Re: [Resin-interest] Reg. Resin Security Vulnerability

Wed, 17 Jan 2018 03:25:28 -0800 

Hi,

can you post here:
https://groups.google.com/forum/#!forum/caucho-resin

I could offer you help in a couple of hours or tomorrow.
In the meantime you can already get these Java Cryptography Extension (JCE) 
Unlimited Strength Jurisdiction Policy Files 7.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Kind regards,
Steffen
Von: resin-interest-boun...@caucho.com 
[mailto:resin-interest-boun...@caucho.com] Im Auftrag von Abhishek
Gesendet: Donnerstag, 11. Januar 2018 12:47
An: resin-interest@caucho.com
Betreff: [Resin-interest] Reg. Resin Security Vulnerability

Hello!

I am using resin-pro-4.0.41 with Java 7 and using below configuration for https 
configuration in "resin.properties"

# JSSE certificate configuration
# Keys are typically stored in the resin configuration directory.
jsse_keystore_type : jks
jsse_keystore_file : keys/server.keystore
jsse_keystore_password : adrs123

Following vulnerabilities has been identified in my setup:


1.       Diffie-Hellman group smaller than 2048 bits

2.       Disable Supports RC4 Cipher Algorithms, 3DES Cipher Suite, The Use of 
Static Key Ciphers, Using Commonly Used Prime Numbers

3.       Disable support of SSLv3, TLS 1.0 & TLS 1.1

4.       TLS/SSL Server is enabling the POODLE attack --> Has to be disabled

5.       TLS/SSL Server is enabling the BEAST attack --> Has to be disabled

6.       TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) --> Has to 
be disabled

Please share if there is any configuration to handle these vulnerabilities

Regards,
Abhishek | HP: +91-8130370104 |
Email: abhisheksi...@nmsworks.co.in<mailto:abhisheksi...@nmsworks.co.in>
NMSWorks Software PVT LTD | #C3, IITM Research Park, Taramani, Chennai, India - 
600113 |


[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>

Virus-free. 
www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to