Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56591

make cipher exclusion configurable in Winstone

      Currently we rely on default winstone cipher exclusions so in case of changes we cannot override the default exclude ciphers. We have to add an option to override default excluded ciphers.

          [JENKINS-56591] make cipher exclusion configurable in Winstone

          Olivier Lamy created issue -
          Olivier Lamy made changes -
          Summary Original: make cipher inclusion configurable in Winstone New: make cipher exclusion configurable in Winstone
          Olivier Lamy made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

          Olivier Lamy added a comment -

          Olivier Lamy added a comment - pr  https://github.com/jenkinsci/winstone/pull/60
          Olivier Lamy made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Fixed but Unreleased [ 10203 ]
          Olivier Lamy made changes -
          Labels New: winstone-5.2
          Olivier Lamy made changes -
          Link New: This issue relates to JENKINS-56659 [ JENKINS-56659 ]
          Olivier Lamy made changes -
          Status Original: Fixed but Unreleased [ 10203 ] New: Closed [ 6 ]

          Olivier Lamy added a comment -
          --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) 
                                         (default is 
                                         // Exclude weak / insecure ciphers 
                                         "^.*_(MD5|SHA|SHA1)$", 
                                         // Exclude ciphers that don't support forward secrecy 
                                         "^TLS_RSA_.*$", 
                                         // The following exclusions are present to cleanup known bad cipher 
                                         // suites that may be accidentally included via include patterns. 
                                         // The default enabled cipher list in Java will not include these 
                                         // (but they are available in the supported list). 
                                         "^SSL_.*$", 
                                         "^.*_NULL_.*$", 
                                         "^.*_anon_.*$"  

          Olivier Lamy added a comment - --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) ( default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$" , // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$" , // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$" , "^.*_NULL_.*$" , "^.*_anon_.*$"

            olamy Olivier Lamy
            olamy Olivier Lamy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: