[jira] [Commented] (CAMEL-12262) DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE Incorrect

Wed, 14 Feb 2018 04:11:33 -0800 

    [ 
https://issues.apache.org/jira/browse/CAMEL-12262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16363861#comment-16363861
 ] 

Colm O hEigeartaigh commented on CAMEL-12262:
---------------------------------------------

Hi [~davsclaus],

I disagree that the documentation states that 3DES is excluded - the filter 
given is "{{.*_DES_.*}}" which only applies to DES. It would be ".*_3DES_.*" if 
it applied to 3DES.

I don't think we need to exclude 3DES as well, it's still considered secure. 
For example it is on the default "enabled" cipher suite algorithms in Java 8:

[https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html]

However, I think maybe we could change how we filter algorithms in general 
starting with the next major release. CXF only applies the default "excludes" 
if there is a corresponding "includes" filter. If there are no filters it just 
uses the JVM defaults, which already exclude the weak algorithms by default in 
recent JDK versions.

Colm.

 

> DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE Incorrect
> ----------------------------------------------
>
>                 Key: CAMEL-12262
>                 URL: https://issues.apache.org/jira/browse/CAMEL-12262
>             Project: Camel
>          Issue Type: Task
>          Components: documentation
>            Reporter: Lyubomir
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 2.21.0
>
>
> The [official 
> documentation|http://camel.apache.org/camel-configuration-utilities.html] 
> states the default cipher suites exclude filters are:
> {code:java}
> .*NULL.*
> .*anon.*
> .*DES.* Camel 2.15.4 =>Means 3DES **is** excluded
> .*EXPORT.* Camel 2.15.4
> {code}
> The default cipher suite exclude filter declared is:
> {code:java}
> /camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java
> {code}
> {code:java}
>     protected static final List<String> DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE =
>         Collections.unmodifiableList(Arrays.asList(".*_NULL_.*", 
> ".*_anon_.*", ".*_EXPORT_.*", ".*_DES_.*"));
> {code}
> According to the documentation 3DES will be excluded by default. Based on the 
> code only DES will be excluded.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to