild |
Component/s: | None |
Affects Version/s: | 4.0.62 |
Fix Version/s: | 3.1.73, 4.0.63 |
Type: | Improvement | Priority: | Major |
Reporter: | Robin Shen | Assigned To: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Remaining Estimate: | Unknown | Time Spent: | Unknown |
Original Estimate: | Unknown |
Comments |
Comment by Robin Shen [ 03/Oct/12 03:14 PM ] |
The approach is to create file "conf/ciphers.excluded" for each SSL equipped QuickBuild installation (agent and server) to exclude weak cipher suites. For Sun JDK5 and Sun JDK6. Below content can be used:
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA |