[
https://issues.apache.org/jira/browse/OPENEJB-1856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan S Fisher updated OPENEJB-1856:
---------------------------------------
Attachment: SocketConnectionFactory.patch
ServiceDaemon.patch
> Allow User selectable Cipher Suites to enhance ejbds SSL security
> -----------------------------------------------------------------
>
> Key: OPENEJB-1856
> URL: https://issues.apache.org/jira/browse/OPENEJB-1856
> Project: OpenEJB
> Issue Type: Improvement
> Components: server
> Affects Versions: 4.0.0
> Environment: All
> Reporter: Jonathan S Fisher
> Priority: Minor
> Labels: security
> Attachments: ServiceDaemon.patch, SocketConnectionFactory.patch
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> Currently, "SSL_DH_anon_WITH_RC4_128_MD5" is harded as the only available
> cipher suite when using SSL. While this provides integrtiy and eavesdorpping
> protection, it offers no protection from MITM attacks.
> Allowing the user to specify the protocol suite, then having them also use
> the normal javax.net.ssl.trustStore and javax.net.ssl.keyStore parameters
> will allow fully secure connections to be established.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
