[ https://issues.apache.org/jira/browse/QPID-6490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926756#comment-16926756 ]
Trang Vo commented on QPID-6490: -------------------------------- I updated /qpid-cpp-1.39.0/src/qpid/sys/ssl/util.h and util.cpp files to allow TLS version and cipher suites selections to be set in the broker config file. Please take a look at the attached files! What is the process and timeline to get this enhancement into the next release? > Configure SSL ciphers > --------------------- > > Key: QPID-6490 > URL: https://issues.apache.org/jira/browse/QPID-6490 > Project: Qpid > Issue Type: Improvement > Components: C++ Broker > Affects Versions: 0.30 > Environment: Linux > Reporter: Brant Knudson > Priority: Major > Labels: security > Attachments: util.cpp, util.h > > > qpid-cpp must allow an admin to set the SSL ciphers / protocols that they > want the server to allow. The default should be ciphers / protocols that > don't have known security vulnerabilities like SSLv3 (POODLE) and RC4 ciphers > (Bar Mitzvah) > With CVE-2015-2808 (a.k.a. Bar Mitzvah affecting RC4 ciphers) and other > recent vulnerabilities found in different ciphers / protocols, we need to be > able to disable ciphers / protocols easily. -- This message was sent by Atlassian Jira (v8.3.2#803003) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org