cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-10319) Prefer TLSv1.2 and deprecate TLS 1.0/1.1
Date Mon, 26 Mar 2018 08:47:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413579#comment-16413579
] 

ASF GitHub Bot commented on CLOUDSTACK-10319:
---------------------------------------------

rhtyd closed pull request #2507: CLOUDSTACK-10319: Allow TLSv1, v1.1 for XenServer, Vmware
URL: https://github.com/apache/cloudstack/pull/2507
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/client/conf/java.security.ciphers.in b/client/conf/java.security.ciphers.in
index 986abf61e71..27e2d690ee6 100644
--- a/client/conf/java.security.ciphers.in
+++ b/client/conf/java.security.ciphers.in
@@ -15,4 +15,4 @@
  # specific language governing permissions and limitations
  # under the License.
 
-jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128,
SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file
+jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1, DH keySize < 128, RSA keySize
< 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
diff --git a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
index 9fbdb4aa553..8016f5a1916 100644
--- a/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
+++ b/utils/src/main/java/org/apache/cloudstack/utils/security/SSLUtils.java
@@ -34,7 +34,7 @@
     public static String[] getSupportedProtocols(String[] protocols) {
         Set<String> set = new HashSet<String>();
         for (String s : protocols) {
-            if (s.equals("TLSv1") || s.equals("TLSv1.1") || s.equals("SSLv3") || s.equals("SSLv2Hello"))
{
+            if (s.equals("SSLv3") || s.equals("SSLv2Hello")) {
                 continue;
             }
             set.add(s);
@@ -46,7 +46,7 @@
      * It returns recommended protocols that are considered secure.
      */
     public static String[] getRecommendedProtocols() {
-        return new String[] { "TLSv1.2" };
+        return new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
     }
 
     /**
diff --git a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
index 6c66dcd1bd0..625b538d7f2 100644
--- a/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/security/SSLUtilsTest.java
@@ -69,9 +69,9 @@ public void getSupportedProtocolsTest() {
     }
 
     private void verifyProtocols(ArrayList<String> protocolsList) {
+        Assert.assertTrue(protocolsList.contains("TLSv1"));
+        Assert.assertTrue(protocolsList.contains("TLSv1.1"));
         Assert.assertTrue(protocolsList.contains("TLSv1.2"));
-        Assert.assertFalse(protocolsList.contains("TLSv1"));
-        Assert.assertFalse(protocolsList.contains("TLSv1.1"));
         Assert.assertFalse(protocolsList.contains("SSLv3"));
         Assert.assertFalse(protocolsList.contains("SSLv2Hello"));
     }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Prefer TLSv1.2 and deprecate TLS 1.0/1.1
> ----------------------------------------
>
>                 Key: CLOUDSTACK-10319
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10319
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For: 4.12.0.0, 4.11.1.0
>
>
> TLS 1.0 and 1.1 are both recommended to not be used. The aim would be to make cloudstack prefer
tls 1.2.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message