Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-3022

extend the CTLS Cipher suites supported by get.jenkins.io

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: jenkins.io
    • Labels:
      None
    • Similar Issues:

      Description

      get.jenkins.io supports a very limited set of Cipher suites (see below)

       

       

       

      This set of suites (only 3 for each of TLS 1.2!) has minimal overlap with other software, and if you are attempting to run Jenkins in a FIPS compliant environment you end up with no overlapping protocols.

      For example BouncyCastle-FIPS sends the following negotiating TLS 1.2 KEX

      Cipher Suites (12 suites)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
      Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
      Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
      Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

       

      Please add support for some of these protocols to get.jenkins.io

      Current list of ciphers was obtained from https://www.ssllabs.com/ssltest/analyze.html?d=get.jenkins.io  (there are also openSSL commands to do it)

      Compare for example the list of ciphers supported by www.jenkins.io https://www.ssllabs.com/ssltest/analyze.html?d=www.jenkins.io&latest

       

       

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: