[ https://issues.apache.org/jira/browse/CAMEL-12262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16363861#comment-16363861 ]
Colm O hEigeartaigh commented on CAMEL-12262: --------------------------------------------- Hi [~davsclaus], I disagree that the documentation states that 3DES is excluded - the filter given is "{{.*_DES_.*}}" which only applies to DES. It would be ".*_3DES_.*" if it applied to 3DES. I don't think we need to exclude 3DES as well, it's still considered secure. For example it is on the default "enabled" cipher suite algorithms in Java 8: [https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html] However, I think maybe we could change how we filter algorithms in general starting with the next major release. CXF only applies the default "excludes" if there is a corresponding "includes" filter. If there are no filters it just uses the JVM defaults, which already exclude the weak algorithms by default in recent JDK versions. Colm. > DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE Incorrect > ---------------------------------------------- > > Key: CAMEL-12262 > URL: https://issues.apache.org/jira/browse/CAMEL-12262 > Project: Camel > Issue Type: Task > Components: documentation > Reporter: Lyubomir > Assignee: Claus Ibsen > Priority: Minor > Fix For: 2.21.0 > > > The [official > documentation|http://camel.apache.org/camel-configuration-utilities.html] > states the default cipher suites exclude filters are: > {code:java} > .*NULL.* > .*anon.* > .*DES.* Camel 2.15.4 =>Means 3DES **is** excluded > .*EXPORT.* Camel 2.15.4 > {code} > The default cipher suite exclude filter declared is: > {code:java} > /camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java > {code} > {code:java} > protected static final List<String> DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE = > Collections.unmodifiableList(Arrays.asList(".*_NULL_.*", > ".*_anon_.*", ".*_EXPORT_.*", ".*_DES_.*")); > {code} > According to the documentation 3DES will be excluded by default. Based on the > code only DES will be excluded. -- This message was sent by Atlassian JIRA (v7.6.3#76005)