Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56591

make cipher exclusion configurable in Winstone

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Currently we rely on default winstone cipher exclusions so in case of changes we cannot override the default exclude ciphers. We have to add an option to override default excluded ciphers.

        Attachments

          Issue Links

            Activity

            Show
            olamy Olivier Lamy added a comment - pr  https://github.com/jenkinsci/winstone/pull/60
            Hide
            olamy Olivier Lamy added a comment -
            --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) 
                                           (default is 
                                           // Exclude weak / insecure ciphers 
                                           "^.*_(MD5|SHA|SHA1)$", 
                                           // Exclude ciphers that don't support forward secrecy 
                                           "^TLS_RSA_.*$", 
                                           // The following exclusions are present to cleanup known bad cipher 
                                           // suites that may be accidentally included via include patterns. 
                                           // The default enabled cipher list in Java will not include these 
                                           // (but they are available in the supported list). 
                                           "^SSL_.*$", 
                                           "^.*_NULL_.*$", 
                                           "^.*_anon_.*$"  
            Show
            olamy Olivier Lamy added a comment - --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) ( default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$" , // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$" , // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$" , "^.*_NULL_.*$" , "^.*_anon_.*$"

              People

              • Assignee:
                olamy Olivier Lamy
                Reporter:
                olamy Olivier Lamy
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: