[
https://issues.apache.org/jira/browse/RANGER-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16270151#comment-16270151
]
bhavik patel commented on RANGER-1911:
--------------------------------------
User can configure below properties to enable/disable SSL protocols and weak
ciphers from ranger.
# ranger.service.https.attrib.ssl.enabled.protocols - handled in
[RANGER-1500|https://issues.apache.org/jira/browse/RANGER-1500]
# ranger.tomcat.ciphers - handled in
[RANGER-1607|https://issues.apache.org/jira/browse/RANGER-1607]
> Disable weak ciphers and protocols from Ranger
> ----------------------------------------------
>
> Key: RANGER-1911
> URL: https://issues.apache.org/jira/browse/RANGER-1911
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 0.7.0
> Reporter: Rohit Rai Malhotra
> Priority: Minor
>
> List of weak ciphers and protocols by default:
> Vulnerable connection combinations :
> SSL/TLS version : TLSv1.2
> Cipher suite : TLS1_DHE_RSA_WITH_AES_128_CBC_SHA256
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.2
> Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.2
> Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.1
> Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.1
> Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.0
> Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> SSL/TLS version : TLSv1.0
> Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
> Diffie-Hellman MODP size (bits) : 1024
> Warning - This is a known static Oakley Group2 modulus. This may make
> the remote host more vulnerable to the Logjam attack.
> Logjam attack difficulty : Hard (would require nation-state resources)
> Here is the list of medium strength SSL ciphers supported by the remote
> server :
> Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
> DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
> The fields above are :
> {OpenSSL ciphername}
> Kx={key exchange}
> Au={authentication}
> Enc={symmetric encryption method}
> Mac={message authentication code} {export flag}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
