Rohit Rai Malhotra created AMBARI-22533:
-------------------------------------------
Summary: Disable Week cipher and protocols from Ambari by default
Key: AMBARI-22533
URL: https://issues.apache.org/jira/browse/AMBARI-22533
Project: Ambari
Issue Type: Improvement
Components: ambari-server
Reporter: Rohit Rai Malhotra
Priority: Minor
Below is the list of week ciphers and protocols which can be disabled by
default from Ambari:
Vulnerable connection combinations :
SSL/TLS version : TLSv1.2
Cipher suite : TLS1_DHE_RSA_WITH_AES_128_CBC_SHA256
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
SSL/TLS version : TLSv1.2
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
SSL/TLS version : TLSv1.2
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx=
{key exchange}
Au=
{authentication}
Enc=
{symmetric encryption method}
Mac=
{message authentication code} {export flag}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
