Changeset f713a19


Ignore:
Timestamp:
Oct 17, 2015 8:13:03 PM (5 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
6efce31
Parents:
abc0f4c
Message:

Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/util/I2PSSLSocketFactory.java

    rabc0f4c rf713a19  
    205205        "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
    206206        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
    207         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
     207        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
     208        // following is disabled because it is weak
     209        // see e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1107787
     210        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
     211        // ??? "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
     212        //
     213        //  NOTE:
     214        //  If you add anything here, please also add to installer/resources/eepsite/jetty-ssl.xml
     215        //
    208216    }));
    209217
  • installer/resources/eepsite/jetty-ssl.xml

    rabc0f4c rf713a19  
    249249            <Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
    250250            <Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
     251            <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
     252            <!-- Please keep this list in sync with the one in I2PSSLSocketFactory -->
    251253          </Array>
    252254        </Set>
Note: See TracChangeset for help on using the changeset viewer.