[
https://issues.apache.org/jira/browse/QPID-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7056:
-----------------------------
Issue Type: Improvement (was: Bug)
> [Java Broker] Allow overriding of TLS cipher suites preferences
> ---------------------------------------------------------------
>
> Key: QPID-7056
> URL: https://issues.apache.org/jira/browse/QPID-7056
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Alex Rudyy
>
> During TLS handshaking, the client requests to negotiate a cipher suite from
> a list of cryptographic options that it supports, starting with its first
> preference. Then, the server selects a single cipher suite from the list of
> cipher suites requested by the client. Normally, the selection honors the
> client's preference. However, to mitigate the risks of using weak cipher
> suites, the Broker may select cipher suites based on its own preference
> rather than the client's preference.
> Additionally, Broker should allow changing the preference order of cipher
> suites to be able to select faster cipher suites. For example, GCM cipher
> suites are faster then TLS_ECDHE_RSA_WITH_AES_255_CBC_SHA384. Thus, ciphers
> suites like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 should be considered to use
> before TLS_ECDHE_RSA_WITH_AES_255_CBC_SHA384.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
