Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
Description
Currently we rely on default winstone cipher exclusions so in case of changes we cannot override the default exclude ciphers. We have to add an option to override default excluded ciphers.
Attachments
Issue Links
- relates to
-
JENKINS-56659 Upgrade to winstone 5.2
-
- Fixed but Unreleased
-
Activity
Olivier Lamy
added a comment - --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$", // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$", // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"
Olivier Lamy
added a comment -
--excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none)
( default is
// Exclude weak / insecure ciphers
"^.*_(MD5|SHA|SHA1)$" ,
// Exclude ciphers that don't support forward secrecy
"^TLS_RSA_.*$" ,
// The following exclusions are present to cleanup known bad cipher
// suites that may be accidentally included via include patterns.
// The default enabled cipher list in Java will not include these
// (but they are available in the supported list).
"^SSL_.*$" ,
"^.*_NULL_.*$" ,
"^.*_anon_.*$"
pr https://github.com/jenkinsci/winstone/pull/60