camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Commented] (CAMEL-12262) DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE Incorrect
Date Wed, 14 Feb 2018 12:11:00 GMT


Colm O hEigeartaigh commented on CAMEL-12262:

Hi [~davsclaus],

I disagree that the documentation states that 3DES is excluded - the filter given is "{{.*_DES_.*}}"
which only applies to DES. It would be ".*_3DES_.*" if it applied to 3DES.

I don't think we need to exclude 3DES as well, it's still considered secure. For example it
is on the default "enabled" cipher suite algorithms in Java 8:


However, I think maybe we could change how we filter algorithms in general starting with the
next major release. CXF only applies the default "excludes" if there is a corresponding "includes"
filter. If there are no filters it just uses the JVM defaults, which already exclude the weak
algorithms by default in recent JDK versions.



> ----------------------------------------------
>                 Key: CAMEL-12262
>                 URL:
>             Project: Camel
>          Issue Type: Task
>          Components: documentation
>            Reporter: Lyubomir
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 2.21.0
> The [official documentation|]
states the default cipher suites exclude filters are:
> {code:java}
> .*NULL.*
> .*anon.*
> .*DES.* Camel 2.15.4 =>Means 3DES **is** excluded
> .*EXPORT.* Camel 2.15.4
> {code}
> The default cipher suite exclude filter declared is:
> {code:java}
> /camel-core/src/main/java/org/apache/camel/util/jsse/
> {code}
> {code:java}
>     protected static final List<String> DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE =
>         Collections.unmodifiableList(Arrays.asList(".*_NULL_.*", ".*_anon_.*", ".*_EXPORT_.*",
> {code}
> According to the documentation 3DES will be excluded by default. Based on the code only
DES will be excluded.

This message was sent by Atlassian JIRA

View raw message