[JENKINS-56591] make cipher exclusion configurable in Winstone - Jenkins JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: winstone-jetty
Labels:
- winstone-5.2

Similar Issues:

Show

Description

Currently we rely on default winstone cipher exclusions so in case of changes we cannot override the default exclude ciphers. We have to add an option to override default excluded ciphers.

Attachments

Issue Links

relates to

JENKINS-56659 Upgrade to winstone 5.2

Fixed but Unreleased

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Olivier Lamy added a comment - 2019-03-18 11:13

pr https://github.com/jenkinsci/winstone/pull/60

Show

Olivier Lamy added a comment - 2019-03-18 11:13 pr https://github.com/jenkinsci/winstone/pull/60

Hide

Permalink

Olivier Lamy added a comment - 2019-03-26 00:30

--excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) 
                               (default is 
                               // Exclude weak / insecure ciphers 
                               "^.*_(MD5|SHA|SHA1)$", 
                               // Exclude ciphers that don't support forward secrecy 
                               "^TLS_RSA_.*$", 
                               // The following exclusions are present to cleanup known bad cipher 
                               // suites that may be accidentally included via include patterns. 
                               // The default enabled cipher list in Java will not include these 
                               // (but they are available in the supported list). 
                               "^SSL_.*$", 
                               "^.*_NULL_.*$", 
                               "^.*_anon_.*$"

Show

Olivier Lamy added a comment - 2019-03-26 00:30 --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) ( default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$" , // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$" , // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$" , "^.*_NULL_.*$" , "^.*_anon_.*$"

People

Assignee:: Olivier Lamy

Reporter:: Olivier Lamy

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019-03-18 07:12

Updated:: 2019-03-26 00:30

Resolved:: 2019-03-19 22:10