karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Achim Nierbeck (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4057) karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by BIAS, BEAST, NO_PFS.
Date Sun, 18 Oct 2015 07:10:05 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14962205#comment-14962205
] 

Achim Nierbeck commented on KARAF-4057:
---------------------------------------

as no one answers the question, I consider this issue to be trivial and not critical. 

>  karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by  BIAS, BEAST,
NO_PFS.
> ---------------------------------------------------------------------------------------------
>
>                 Key: KARAF-4057
>                 URL: https://issues.apache.org/jira/browse/KARAF-4057
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 2.4.3
>         Environment: OS:centos6.7
> jdk:1.8 
>            Reporter: holmovie
>            Priority: Trivial
>         Attachments: uc2.7_result.txt
>
>
> We use script “ssl-cipher-suite-enum.pl ” (version1.0.0)  scanning our  RMI server
which port is 2098, please check attachment for details.
> I have several questions to consult:
> 1. How these  attack(BEAST, BIAS...) can be avoided in the karaf2.4.3?
>  if yes, what is the solution?
> 2. if we use the latest  karaf version,  could these loopholes be solved or not?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message