directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Disabling weak ciphers
Date Wed, 05 Oct 2016 08:28:13 GMT
Le 04/10/16 à 18:54, Sean Kelly a écrit :
> Folks:
>
> My network security team is threatening to block access to our
> ApacheDS-2.0.0-M20 instance, citing weak ciphers like RC4 in use on
> our port 636.
>
> Here's the list of ciphers I have enabled in the config:
>
> ads-enabledciphers: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> ads-enabledciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> ads-enabledciphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> ads-enabledciphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> ads-enabledciphers: TLS_RSA_WITH_AES_128_CBC_SHA256
> ads-enabledciphers: TLS_RSA_WITH_AES_128_CBC_SHA
>
> There's no RC4 in there. But sure enough, when I test with OpenSSL, I
> can indeed connect with ECDHE-RSA-RC4-SHA, AECDH-RC4-SHA, and RC4-SHA,
> despite those NOT appearing in the list.
>
> Any idea what's going on?

Which java version are you using ?

RC4 is now disabled by default from Java 8u51, 7u85 and 6u101
(https://blogs.oracle.com/coffeys/entry/jdk_and_use_of_rc4).



Mime
View raw message