Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56591

make cipher exclusion configurable in Winstone

      Currently we rely on default winstone cipher exclusions so in case of changes we cannot override the default exclude ciphers. We have to add an option to override default excluded ciphers.

          [JENKINS-56591] make cipher exclusion configurable in Winstone

          Olivier Lamy added a comment -

          Olivier Lamy added a comment - pr  https://github.com/jenkinsci/winstone/pull/60

          Olivier Lamy added a comment -
          --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) 
                                         (default is 
                                         // Exclude weak / insecure ciphers 
                                         "^.*_(MD5|SHA|SHA1)$", 
                                         // Exclude ciphers that don't support forward secrecy 
                                         "^TLS_RSA_.*$", 
                                         // The following exclusions are present to cleanup known bad cipher 
                                         // suites that may be accidentally included via include patterns. 
                                         // The default enabled cipher list in Java will not include these 
                                         // (but they are available in the supported list). 
                                         "^SSL_.*$", 
                                         "^.*_NULL_.*$", 
                                         "^.*_anon_.*$"  

          Olivier Lamy added a comment - --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) ( default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$" , // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$" , // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$" , "^.*_NULL_.*$" , "^.*_anon_.*$"

            olamy Olivier Lamy
            olamy Olivier Lamy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: