Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56591

make cipher exclusion configurable in Winstone

    XMLWordPrintable

Details

    Description

      Currently we rely on default winstone cipher exclusions so in case of changes we cannot override the default exclude ciphers. We have to add an option to override default excluded ciphers.

      Attachments

        Issue Links

          Activity

            olamy Olivier Lamy added a comment - pr  https://github.com/jenkinsci/winstone/pull/60
            olamy Olivier Lamy added a comment -
            --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) 
                                           (default is 
                                           // Exclude weak / insecure ciphers 
                                           "^.*_(MD5|SHA|SHA1)$", 
                                           // Exclude ciphers that don't support forward secrecy 
                                           "^TLS_RSA_.*$", 
                                           // The following exclusions are present to cleanup known bad cipher 
                                           // suites that may be accidentally included via include patterns. 
                                           // The default enabled cipher list in Java will not include these 
                                           // (but they are available in the supported list). 
                                           "^SSL_.*$", 
                                           "^.*_NULL_.*$", 
                                           "^.*_anon_.*$"  
            olamy Olivier Lamy added a comment - --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) ( default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$" , // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$" , // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$" , "^.*_NULL_.*$" , "^.*_anon_.*$"

            People

              olamy Olivier Lamy
              olamy Olivier Lamy
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: